Edit tour

Windows Analysis Report
DBROG0eWH7.exe

Overview

General Information

Sample name:	DBROG0eWH7.exe renamed because original name is a hash value
Original sample name:	78f48020d8c0308bbb5c18c883b7b547adcb2674db93b85f3a9df6a20595d8bc.exe
Analysis ID:	1551074
MD5:	fa91458e80ba750fda0b41d2b88ae1b1
SHA1:	5531267d0d3b4523007803f21bc58d0de818b38b
SHA256:	78f48020d8c0308bbb5c18c883b7b547adcb2674db93b85f3a9df6a20595d8bc
Tags:	exeuser-adrian__luca
Infos:

Detection

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

AI detected suspicious sample

Machine Learning detection for dropped file

Machine Learning detection for sample

Tries to resolve many domain names, but no domain seems valid

Connects to many different domains

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to enumerate running services

Contains functionality to query network adapater information

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Executes massive DNS lookups (> 100)

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

DBROG0eWH7.exe (PID: 7652 cmdline: "C:\Users\user\Desktop\DBROG0eWH7.exe" MD5: FA91458E80BA750FDA0B41D2B88AE1B1)

ek5v3q1axkfpqwron.exe (PID: 8432 cmdline: "C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe" MD5: FA91458E80BA750FDA0B41D2B88AE1B1)

bsiphbvc.exe (PID: 12040 cmdline: "C:\qkcgyxexucxsiyk\bsiphbvc.exe" MD5: FA91458E80BA750FDA0B41D2B88AE1B1)

bsiphbvc.exe (PID: 9620 cmdline: C:\qkcgyxexucxsiyk\bsiphbvc.exe MD5: FA91458E80BA750FDA0B41D2B88AE1B1)

jqvkzish.exe (PID: 10808 cmdline: frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe" MD5: FA91458E80BA750FDA0B41D2B88AE1B1)

bsiphbvc.exe (PID: 9152 cmdline: "c:\qkcgyxexucxsiyk\bsiphbvc.exe" MD5: FA91458E80BA750FDA0B41D2B88AE1B1)

jqvkzish.exe (PID: 3448 cmdline: frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe" MD5: FA91458E80BA750FDA0B41D2B88AE1B1)

cleanup

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T13:07:00.985353+0100	2022930	1	A Network Trojan was detected	20.12.23.50	443	192.168.2.4	49734	TCP
2024-11-07T13:07:39.890930+0100	2022930	1	A Network Trojan was detected	4.175.87.197	443	192.168.2.4	49741	TCP

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T13:06:47.371988+0100	2018141	1	A Network Trojan was detected	18.143.155.63	80	192.168.2.4	49730	TCP

ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T13:06:47.371988+0100	2037771	1	A Network Trojan was detected	18.143.155.63	80	192.168.2.4	49730	TCP

ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T13:06:53.375881+0100	2018316	1	A Network Trojan was detected	1.1.1.1	53	192.168.2.4	57589	UDP
2024-11-07T13:08:40.150939+0100	2018316	1	A Network Trojan was detected	1.1.1.1	53	192.168.2.4	51742	UDP

ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (net)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T13:06:49.452706+0100	2811542	1	A Network Trojan was detected	1.1.1.1	53	192.168.2.4	51679	UDP
2024-11-07T13:08:11.604528+0100	2811542	1	A Network Trojan was detected	1.1.1.1	53	192.168.2.4	50559	UDP

ETPRO MALWARE Terse HTTP 1.0 Request Possible Nivdort

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T13:06:47.006068+0100	2815568	1	A Network Trojan was detected	192.168.2.4	49730	18.143.155.63	80	TCP
2024-11-07T13:08:08.773587+0100	2815568	1	A Network Trojan was detected	192.168.2.4	49897	18.143.155.63	80	TCP

ETPRO MALWARE W32/Bayrob Attempted Checkin 2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T13:06:47.006068+0100	2820680	1	Malware Command and Control Activity Detected	192.168.2.4	49730	18.143.155.63	80	TCP
2024-11-07T13:08:08.773587+0100	2820680	1	Malware Command and Control Activity Detected	192.168.2.4	49897	18.143.155.63	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: DBROG0eWH7.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Avira: detection malicious, Label: HEUR/AGEN.1317803
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Avira: detection malicious, Label: HEUR/AGEN.1317803
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Avira: detection malicious, Label: HEUR/AGEN.1317803

Multi AV Scanner detection for dropped file

Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	ReversingLabs: Detection: 91%
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	ReversingLabs: Detection: 91%
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	ReversingLabs: Detection: 91%

Multi AV Scanner detection for submitted file

Source: DBROG0eWH7.exe

ReversingLabs: Detection: 91%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Joe Sandbox ML: detected
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Joe Sandbox ML: detected
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: DBROG0eWH7.exe

Joe Sandbox ML: detected

Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001DD8E0 GetProcAddress,GetProcAddress,CryptAcquireContextA,CryptGenRandom,_rand,_rand,_rand,_rand,		1_2_001DD8E0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_0009D8E0 GetProcAddress,GetProcAddress,CryptAcquireContextA,CryptGenRandom,_rand,_rand,_rand,_rand,		2_2_0009D8E0

Source: DBROG0eWH7.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: DBROG0eWH7.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D4A590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	0_2_00D4A590
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D73691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	0_2_00D73691
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001DA590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	1_2_001DA590
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_00203691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	1_2_00203691
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_0009A590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	2_2_0009A590
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C3691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	2_2_000C3691
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00323691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	3_2_00323691
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_002FA590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	3_2_002FA590
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00413691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	10_2_00413691
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_003EA590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	10_2_003EA590

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2820680 - Severity 1 - ETPRO MALWARE W32/Bayrob Attempted Checkin 2 : 192.168.2.4:49730 -> 18.143.155.63:80
Source: Network traffic	Suricata IDS: 2820680 - Severity 1 - ETPRO MALWARE W32/Bayrob Attempted Checkin 2 : 192.168.2.4:49897 -> 18.143.155.63:80

Tries to resolve many domain names, but no domain seems valid

Source: unknown	DNS traffic detected: query: necessarystream.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavydivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: glassinstead.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: degreemanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heardbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: returnanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: necessaryappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavenbottle.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: leaderbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: degreeexplain.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavendivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: requirebusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: returnmanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: leaderbottle.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavenbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: orderappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: answerappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pleasantdivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: glassexplain.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: returndivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: requirenothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gentleappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: glassmanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: difficultmanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pleasantappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heardanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: leaderappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavenanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pleasantmanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavybusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: variousmanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: necessarymanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: leadermanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: necessarybusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: requirebottle.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gentlestream.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavystream.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavyanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: forwardexplain.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: difficultanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: forwardbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: requiremanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: answerbright.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: degreeanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: requireappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: glassanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: degreebright.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gentlenothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: answeranother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heardmanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: hearddivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: returnbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: requirestream.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ordernothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: orderbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: forwardinstead.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: answerexplain.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: necessarybottle.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gentlemanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: variousnothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gentlebusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: answermanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: returnappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gentlebottle.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavymanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: forwardinside.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: difficultbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: orderdivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gentleanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: returnnothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavynothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: leaderanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavyappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heardappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: degreebusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: glassappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: glassbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: variousanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ordermanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: variousbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: requireanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: difficultdivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: leaderdivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: necessaryanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: variousbottle.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavenstream.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavybottle.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: leadernothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: variousdivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: degreeappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pleasantbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: answerinstead.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavenappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: necessarynothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: variousappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: forwardanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: forwardbright.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavennothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: forwardmanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pleasantnothing.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: orderbottle.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: requiredivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: necessarydivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: answerbusiness.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: returnstream.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pleasantanother.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: pleasantbottle.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: difficultappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: forwardappear.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: degreeinstead.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: heavenmanner.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: degreeinside.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gentledivide.net replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: orderanother.net replaycode: Name error (3)

Source: unknown

Network traffic detected: DNS query count 120

Source: global traffic

DNS traffic detected: number of DNS queries: 120

Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: pleasantstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: orderstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: pleasantstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: orderstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: glassbright.net

Source: Joe Sandbox View	IP Address: 37.97.254.27 37.97.254.27
Source: Joe Sandbox View	IP Address: 199.59.243.227 199.59.243.227

Source: Joe Sandbox View

ASN Name: AMAZON-02US AMAZON-02US

Source: Network traffic	Suricata IDS: 2815568 - Severity 1 - ETPRO MALWARE Terse HTTP 1.0 Request Possible Nivdort : 192.168.2.4:49730 -> 18.143.155.63:80
Source: Network traffic	Suricata IDS: 2018316 - Severity 1 - ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses : 1.1.1.1:53 -> 192.168.2.4:57589
Source: Network traffic	Suricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.143.155.63:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2811542 - Severity 1 - ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (net) : 1.1.1.1:53 -> 192.168.2.4:51679
Source: Network traffic	Suricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.143.155.63:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2815568 - Severity 1 - ETPRO MALWARE Terse HTTP 1.0 Request Possible Nivdort : 192.168.2.4:49897 -> 18.143.155.63:80
Source: Network traffic	Suricata IDS: 2811542 - Severity 1 - ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (net) : 1.1.1.1:53 -> 192.168.2.4:50559
Source: Network traffic	Suricata IDS: 2018316 - Severity 1 - ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses : 1.1.1.1:53 -> 192.168.2.4:51742
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49741
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.4:49734

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D4BBD0 __snprintf,socket,setsockopt,gethostbyname,inet_ntoa,inet_addr,htons,connect,send,recv,recv,closesocket,

0_2_00D4BBD0

Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: pleasantstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: orderstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: pleasantstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: orderstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: variousstream.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: returnbottle.net
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.0Accept: /Connection: closeHost: glassbright.net

Source: global traffic	DNS traffic detected: DNS query: difficultdivide.net
Source: global traffic	DNS traffic detected: DNS query: hearddivide.net
Source: global traffic	DNS traffic detected: DNS query: pleasantstream.net
Source: global traffic	DNS traffic detected: DNS query: necessarystream.net
Source: global traffic	DNS traffic detected: DNS query: pleasantnothing.net
Source: global traffic	DNS traffic detected: DNS query: necessarynothing.net
Source: global traffic	DNS traffic detected: DNS query: pleasantbottle.net
Source: global traffic	DNS traffic detected: DNS query: necessarybottle.net
Source: global traffic	DNS traffic detected: DNS query: pleasantdivide.net
Source: global traffic	DNS traffic detected: DNS query: necessarydivide.net
Source: global traffic	DNS traffic detected: DNS query: orderstream.net
Source: global traffic	DNS traffic detected: DNS query: requirestream.net
Source: global traffic	DNS traffic detected: DNS query: ordernothing.net
Source: global traffic	DNS traffic detected: DNS query: requirenothing.net
Source: global traffic	DNS traffic detected: DNS query: orderbottle.net
Source: global traffic	DNS traffic detected: DNS query: requirebottle.net
Source: global traffic	DNS traffic detected: DNS query: orderdivide.net
Source: global traffic	DNS traffic detected: DNS query: requiredivide.net
Source: global traffic	DNS traffic detected: DNS query: leaderstream.net
Source: global traffic	DNS traffic detected: DNS query: heavenstream.net
Source: global traffic	DNS traffic detected: DNS query: leadernothing.net
Source: global traffic	DNS traffic detected: DNS query: heavennothing.net
Source: global traffic	DNS traffic detected: DNS query: leaderbottle.net
Source: global traffic	DNS traffic detected: DNS query: heavenbottle.net
Source: global traffic	DNS traffic detected: DNS query: leaderdivide.net
Source: global traffic	DNS traffic detected: DNS query: heavendivide.net
Source: global traffic	DNS traffic detected: DNS query: heavystream.net
Source: global traffic	DNS traffic detected: DNS query: gentlestream.net
Source: global traffic	DNS traffic detected: DNS query: heavynothing.net
Source: global traffic	DNS traffic detected: DNS query: gentlenothing.net
Source: global traffic	DNS traffic detected: DNS query: heavybottle.net
Source: global traffic	DNS traffic detected: DNS query: gentlebottle.net
Source: global traffic	DNS traffic detected: DNS query: heavydivide.net
Source: global traffic	DNS traffic detected: DNS query: gentledivide.net
Source: global traffic	DNS traffic detected: DNS query: variousstream.net
Source: global traffic	DNS traffic detected: DNS query: returnstream.net
Source: global traffic	DNS traffic detected: DNS query: variousnothing.net
Source: global traffic	DNS traffic detected: DNS query: returnnothing.net
Source: global traffic	DNS traffic detected: DNS query: variousbottle.net
Source: global traffic	DNS traffic detected: DNS query: returnbottle.net
Source: global traffic	DNS traffic detected: DNS query: variousdivide.net
Source: global traffic	DNS traffic detected: DNS query: returndivide.net
Source: global traffic	DNS traffic detected: DNS query: degreemanner.net
Source: global traffic	DNS traffic detected: DNS query: forwardmanner.net
Source: global traffic	DNS traffic detected: DNS query: degreeanother.net
Source: global traffic	DNS traffic detected: DNS query: forwardanother.net
Source: global traffic	DNS traffic detected: DNS query: degreebusiness.net
Source: global traffic	DNS traffic detected: DNS query: forwardbusiness.net
Source: global traffic	DNS traffic detected: DNS query: degreeappear.net
Source: global traffic	DNS traffic detected: DNS query: forwardappear.net
Source: global traffic	DNS traffic detected: DNS query: answermanner.net
Source: global traffic	DNS traffic detected: DNS query: glassmanner.net
Source: global traffic	DNS traffic detected: DNS query: answeranother.net
Source: global traffic	DNS traffic detected: DNS query: glassanother.net
Source: global traffic	DNS traffic detected: DNS query: answerbusiness.net
Source: global traffic	DNS traffic detected: DNS query: glassbusiness.net
Source: global traffic	DNS traffic detected: DNS query: answerappear.net
Source: global traffic	DNS traffic detected: DNS query: glassappear.net
Source: global traffic	DNS traffic detected: DNS query: difficultmanner.net
Source: global traffic	DNS traffic detected: DNS query: heardmanner.net
Source: global traffic	DNS traffic detected: DNS query: difficultanother.net
Source: global traffic	DNS traffic detected: DNS query: heardanother.net
Source: global traffic	DNS traffic detected: DNS query: difficultbusiness.net
Source: global traffic	DNS traffic detected: DNS query: heardbusiness.net
Source: global traffic	DNS traffic detected: DNS query: difficultappear.net
Source: global traffic	DNS traffic detected: DNS query: heardappear.net
Source: global traffic	DNS traffic detected: DNS query: pleasantmanner.net
Source: global traffic	DNS traffic detected: DNS query: necessarymanner.net
Source: global traffic	DNS traffic detected: DNS query: pleasantanother.net
Source: global traffic	DNS traffic detected: DNS query: necessaryanother.net
Source: global traffic	DNS traffic detected: DNS query: pleasantbusiness.net
Source: global traffic	DNS traffic detected: DNS query: necessarybusiness.net
Source: global traffic	DNS traffic detected: DNS query: pleasantappear.net
Source: global traffic	DNS traffic detected: DNS query: necessaryappear.net
Source: global traffic	DNS traffic detected: DNS query: ordermanner.net
Source: global traffic	DNS traffic detected: DNS query: requiremanner.net
Source: global traffic	DNS traffic detected: DNS query: orderanother.net
Source: global traffic	DNS traffic detected: DNS query: requireanother.net
Source: global traffic	DNS traffic detected: DNS query: orderbusiness.net
Source: global traffic	DNS traffic detected: DNS query: requirebusiness.net
Source: global traffic	DNS traffic detected: DNS query: orderappear.net
Source: global traffic	DNS traffic detected: DNS query: requireappear.net
Source: global traffic	DNS traffic detected: DNS query: leadermanner.net
Source: global traffic	DNS traffic detected: DNS query: heavenmanner.net
Source: global traffic	DNS traffic detected: DNS query: leaderanother.net
Source: global traffic	DNS traffic detected: DNS query: heavenanother.net
Source: global traffic	DNS traffic detected: DNS query: leaderbusiness.net
Source: global traffic	DNS traffic detected: DNS query: heavenbusiness.net
Source: global traffic	DNS traffic detected: DNS query: leaderappear.net
Source: global traffic	DNS traffic detected: DNS query: heavenappear.net
Source: global traffic	DNS traffic detected: DNS query: heavymanner.net
Source: global traffic	DNS traffic detected: DNS query: gentlemanner.net
Source: global traffic	DNS traffic detected: DNS query: heavyanother.net
Source: global traffic	DNS traffic detected: DNS query: gentleanother.net
Source: global traffic	DNS traffic detected: DNS query: heavybusiness.net
Source: global traffic	DNS traffic detected: DNS query: gentlebusiness.net
Source: global traffic	DNS traffic detected: DNS query: heavyappear.net
Source: global traffic	DNS traffic detected: DNS query: gentleappear.net
Source: global traffic	DNS traffic detected: DNS query: variousmanner.net
Source: global traffic	DNS traffic detected: DNS query: returnmanner.net

Source: bsiphbvc.exe, 00000009.00000003.2615196328.0000000001019000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://transip.eu/cp/
Source: bsiphbvc.exe, 00000002.00000002.2493283955.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000002.00000003.1813081886.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000009.00000003.2615196328.0000000001006000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000009.00000002.2961907785.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	File created: C:\Windows\qkcgyxexucxsiyk\	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	File created: C:\Windows\qkcgyxexucxsiyk\emmz4mbuo0g	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	File created: C:\Windows\qkcgyxexucxsiyk\emmz4mbuo0g	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	File created: C:\Windows\qkcgyxexucxsiyk\emmz4mbuo0g	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	File created: C:\Windows\qkcgyxexucxsiyk\emmz4mbuo0g	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	File created: C:\Windows\qkcgyxexucxsiyk\emmz4mbuo0g	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	File created: C:\Windows\qkcgyxexucxsiyk\emmz4mbuo0g	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	File created: C:\Windows\qkcgyxexucxsiyk\emmz4mbuo0g	Jump to behavior

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

File deleted: C:\Windows\qkcgyxexucxsiyk\emmz4mbuo0g

Jump to behavior

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D7480D	0_2_00D7480D
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D7E9A4	0_2_00D7E9A4
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D6D1A0	0_2_00D6D1A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D5A119	0_2_00D5A119
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D6D24D	0_2_00D6D24D
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D81A6A	0_2_00D81A6A
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D6E3C3	0_2_00D6E3C3
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D6DB59	0_2_00D6DB59
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D71450	0_2_00D71450
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D80C54	0_2_00D80C54
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D7E432	0_2_00D7E432
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D6FD51	0_2_00D6FD51
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D7DEC0	0_2_00D7DEC0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D73ECA	0_2_00D73ECA
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D59EE0	0_2_00D59EE0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D66687	0_2_00D66687
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D66653	0_2_00D66653
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D6DF8E	0_2_00D6DF8E
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D75753	0_2_00D75753
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D6D741	0_2_00D6D741
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_0020480D	1_2_0020480D
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001EA119	1_2_001EA119
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_0020E9A4	1_2_0020E9A4
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001FD1A0	1_2_001FD1A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_00211A6A	1_2_00211A6A
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001FD24D	1_2_001FD24D
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001FDB59	1_2_001FDB59
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001FE3C3	1_2_001FE3C3
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_0020E432	1_2_0020E432
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_00201450	1_2_00201450
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_00210C54	1_2_00210C54
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001FFD51	1_2_001FFD51
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001F6653	1_2_001F6653
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001F6687	1_2_001F6687
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_0020DEC0	1_2_0020DEC0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_00203ECA	1_2_00203ECA
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001E9EE0	1_2_001E9EE0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001FD741	1_2_001FD741
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_00205753	1_2_00205753
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001FDF8E	1_2_001FDF8E
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C480D	2_2_000C480D
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000AA119	2_2_000AA119
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000CE9A4	2_2_000CE9A4
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000BD1A0	2_2_000BD1A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000BD24D	2_2_000BD24D
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000D1A6A	2_2_000D1A6A
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000B6A6C	2_2_000B6A6C
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000BDB59	2_2_000BDB59
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000BE3C3	2_2_000BE3C3
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000CE432	2_2_000CE432
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000D0C54	2_2_000D0C54
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C1450	2_2_000C1450
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000BFD51	2_2_000BFD51
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C3ECA	2_2_000C3ECA
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000CDEC0	2_2_000CDEC0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000A9EE0	2_2_000A9EE0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000BD741	2_2_000BD741
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C5753	2_2_000C5753
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000BDF8E	2_2_000BDF8E
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0032480D	3_2_0032480D
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0030A119	3_2_0030A119
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0031D1A0	3_2_0031D1A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0032E9A4	3_2_0032E9A4
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00331A6A	3_2_00331A6A
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00316A6F	3_2_00316A6F
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0031D24D	3_2_0031D24D
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0031DB59	3_2_0031DB59
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0031E3C3	3_2_0031E3C3
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0032E432	3_2_0032E432
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00321450	3_2_00321450
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00330C54	3_2_00330C54
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0031FD51	3_2_0031FD51
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00309EE0	3_2_00309EE0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0032DEC0	3_2_0032DEC0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00323ECA	3_2_00323ECA
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00325753	3_2_00325753
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0031D741	3_2_0031D741
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0031DF8E	3_2_0031DF8E
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0041480D	10_2_0041480D
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_003FA119	10_2_003FA119
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0040D1A0	10_2_0040D1A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0041E9A4	10_2_0041E9A4
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0040D24D	10_2_0040D24D
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00421A6A	10_2_00421A6A
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00406A6C	10_2_00406A6C
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0040DB59	10_2_0040DB59
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0040E3C3	10_2_0040E3C3
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00411450	10_2_00411450
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00420C54	10_2_00420C54
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0041E432	10_2_0041E432
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0040FD51	10_2_0040FD51
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0041DEC0	10_2_0041DEC0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00413ECA	10_2_00413ECA
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_003F9EE0	10_2_003F9EE0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0040D741	10_2_0040D741
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00415753	10_2_00415753
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0040DF8E	10_2_0040DF8E

Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: String function: 000C13F0 appears 40 times
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: String function: 00D713F0 appears 40 times
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: String function: 003213F0 appears 40 times
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: String function: 004113F0 appears 40 times
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: String function: 002013F0 appears 40 times

Source: DBROG0eWH7.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal96.troj.evad.winEXE@12/6@499/3

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,	0_2_00D4D460
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,	1_2_001DD460
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,	2_2_0009D460
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,	3_2_002FD460
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,	10_2_003ED460

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D518E0 CreateToolhelp32Snapshot,Process32First,_strcat,Process32Next,CloseHandle,_memset,

0_2_00D518E0

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D4D460 OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,

0_2_00D4D460

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D4D420 StartServiceCtrlDispatcherA,	0_2_00D4D420
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001DD420 StartServiceCtrlDispatcherA,	1_2_001DD420
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_0009D420 StartServiceCtrlDispatcherA,	2_2_0009D420
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_002FD420 StartServiceCtrlDispatcherA,	3_2_002FD420
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_003ED420 StartServiceCtrlDispatcherA,	10_2_003ED420

Source: C:\qkcgyxexucxsiyk\jqvkzish.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: ]D87	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: U;8	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: fM	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: "}N	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: i}kN	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: 8e#!	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: Clos	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: ead	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: nel3	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: ent	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: vent	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: rSin	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: dle	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: Crea	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: eObj	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: dll	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: eHan	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: eate	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: SetE	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: Slee	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: eThr	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: Ker	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: Ker	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: Creat	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: Creat	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: SetEv	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: SetEv	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: U;8	0_2_00D410A0
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Command line argument: T+	0_2_00D410A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: ]D87	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: U;8	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: fM	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: "}N	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: i}kN	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: 8e#!	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: Clos	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: ead	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: nel3	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: ent	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: vent	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: rSin	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: dle	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: Crea	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: eObj	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: dll	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: eHan	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: eate	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: SetE	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: Slee	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: eThr	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: Ker	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: Ker	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: Creat	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: Creat	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: SetEv	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: SetEv	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: _W!	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: _W!	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: j1v{	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: _W!	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: U;8	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: j1v{	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: j1v{	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: T+	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: j1v{	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Command line argument: j1v{	1_2_001D10A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: ]D87	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: U;8	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: fM	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: "}N	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: i}kN	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: 8e#!	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: Clos	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: ead	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: nel3	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: ent	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: vent	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: rSin	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: dle	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: Crea	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: eObj	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: dll	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: eHan	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: eate	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: SetE	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: Slee	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: eThr	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: Ker	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: Ker	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: Creat	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: Creat	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: SetEv	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: SetEv	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: U;8	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Command line argument: T+	2_2_000910A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: ]D87	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: U;8	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: fM	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: "}N	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: i}kN	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: 8e#!	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Clos	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: ead	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: nel3	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: ent	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: vent	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: rSin	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: dle	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Crea	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: eObj	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: dll	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: eHan	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: eate	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: SetE	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Slee	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: eThr	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Ker	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Ker	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Creat	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Creat	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: SetEv	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: SetEv	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: _W3	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: 6,#	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: _W3	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: _W3	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: U;8	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: T+	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: 6,#	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: 6,#	3_2_002F10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: #2	3_2_00322340
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: ]D87	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: U;8	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: fM	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: "}N	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: i}kN	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: 8e#!	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Clos	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: ead	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: nel3	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: ent	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: vent	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: rSin	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: dle	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Crea	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: eObj	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: dll	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: eHan	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: eate	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: SetE	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Slee	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: eThr	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Ker	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Ker	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Creat	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: Creat	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: SetEv	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: SetEv	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: _WB	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: 6,,	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: _WB	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: _WB	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: U;8	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: T+	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: 6,,	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: 6,,	10_2_003E10A0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Command line argument: #A	10_2_00412340

Source: DBROG0eWH7.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: DBROG0eWH7.exe

ReversingLabs: Detection: 91%

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

File read: C:\Users\user\Desktop\DBROG0eWH7.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\DBROG0eWH7.exe "C:\Users\user\Desktop\DBROG0eWH7.exe"
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Process created: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe "C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe"
Source: unknown	Process created: C:\qkcgyxexucxsiyk\bsiphbvc.exe C:\qkcgyxexucxsiyk\bsiphbvc.exe
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Process created: C:\qkcgyxexucxsiyk\jqvkzish.exe frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe"
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Process created: C:\qkcgyxexucxsiyk\bsiphbvc.exe "C:\qkcgyxexucxsiyk\bsiphbvc.exe"
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Process created: C:\qkcgyxexucxsiyk\bsiphbvc.exe "c:\qkcgyxexucxsiyk\bsiphbvc.exe"
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Process created: C:\qkcgyxexucxsiyk\jqvkzish.exe frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe"
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Process created: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe "C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe"	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Process created: C:\qkcgyxexucxsiyk\bsiphbvc.exe "C:\qkcgyxexucxsiyk\bsiphbvc.exe"	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Process created: C:\qkcgyxexucxsiyk\jqvkzish.exe frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe"	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Process created: C:\qkcgyxexucxsiyk\bsiphbvc.exe "c:\qkcgyxexucxsiyk\bsiphbvc.exe"	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Process created: C:\qkcgyxexucxsiyk\jqvkzish.exe frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe"	Jump to behavior

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: DBROG0eWH7.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D51B80 _malloc,_memset,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetEnvironmentVariableA,CreateMutexA,CreateMutexA,CreateMutexA,GetTickCount,__itow,GetCommandLineA,_strcat,Sleep,SetFileAttributesA,MessageBoxA,Sleep,CreateEventA,WaitForSingleObject,CloseHandle,

0_2_00D51B80

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D71435 push ecx; ret	0_2_00D71448
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D70DBD push ecx; ret	0_2_00D70DD0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_00201435 push ecx; ret	1_2_00201448
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_00200DBD push ecx; ret	1_2_00200DD0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C1435 push ecx; ret	2_2_000C1448
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C0DBD push ecx; ret	2_2_000C0DD0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_003270F9 push esi; ret	3_2_003270FB
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_003271E2 push edi; ret	3_2_003271E4
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00321435 push ecx; ret	3_2_00321448
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00320DBD push ecx; ret	3_2_00320DD0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00326E05 push edi; ret	3_2_00326E07
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00326F1E push esi; ret	3_2_00326F20
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_004170F9 push esi; ret	10_2_004170FB
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_004171E2 push edi; ret	10_2_004171E4
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00411435 push ecx; ret	10_2_00411448
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00410DBD push ecx; ret	10_2_00410DD0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00416E05 push edi; ret	10_2_00416E07
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00416F1E push esi; ret	10_2_00416F20

Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	File created: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Jump to dropped file
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	File created: C:\qkcgyxexucxsiyk\jqvkzish.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	File created: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Jump to dropped file

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D4D460 OpenSCManagerA,CreateServiceA,ChangeServiceConfig2A,StartServiceA,CloseServiceHandle,OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,

0_2_00D4D460

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

0_2_00D51B80

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,	0_2_00D623B0
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,	1_2_001F23B0
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,	2_2_000B23B0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,	3_2_003123B0
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: OpenSCManagerA,EnumServicesStatusA,GetLastError,_malloc,EnumServicesStatusA,__snprintf,_free,CloseServiceHandle,	10_2_004023B0

Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: _strcat,GetProcessHeap,LoadLibraryA,GetProcAddress,FreeLibrary,HeapAlloc,FreeLibrary,GetAdaptersInfo,HeapFree,HeapAlloc,FreeLibrary,GetAdaptersInfo,_strcat,_strcat,_memset,_memset,HeapFree,FreeLibrary,		1_2_001F8C10
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: _strcat,GetProcessHeap,LoadLibraryA,GetProcAddress,FreeLibrary,HeapAlloc,FreeLibrary,GetAdaptersInfo,HeapFree,HeapAlloc,FreeLibrary,GetAdaptersInfo,_strcat,_strcat,_memset,_memset,HeapFree,FreeLibrary,		2_2_000B8C10

Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Window / User API: threadDelayed 825			Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Window / User API: threadDelayed 1125			Jump to behavior

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes	graph_0-21460
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Evasive API call chain: GetSystemTime,DecisionNodes
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes	graph_2-21042
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Evasive API call chain: GetSystemTime,DecisionNodes	graph_1-22243
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_0-21742

Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe TID: 10816	Thread sleep count: 218 > 30	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe TID: 10816	Thread sleep time: -484396s >= -30000s	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe TID: 10812	Thread sleep count: 825 > 30	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe TID: 10812	Thread sleep time: -825000s >= -30000s	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe TID: 10812	Thread sleep count: 1125 > 30	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe TID: 10812	Thread sleep time: -1125000s >= -30000s	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe TID: 9156	Thread sleep count: 278 > 30	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe TID: 9156	Thread sleep time: -13900000s >= -30000s	Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe TID: 9156	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe TID: 5672	Thread sleep count: 41 > 30	Jump to behavior
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe TID: 5672	Thread sleep time: -41000s >= -30000s	Jump to behavior

Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Last function: Thread delayed
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Last function: Thread delayed
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Last function: Thread delayed
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D4A590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	0_2_00D4A590
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D73691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	0_2_00D73691
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_001DA590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	1_2_001DA590
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_00203691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	1_2_00203691
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_0009A590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	2_2_0009A590
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C3691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__sopen_s,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	2_2_000C3691
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_00323691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	3_2_00323691
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_002FA590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	3_2_002FA590
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_00413691 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_IsRootUNCName,GetDriveTypeW,_free,___loctotime64_t,_free,__fstat64i32,__close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,___loctotime64_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	10_2_00413691
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_003EA590 Sleep,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,_memset,	10_2_003EA590

Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Thread delayed: delay time: 50000			Jump to behavior
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Thread delayed: delay time: 50000			Jump to behavior

Source: ek5v3q1axkfpqwron.exe, 00000001.00000002.1729520305.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000002.00000002.2493283955.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000002.00000003.1813081886.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000009.00000003.2615196328.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000009.00000003.2615998936.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000009.00000002.2961907785.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

API call chain: ExitProcess graph end node

graph_0-21743

Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D7195B _memset,IsDebuggerPresent,

0_2_00D7195B

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D79EFA EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_00D79EFA

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

0_2_00D51B80

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D734FC GetProcessHeap,

0_2_00D734FC

Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D7204D SetUnhandledExceptionFilter,	0_2_00D7204D
Source: C:\Users\user\Desktop\DBROG0eWH7.exe	Code function: 0_2_00D7207E SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00D7207E
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_0020207E SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0020207E
Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	Code function: 1_2_0020204D SetUnhandledExceptionFilter,	1_2_0020204D
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C204D SetUnhandledExceptionFilter,	2_2_000C204D
Source: C:\qkcgyxexucxsiyk\bsiphbvc.exe	Code function: 2_2_000C207E SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_000C207E
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0032207E SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_0032207E
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 3_2_0032204D SetUnhandledExceptionFilter,	3_2_0032204D
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0041204D SetUnhandledExceptionFilter,	10_2_0041204D
Source: C:\qkcgyxexucxsiyk\jqvkzish.exe	Code function: 10_2_0041207E SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_0041207E

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D62230 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00D62230

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D7885B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00D7885B

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D7F570 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,__malloc_crt,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00D7F570

Source: C:\Users\user\Desktop\DBROG0eWH7.exe

Code function: 0_2_00D500B0 GetProcAddress,GetVersionExA,CreateDirectoryA,DeleteFileA,RemoveDirectoryA,CreateDirectoryA,_strcat,CreateDirectoryA,__snprintf,__snprintf,CreateDirectoryA,_strcat,CreateDirectoryA,GetTempPathA,_strcat,CreateDirectoryA,GetTempPathA,_strcat,SetFileAttributesA,_memset,

0_2_00D500B0

Source: C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	4 Windows Service	4 Windows Service	1 Masquerading	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Service Execution	1 DLL Side-Loading	1 Process Injection	11 Virtualization/Sandbox Evasion	LSASS Memory	131 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	2 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 Native API	Logon Script (Windows)	1 DLL Side-Loading	1 Process Injection	Security Account Manager	11 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 System Service Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 File and Directory Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	4 System Information Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
DBROG0eWH7.exe	92%	ReversingLabs	Win32.Trojan.Strobosc
DBROG0eWH7.exe	100%	Avira	HEUR/AGEN.1317803
DBROG0eWH7.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	100%	Avira	HEUR/AGEN.1317803
C:\qkcgyxexucxsiyk\jqvkzish.exe	100%	Avira	HEUR/AGEN.1317803
C:\qkcgyxexucxsiyk\bsiphbvc.exe	100%	Avira	HEUR/AGEN.1317803
C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	100%	Joe Sandbox ML
C:\qkcgyxexucxsiyk\jqvkzish.exe	100%	Joe Sandbox ML
C:\qkcgyxexucxsiyk\bsiphbvc.exe	100%	Joe Sandbox ML
C:\qkcgyxexucxsiyk\bsiphbvc.exe	92%	ReversingLabs	Win32.Trojan.Strobosc
C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe	92%	ReversingLabs	Win32.Trojan.Strobosc
C:\qkcgyxexucxsiyk\jqvkzish.exe	92%	ReversingLabs	Win32.Trojan.Strobosc

Name	IP	Active	Malicious	Reputation
7450.bodis.com	199.59.243.227	true	false	high
orderstream.net	37.97.254.27	true	false	unknown
returnbottle.net	18.143.155.63	true	true	unknown
pleasantstream.net	18.143.155.63	true	true	unknown
leaderstream.net	unknown	unknown	true	unknown
degreeanother.net	unknown	unknown	true	unknown
degreeexplain.net	unknown	unknown	true	unknown
answerappear.net	unknown	unknown	true	unknown
heavybusiness.net	unknown	unknown	true	unknown
difficultdivide.net	unknown	unknown	true	unknown
requirebottle.net	unknown	unknown	true	unknown
requirebusiness.net	unknown	unknown	true	unknown
forwardinside.net	unknown	unknown	true	unknown
requiredivide.net	unknown	unknown	true	unknown
glassmanner.net	unknown	unknown	true	unknown
ordernothing.net	unknown	unknown	true	unknown
answerexplain.net	unknown	unknown	true	unknown
pleasantnothing.net	unknown	unknown	true	unknown
variousappear.net	unknown	unknown	true	unknown
difficultanother.net	unknown	unknown	true	unknown
necessarymanner.net	unknown	unknown	true	unknown
leadernothing.net	unknown	unknown	true	unknown
answeranother.net	unknown	unknown	true	unknown
leadermanner.net	unknown	unknown	true	unknown
heavybottle.net	unknown	unknown	true	unknown
heavydivide.net	unknown	unknown	true	unknown
necessarybottle.net	unknown	unknown	true	unknown
glassanother.net	unknown	unknown	true	unknown
heavenanother.net	unknown	unknown	true	unknown
difficultmanner.net	unknown	unknown	true	unknown
glassexplain.net	unknown	unknown	true	unknown
forwardbusiness.net	unknown	unknown	true	unknown
gentleappear.net	unknown	unknown	true	unknown
gentlemanner.net	unknown	unknown	true	unknown
orderdivide.net	unknown	unknown	true	unknown
requiremanner.net	unknown	unknown	true	unknown
gentleanother.net	unknown	unknown	true	unknown
glassappear.net	unknown	unknown	true	unknown
necessaryanother.net	unknown	unknown	true	unknown
returndivide.net	unknown	unknown	true	unknown
degreebusiness.net	unknown	unknown	true	unknown
answerbusiness.net	unknown	unknown	true	unknown
heavenbusiness.net	unknown	unknown	true	unknown
orderbottle.net	unknown	unknown	true	unknown
gentledivide.net	unknown	unknown	true	unknown
gentlestream.net	unknown	unknown	true	unknown
pleasantmanner.net	unknown	unknown	true	unknown
necessaryappear.net	unknown	unknown	true	unknown
pleasantbusiness.net	unknown	unknown	true	unknown
requirestream.net	unknown	unknown	true	unknown
heavenbottle.net	unknown	unknown	true	unknown
heavynothing.net	unknown	unknown	true	unknown
gentlebusiness.net	unknown	unknown	true	unknown
necessarydivide.net	unknown	unknown	true	unknown
ordermanner.net	unknown	unknown	true	unknown
leaderbottle.net	unknown	unknown	true	unknown
pleasantanother.net	unknown	unknown	true	unknown
heavyanother.net	unknown	unknown	true	unknown
degreeinstead.net	unknown	unknown	true	unknown
necessarynothing.net	unknown	unknown	true	unknown
answerbright.net	unknown	unknown	true	unknown
heavennothing.net	unknown	unknown	true	unknown
forwardbright.net	unknown	unknown	true	unknown
pleasantdivide.net	unknown	unknown	true	unknown
necessarystream.net	unknown	unknown	true	unknown
leaderanother.net	unknown	unknown	true	unknown
heavenappear.net	unknown	unknown	true	unknown
degreebright.net	unknown	unknown	true	unknown
heavyappear.net	unknown	unknown	true	unknown
orderappear.net	unknown	unknown	true	unknown
variousdivide.net	unknown	unknown	true	unknown
requireappear.net	unknown	unknown	true	unknown
requireanother.net	unknown	unknown	true	unknown
forwardappear.net	unknown	unknown	true	unknown
pleasantappear.net	unknown	unknown	true	unknown
forwardinstead.net	unknown	unknown	true	unknown
returnstream.net	unknown	unknown	true	unknown
variousbusiness.net	unknown	unknown	true	unknown
hearddivide.net	unknown	unknown	true	unknown
difficultbusiness.net	unknown	unknown	true	unknown
glassbright.net	unknown	unknown	true	unknown
orderanother.net	unknown	unknown	true	unknown
difficultappear.net	unknown	unknown	true	unknown
degreeinside.net	unknown	unknown	true	unknown
variousbottle.net	unknown	unknown	true	unknown
glassbusiness.net	unknown	unknown	true	unknown
heardmanner.net	unknown	unknown	true	unknown
gentlenothing.net	unknown	unknown	true	unknown
necessarybusiness.net	unknown	unknown	true	unknown
returnappear.net	unknown	unknown	true	unknown
orderbusiness.net	unknown	unknown	true	unknown
heavenmanner.net	unknown	unknown	true	unknown
returnmanner.net	unknown	unknown	true	unknown
heardappear.net	unknown	unknown	true	unknown
leaderbusiness.net	unknown	unknown	true	unknown
variousmanner.net	unknown	unknown	true	unknown
heavystream.net	unknown	unknown	true	unknown
leaderappear.net	unknown	unknown	true	unknown
returnanother.net	unknown	unknown	true	unknown
variousnothing.net	unknown	unknown	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	bsiphbvc.exe, 00000002.00000002.2493283955.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000002.00000003.1813081886.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000009.00000003.2615196328.0000000001006000.00000004.00000020.00020000.00000000.sdmp, bsiphbvc.exe, 00000009.00000002.2961907785.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://transip.eu/cp/	bsiphbvc.exe, 00000009.00000003.2615196328.0000000001019000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
37.97.254.27	orderstream.net	Netherlands	20857	TRANSIP-ASAmsterdamtheNetherlandsNL	false
18.143.155.63	returnbottle.net	United States	16509	AMAZON-02US	true
199.59.243.227	7450.bodis.com	United States	395082	BODIS-NJUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1551074
Start date and time:	2024-11-07 13:05:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	DBROG0eWH7.exe renamed because original name is a hash value
Original Sample Name:	78f48020d8c0308bbb5c18c883b7b547adcb2674db93b85f3a9df6a20595d8bc.exe
Detection:	MAL
Classification:	mal96.troj.evad.winEXE@12/6@499/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 44 Number of non-executed functions: 81
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: DBROG0eWH7.exe

Simulations

Behavior and APIs

Time	Type	Description
07:07:16	API Interceptor	1932x Sleep call for process: jqvkzish.exe modified
07:07:27	API Interceptor	607x Sleep call for process: bsiphbvc.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37.97.254.27	WrrCV4QR2J.exe	Get hash	malicious	FormBook	Browse	www.wrautomotive.online/ahec/?XveXHZvx=5igDJT3zPYxoznSfOhoK1Ng2m3hD5JqRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+25ITAAVo7msZgdw==&l4xX=rDStpH0He
	Antndte.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.rocsys.net/3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38
	hesaphareketi-01.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.rocsys.net/uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==
	New_Order.exe	Get hash	malicious	FormBook	Browse	www.wrautomotive.online/fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pw
	PO_YTWHDF3432.exe	Get hash	malicious	FormBook	Browse	www.wrautomotive.online/ahec/
	PO_CCTEB77.exe	Get hash	malicious	FormBook	Browse	www.wrautomotive.online/ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntX
	Fpopgapwdcgvxn.exe	Get hash	malicious	DBatLoader, FormBook	Browse	www.kermisbedrijfkramer.online/ao65/?3f94p=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&ojq4i=mFNh5n78I22D3DgP
	Product_Specs.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.wrautomotive.online/ur4g/?vxM0=G80Xg2gxjV&eh=GM1abjaFQeRWF1TbL/6IPq6IQ8Zq6L6A/eGtDh+rzhSfkUEKySbsXXOahwAFIXwkymySVlBBxGC7SDgkYy5RlvrvRaU4SsaPnA==
	PO_VCFGA1010.exe	Get hash	malicious	FormBook	Browse	www.wrautomotive.online/ahec/?TrRXYB=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+z0orNAnxbm6AOaCZvJNva1SPD&NRpHp=DLPh_Z
	25-23PJSM-653.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.rocsys.net/uaaq/?Zvo88=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==&5j=JXHP5xY8
199.59.243.227	DHL_doc.exe	Get hash	malicious	FormBook	Browse	www.adsdomain-195.click/xene/
	Wc7HGBGZfE.exe	Get hash	malicious	FormBook	Browse	www.care-for-baby-1107.xyz/ev0s/
	XhAQ0Rk63O.exe	Get hash	malicious	FormBook	Browse	www.migraine-massages.pro/ym43/
	BkZqIS5vlv.exe	Get hash	malicious	FormBook	Browse	www.deepfy.xyz/jlkn/
	FzmC0FwV6y.exe	Get hash	malicious	FormBook	Browse	www.master7.space/0i43/
	Shipping documents..exe	Get hash	malicious	FormBook	Browse	www.auto-deals-cz-000.buzz/geci/
	icRicpJWczmiOf8.exe	Get hash	malicious	FormBook	Browse	www.lowerbackpain.site/t9om/
	IbRV4I7MrS.exe	Get hash	malicious	FormBook	Browse	www.rebel.tienda/7n9v/
	NIlfETZ9aE.exe	Get hash	malicious	FormBook	Browse	www.deepfy.xyz/jlkn/
	nCYUA8nqsg.exe	Get hash	malicious	FormBook	Browse	www.coworking-jp-aa.click/xa2o/?JB=NJsDlniUbQYDatfhfDHPvwFd/AWSP7AhFfxHSrFrjljMI6G4ERIdsA2z0osvS6jhoZboHyHHqbRD6RaIDTbJ7qLt4qENU/l5boxOGvM5d+51kNkCDA==&3B6=Cv40V

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
7450.bodis.com	25XrVZw56S.exe	Get hash	malicious	Unknown	Browse	199.59.243.227
	25XrVZw56S.exe	Get hash	malicious	Unknown	Browse	199.59.243.227
	oUc5lyEzJy.exe	Get hash	malicious	Unknown	Browse	199.59.243.227
	JUHGSyleu7.exe	Get hash	malicious	Unknown	Browse	199.59.243.227
	oUc5lyEzJy.exe	Get hash	malicious	Unknown	Browse	199.59.243.227
	JUHGSyleu7.exe	Get hash	malicious	Unknown	Browse	199.59.243.227
	4wwi2Lh5W4.exe	Get hash	malicious	Unknown	Browse	199.59.243.227
	4wwi2Lh5W4.exe	Get hash	malicious	Unknown	Browse	199.59.243.227
	https://pokerfanboy.com/	Get hash	malicious	Unknown	Browse	199.59.243.227
	https://mx1.margarettaphilomena.net/	Get hash	malicious	Unknown	Browse	199.59.243.227

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	Y7isAhMKal.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	SDBARVe3d3.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	3NvALxFlHV.exe	Get hash	malicious	FormBook	Browse	76.223.105.230
	https://sendspace.com/pro/z42su8	Get hash	malicious	Mamba2FA	Browse	18.245.31.5
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	3.170.115.57
	assailant.sparc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.171.230.55
	bin.m68k.elf	Get hash	malicious	Mirai	Browse	34.210.146.241
	bin.arm7.elf	Get hash	malicious	Mirai	Browse	54.230.74.218
	sora.arm7.elf	Get hash	malicious	Unknown	Browse	63.34.86.27
	arm5.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
BODIS-NJUS	DHL_doc.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	Wc7HGBGZfE.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	XhAQ0Rk63O.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	BkZqIS5vlv.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	FzmC0FwV6y.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	Shipping documents..exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	icRicpJWczmiOf8.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	IbRV4I7MrS.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	NIlfETZ9aE.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
	nCYUA8nqsg.exe	Get hash	malicious	FormBook	Browse	199.59.243.227
TRANSIP-ASAmsterdamtheNetherlandsNL	g49e742700.exe	Get hash	malicious	Emotet	Browse	149.210.171.237
	074kFuPFv8.exe	Get hash	malicious	Unknown	Browse	149.210.147.77
	074kFuPFv8.exe	Get hash	malicious	Unknown	Browse	149.210.147.77
	6fLnWSoXXD.elf	Get hash	malicious	Mirai	Browse	95.170.75.171
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	136.144.215.32
	la.bot.m68k.elf	Get hash	malicious	Unknown	Browse	37.97.214.146
	bnrKk80Fa9.elf	Get hash	malicious	Mirai	Browse	95.170.75.159
	na.elf	Get hash	malicious	Mirai	Browse	95.170.75.159
	fBcMVl6ns6.lnk	Get hash	malicious	RHADAMANTHYS	Browse	37.97.185.116
	rpQF1aDIK4.lnk	Get hash	malicious	RHADAMANTHYS	Browse	37.97.185.116

Process:	C:\Users\user\Desktop\DBROG0eWH7.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.418295834054489
Encrypted:	false
SSDEEP:	3:MO:P
MD5:	AE8AF840FB91B0314E93D65E5494B3EF
SHA1:	234064717B321F1894B040299BF68BDA6960DEFC
SHA-256:	DA009758FE8E36D7FC4A396E86E318AF24296D0C016122FE6885E7246463FE1D
SHA-512:	9715057AB60C78B43908A3EF985A78CFF60A116EE26BC116751CA17A3AC0B30E0CE71CFE3C487B53057CE30A9D1A0078EE51BE915C387ECF95DA172B62288D66
Malicious:	false
Reputation:	low
Preview:	../!......e+

C:\qkcgyxexucxsiyk\bsiphbvc.exe

Download File

Process:	C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	357376
Entropy (8bit):	6.790311729571532
Encrypted:	false
SSDEEP:	6144:YZY+B8/hwDB7c6LZNG8J7GBHRJtEbqel4pQJt4RE:YZnwoB7ceNR7WHRJtEvl4pQJGRE
MD5:	FA91458E80BA750FDA0B41D2B88AE1B1
SHA1:	5531267D0D3B4523007803F21BC58D0DE818B38B
SHA-256:	78F48020D8C0308BBB5C18C883B7B547ADCB2674DB93B85F3A9DF6A20595D8BC
SHA-512:	143E9021D9216EC43F31FB31509856531BB7A2544DD9E3BEB332088111F9416457A637A34E780610B89E5488DE8D04CC921800CCEFCFBF7CF139C2BDCA22974A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................Rich.}........................PE..L...X\LU.....................................0....@.......................................@.....................................P............................p..@W......................................@............0..T............................text............................... ..`.rdata.......0......................@..@.data....H... ......................@....reloc..@W...p...X..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe

Download File

Process:	C:\Users\user\Desktop\DBROG0eWH7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	357376
Entropy (8bit):	6.790311729571532
Encrypted:	false
SSDEEP:	6144:YZY+B8/hwDB7c6LZNG8J7GBHRJtEbqel4pQJt4RE:YZnwoB7ceNR7WHRJtEvl4pQJGRE
MD5:	FA91458E80BA750FDA0B41D2B88AE1B1
SHA1:	5531267D0D3B4523007803F21BC58D0DE818B38B
SHA-256:	78F48020D8C0308BBB5C18C883B7B547ADCB2674DB93B85F3A9DF6A20595D8BC
SHA-512:	143E9021D9216EC43F31FB31509856531BB7A2544DD9E3BEB332088111F9416457A637A34E780610B89E5488DE8D04CC921800CCEFCFBF7CF139C2BDCA22974A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................Rich.}........................PE..L...X\LU.....................................0....@.......................................@.....................................P............................p..@W......................................@............0..T............................text............................... ..`.rdata.......0......................@..@.data....H... ......................@....reloc..@W...p...X..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\qkcgyxexucxsiyk\emmz4mbuo0g

Download File

Process:	C:\Users\user\Desktop\DBROG0eWH7.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.418295834054489
Encrypted:	false
SSDEEP:	3:MO:P
MD5:	AE8AF840FB91B0314E93D65E5494B3EF
SHA1:	234064717B321F1894B040299BF68BDA6960DEFC
SHA-256:	DA009758FE8E36D7FC4A396E86E318AF24296D0C016122FE6885E7246463FE1D
SHA-512:	9715057AB60C78B43908A3EF985A78CFF60A116EE26BC116751CA17A3AC0B30E0CE71CFE3C487B53057CE30A9D1A0078EE51BE915C387ECF95DA172B62288D66
Malicious:	false
Reputation:	low
Preview:	../!......e+

C:\qkcgyxexucxsiyk\hjkz5m

Download File

Process:	C:\qkcgyxexucxsiyk\bsiphbvc.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:1F:T
MD5:	4E855C8F85F96FA37DD405B5656085C9
SHA1:	6A284943855B205E4A4EC5682EADC4DE94A472F1
SHA-256:	E2ACD83D3E0F427D93A700D009347DC663A81F7D0CE641C057ED1EA7A5F6E801
SHA-512:	E653AB6A3C5E7897BDE627C6D86FBE990018192CC3802A6F524DB257AA2CED4CE36765488379094BB7B1CBF10EE5528AE08ABBAFDEBB50F62B516D80FBBFCD30
Malicious:	false
Reputation:	low
Preview:	....

C:\qkcgyxexucxsiyk\jqvkzish.exe

Download File

Process:	C:\qkcgyxexucxsiyk\bsiphbvc.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	357376
Entropy (8bit):	6.790311729571532
Encrypted:	false
SSDEEP:	6144:YZY+B8/hwDB7c6LZNG8J7GBHRJtEbqel4pQJt4RE:YZnwoB7ceNR7WHRJtEvl4pQJGRE
MD5:	FA91458E80BA750FDA0B41D2B88AE1B1
SHA1:	5531267D0D3B4523007803F21BC58D0DE818B38B
SHA-256:	78F48020D8C0308BBB5C18C883B7B547ADCB2674DB93B85F3A9DF6A20595D8BC
SHA-512:	143E9021D9216EC43F31FB31509856531BB7A2544DD9E3BEB332088111F9416457A637A34E780610B89E5488DE8D04CC921800CCEFCFBF7CF139C2BDCA22974A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................Rich.}........................PE..L...X\LU.....................................0....@.......................................@.....................................P............................p..@W......................................@............0..T............................text............................... ..`.rdata.......0......................@..@.data....H... ......................@....reloc..@W...p...X..................@..B................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.790311729571532
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Clipper DOS Executable (2020/12) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	DBROG0eWH7.exe
File size:	357'376 bytes
MD5:	fa91458e80ba750fda0b41d2b88ae1b1
SHA1:	5531267d0d3b4523007803f21bc58d0de818b38b
SHA256:	78f48020d8c0308bbb5c18c883b7b547adcb2674db93b85f3a9df6a20595d8bc
SHA512:	143e9021d9216ec43f31fb31509856531bb7a2544dd9e3beb332088111f9416457a637a34e780610b89e5488de8d04cc921800ccefcfbf7cf139c2bdca22974a
SSDEEP:	6144:YZY+B8/hwDB7c6LZNG8J7GBHRJtEbqel4pQJt4RE:YZnwoB7ceNR7WHRJtEvl4pQJGRE
TLSH:	94745D18B590E1B9D1A0D1389B7A32A392B81AA07770D7EB3F5414DD4AEC4D1BAF3317
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................Rich...}........................PE..L...X\LU...

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x430a9d
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x554C5C58 [Fri May 8 06:48:56 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	1b8099a32bcf0a0b3d1d39ee7c544b44

Entrypoint Preview

Instruction
call 00007F2670DC340Eh
jmp 00007F2670DBB655h
push 00000014h
push 0044FDA0h
call 00007F2670DBBF92h
call 00007F2670DBC8CDh
movzx esi, ax
push 00000002h
call 00007F2670DC33A1h
pop ecx
mov eax, 00005A4Dh
cmp word ptr [00400000h], ax
je 00007F2670DBB656h
xor ebx, ebx
jmp 00007F2670DBB685h
mov eax, dword ptr [0040003Ch]
cmp dword ptr [eax+00400000h], 00004550h
jne 00007F2670DBB63Dh
mov ecx, 0000010Bh
cmp word ptr [eax+00400018h], cx
jne 00007F2670DBB62Fh
xor ebx, ebx
cmp dword ptr [eax+00400074h], 0Eh
jbe 00007F2670DBB65Bh
cmp dword ptr [eax+004000E8h], ebx
setne bl
mov dword ptr [ebp-1Ch], ebx
call 00007F2670DBE041h
test eax, eax
jne 00007F2670DBB65Ah
push 0000001Ch
call 00007F2670DBB731h
pop ecx
call 00007F2670DBDF9Dh
test eax, eax
jne 00007F2670DBB65Ah
push 00000010h
call 00007F2670DBB720h
pop ecx
call 00007F2670DBC616h
and dword ptr [ebp-04h], 00000000h
call 00007F2670DC2056h
test eax, eax
jns 00007F2670DBB65Ah
push 0000001Bh
call 00007F2670DBB706h
pop ecx
call dword ptr [00443150h]
mov dword ptr [00456884h], eax
call 00007F2670DC33F5h
mov dword ptr [00454978h], eax
call 00007F2670DC2FF2h
test eax, eax
jns 00007F2670DBB65Ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5030c	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x57000	0x5740	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x4f7f0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x43000	0x254	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x419ca	0x41a00	ce79de0b6ff00ae5362cc86880d5f984	False	0.543999255952381	data	6.570421212382599	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x43000	0xe002	0xe200	178b293bec90181385f0bed1589cbdb0	False	0.6180689988938053	data	6.271129625047008	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x52000	0x489c	0x1c00	e6c6eec1fd83dce1862440a1393ef305	False	0.41671316964285715	data	4.189504036798764	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x57000	0x5740	0x5800	0b84ce1999716cc9a29737983673f94b	False	0.7712180397727273	data	6.814681003193168	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
GDI32.dll	GetBkColor, GetDCBrushColor, GetDCPenColor, GetClipRgn, GetNearestColor, GetObjectType, GetPixelFormat, GetPolyFillMode, GetSystemPaletteUse, GetTextCharacterExtra, GetTextAlign, GetTextColor, GetTextCharset, GetTextCharsetInfo, SetPixel, SetSystemPaletteUse, SetTextCharacterExtra, SetTextColor, SetTextAlign, UpdateColors
USER32.dll	LoadIconA, GetWindowLongA, GetCursor, GetMenuContextHelpId, GetWindowContextHelpId, SetWindowTextA, RemovePropA, GetScrollPos, EndPaint, BeginPaint, GetWindowDC, GetDC, WindowFromDC, GetForegroundWindow, DrawTextA, GetMenuCheckMarkDimensions, GetMenuItemCount, GetMenuItemID, GetMenuState, GetMenu, IsWindowEnabled, EnableWindow, IsWindowUnicode, GetQueueStatus, GetInputState, SetFocus, CheckDlgButton, SetDlgItemTextA, GetDlgItemInt, GetDlgItem, EndDialog, ShowWindow, PostMessageA, SendMessageA
KERNEL32.dll	SetEnvironmentVariableA, ReadConsoleW, ReadFile, SetEndOfFile, GetTimeZoneInformation, WriteConsoleW, SetFilePointerEx, SetStdHandle, CreateFileW, GetCurrentDirectoryW, GetFullPathNameW, PeekNamedPipe, GetFileInformationByHandle, FileTimeToLocalFileTime, GetStringTypeW, OutputDebugStringW, HeapReAlloc, LCMapStringW, CompareStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetModuleFileNameA, GetConsoleMode, GetConsoleCP, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, DeleteFileA, FindClose, FlushFileBuffers, GetDriveTypeA, GetFileTime, GetFileType, WriteFile, IsDebuggerPresent, CloseHandle, GetLastError, GetCurrentProcess, GetCurrentProcessId, CreateThread, GetCurrentThreadId, IsProcessorFeaturePresent, GetTickCount, GetModuleHandleA, GetProcAddress, LoadResource, LockResource, SizeofResource, GlobalAlloc, GlobalFlags, GlobalHandle, FindResourceA, MoveFileA, EncodePointer, DecodePointer, ExitProcess, GetModuleHandleExW, AreFileApisANSI, MultiByteToWideChar, WideCharToMultiByte, HeapFree, HeapAlloc, GetSystemTimeAsFileTime, GetCommandLineA, RaiseException, RtlUnwind, HeapSize, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, Sleep, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetStdHandle, GetModuleFileNameW, LoadLibraryExW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetProcessHeap, FindFirstFileExW, GetDriveTypeW

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-07T13:06:47.006068+0100	2815568	ETPRO MALWARE Terse HTTP 1.0 Request Possible Nivdort	1	192.168.2.4	49730	18.143.155.63	80	TCP
2024-11-07T13:06:47.006068+0100	2820680	ETPRO MALWARE W32/Bayrob Attempted Checkin 2	1	192.168.2.4	49730	18.143.155.63	80	TCP
2024-11-07T13:06:47.371988+0100	2018141	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	1	18.143.155.63	80	192.168.2.4	49730	TCP
2024-11-07T13:06:47.371988+0100	2037771	ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst	1	18.143.155.63	80	192.168.2.4	49730	TCP
2024-11-07T13:06:49.452706+0100	2811542	ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (net)	1	1.1.1.1	53	192.168.2.4	51679	UDP
2024-11-07T13:06:53.375881+0100	2018316	ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses	1	1.1.1.1	53	192.168.2.4	57589	UDP
2024-11-07T13:07:00.985353+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	20.12.23.50	443	192.168.2.4	49734	TCP
2024-11-07T13:07:39.890930+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.175.87.197	443	192.168.2.4	49741	TCP
2024-11-07T13:08:08.773587+0100	2815568	ETPRO MALWARE Terse HTTP 1.0 Request Possible Nivdort	1	192.168.2.4	49897	18.143.155.63	80	TCP
2024-11-07T13:08:08.773587+0100	2820680	ETPRO MALWARE W32/Bayrob Attempted Checkin 2	1	192.168.2.4	49897	18.143.155.63	80	TCP
2024-11-07T13:08:11.604528+0100	2811542	ETPRO MALWARE Possible Tinba DGA NXDOMAIN Responses (net)	1	1.1.1.1	53	192.168.2.4	50559	UDP
2024-11-07T13:08:40.150939+0100	2018316	ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses	1	1.1.1.1	53	192.168.2.4	51742	UDP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 7, 2024 13:06:45.530889034 CET	49730	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:45.535865068 CET	80	49730	18.143.155.63	192.168.2.4
Nov 7, 2024 13:06:45.535978079 CET	49730	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:45.535998106 CET	49730	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:45.540903091 CET	80	49730	18.143.155.63	192.168.2.4
Nov 7, 2024 13:06:46.959748983 CET	80	49730	18.143.155.63	192.168.2.4
Nov 7, 2024 13:06:47.006067991 CET	49730	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:47.371988058 CET	80	49730	18.143.155.63	192.168.2.4
Nov 7, 2024 13:06:47.372090101 CET	49730	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:47.372121096 CET	49730	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:47.377490997 CET	80	49730	18.143.155.63	192.168.2.4
Nov 7, 2024 13:06:47.659981966 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:47.664975882 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:47.665627003 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:47.665627003 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:47.670675039 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509088039 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509113073 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509125948 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509207010 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.509227991 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509242058 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509253979 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509268045 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509270906 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.509329081 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.509584904 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509597063 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509634972 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.509664059 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.509736061 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.514092922 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.514147043 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.514159918 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.514184952 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.514276028 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.514326096 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.634411097 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.634444952 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.634458065 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.634493113 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.634574890 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.634592056 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.634623051 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.634752035 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.634808064 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.634864092 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.634876013 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.634955883 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.635168076 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.635184050 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.635225058 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.635494947 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.635572910 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.635586023 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.635615110 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.635782957 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.635793924 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.635806084 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.635818005 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.635854959 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.636490107 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.636529922 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.636584044 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.751451015 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.751493931 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.751507044 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.751616955 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.751732111 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.751750946 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.751764059 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.751777887 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.751821041 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.751821041 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.752062082 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.752110004 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.759459019 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.759553909 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.759567022 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.759608030 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.759665012 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.759676933 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.759727955 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.759877920 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.759921074 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.760086060 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.760098934 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.760162115 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.760193110 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.760293007 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.760354042 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.760375977 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.760448933 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.760509968 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.868454933 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.868495941 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.868510962 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.868562937 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.868608952 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.868622065 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.868691921 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.868803024 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.868815899 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.868849039 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.868943930 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.868990898 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.869081974 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:48.875443935 CET	80	49731	37.97.254.27	192.168.2.4
Nov 7, 2024 13:06:48.875494957 CET	49731	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:06:49.982938051 CET	49732	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:06:49.987948895 CET	80	49732	199.59.243.227	192.168.2.4
Nov 7, 2024 13:06:49.988060951 CET	49732	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:06:49.988121033 CET	49732	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:06:49.992868900 CET	80	49732	199.59.243.227	192.168.2.4
Nov 7, 2024 13:06:50.622215033 CET	80	49732	199.59.243.227	192.168.2.4
Nov 7, 2024 13:06:50.622250080 CET	80	49732	199.59.243.227	192.168.2.4
Nov 7, 2024 13:06:50.622337103 CET	49732	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:06:50.622904062 CET	80	49732	199.59.243.227	192.168.2.4
Nov 7, 2024 13:06:50.625113964 CET	49732	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:06:50.625113964 CET	49732	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:06:50.629978895 CET	80	49732	199.59.243.227	192.168.2.4
Nov 7, 2024 13:06:51.053262949 CET	49733	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:51.058232069 CET	80	49733	18.143.155.63	192.168.2.4
Nov 7, 2024 13:06:51.058325052 CET	49733	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:51.061451912 CET	49733	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:51.066344023 CET	80	49733	18.143.155.63	192.168.2.4
Nov 7, 2024 13:06:52.498637915 CET	80	49733	18.143.155.63	192.168.2.4
Nov 7, 2024 13:06:52.552838087 CET	49733	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:52.912844896 CET	80	49733	18.143.155.63	192.168.2.4
Nov 7, 2024 13:06:52.912970066 CET	49733	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:52.912970066 CET	49733	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:06:52.917872906 CET	80	49733	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:07.343004942 CET	49897	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:07.348573923 CET	80	49897	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:07.348653078 CET	49897	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:07.348716974 CET	49897	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:07.355150938 CET	80	49897	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:08.773475885 CET	80	49897	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:08.773586988 CET	49897	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:08.779766083 CET	80	49897	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:08.779814005 CET	49897	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:08.898653984 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:08.903495073 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:08.903611898 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:08.906255960 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:08.911124945 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.719654083 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.719680071 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.719695091 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.719748020 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.719762087 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.719763041 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.719805956 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.720002890 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.720016956 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.720033884 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.720045090 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.720052958 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.720057011 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.720081091 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.720108032 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.724658966 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.724694967 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.724709034 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.724742889 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.724832058 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.724881887 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.836926937 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.836962938 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.836976051 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837049961 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837054968 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.837085962 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.837168932 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837183952 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837217093 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.837331057 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837515116 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837554932 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.837614059 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837625980 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837662935 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.837728977 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837753057 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.837784052 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.838202000 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.838283062 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.838294029 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.838320971 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.838496923 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.838509083 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.838521004 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.838534117 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.838557005 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.954385996 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.954413891 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.954431057 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.954463005 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.954602957 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.954621077 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.954643011 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.954776049 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.954787970 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.954935074 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.955003977 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955014944 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955033064 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955044985 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.955045938 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955059052 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955065966 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.955101013 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.955430984 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955542088 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955553055 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955579996 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.955751896 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955764055 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955776930 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:09.955795050 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:09.955821991 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:10.071217060 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.071274042 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.071288109 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.071389914 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.071398973 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:10.071438074 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:10.071448088 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.071580887 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.071592093 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.071604013 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.071630955 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:10.071655035 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:10.071753979 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:10.071830034 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.071882963 CET	49905	80	192.168.2.4	37.97.254.27
Nov 7, 2024 13:08:10.076570988 CET	80	49905	37.97.254.27	192.168.2.4
Nov 7, 2024 13:08:10.955734015 CET	49916	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:10.960581064 CET	80	49916	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:10.960715055 CET	49916	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:10.960829973 CET	49916	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:10.965522051 CET	80	49916	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:11.588771105 CET	80	49916	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:11.588793039 CET	80	49916	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:11.588903904 CET	49916	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:11.590145111 CET	80	49916	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:11.590248108 CET	49916	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:11.590327978 CET	49916	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:11.595078945 CET	80	49916	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:11.658576012 CET	49920	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:11.663556099 CET	80	49920	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:11.663659096 CET	49920	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:11.663703918 CET	49920	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:11.668495893 CET	80	49920	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:13.083472967 CET	80	49920	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:13.083715916 CET	49920	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:13.089370012 CET	80	49920	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:13.089447975 CET	49920	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:18.995915890 CET	49955	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:19.000785112 CET	80	49955	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:19.000876904 CET	49955	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:19.000924110 CET	49955	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:19.006162882 CET	80	49955	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:19.640043974 CET	80	49955	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:19.640065908 CET	80	49955	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:19.640158892 CET	49955	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:19.640458107 CET	80	49955	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:19.640511036 CET	49955	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:19.640562057 CET	49955	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:19.645740032 CET	80	49955	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:19.754137993 CET	49960	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:19.759103060 CET	80	49960	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:19.759207964 CET	49960	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:19.759273052 CET	49960	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:19.764193058 CET	80	49960	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:21.172678947 CET	80	49960	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:21.172878981 CET	49960	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:21.178039074 CET	80	49960	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:21.178102016 CET	49960	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:27.222481012 CET	49996	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:27.227427959 CET	80	49996	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:27.227544069 CET	49996	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:27.227600098 CET	49996	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:27.232403994 CET	80	49996	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:27.855182886 CET	80	49996	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:27.855333090 CET	80	49996	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:27.855393887 CET	49996	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:27.855585098 CET	80	49996	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:27.855719090 CET	49996	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:27.876950979 CET	49996	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:27.882009029 CET	80	49996	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:28.024302006 CET	50002	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:28.029428005 CET	80	50002	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:28.029541016 CET	50002	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:28.031955957 CET	50002	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:28.036844015 CET	80	50002	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:29.458837032 CET	80	50002	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:29.458930016 CET	50002	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:29.464368105 CET	80	50002	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:29.464425087 CET	50002	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:35.760407925 CET	50014	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:35.765603065 CET	80	50014	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:35.765680075 CET	50014	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:35.765726089 CET	50014	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:35.770616055 CET	80	50014	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:36.389648914 CET	80	50014	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:36.389678001 CET	80	50014	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:36.389822006 CET	50014	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:36.390062094 CET	80	50014	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:36.390127897 CET	50014	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:36.390141964 CET	50014	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:36.394954920 CET	80	50014	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:36.436513901 CET	50015	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:36.441395044 CET	80	50015	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:36.441490889 CET	50015	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:36.441529036 CET	50015	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:36.446300030 CET	80	50015	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:37.889174938 CET	80	50015	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:37.889305115 CET	50015	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:37.894917965 CET	80	50015	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:37.894977093 CET	50015	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:45.031538963 CET	52241	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:45.036530972 CET	80	52241	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:45.036616087 CET	52241	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:45.036760092 CET	52241	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:45.041553020 CET	80	52241	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:46.459434986 CET	80	52241	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:46.505523920 CET	52241	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:46.875157118 CET	80	52241	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:46.875214100 CET	52241	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:46.875261068 CET	52241	80	192.168.2.4	18.143.155.63
Nov 7, 2024 13:08:46.880064964 CET	80	52241	18.143.155.63	192.168.2.4
Nov 7, 2024 13:08:49.427814960 CET	52242	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:49.434185028 CET	80	52242	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:49.437707901 CET	52242	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:49.437743902 CET	52242	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:49.442660093 CET	80	52242	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:50.064212084 CET	80	52242	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:50.064956903 CET	80	52242	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:50.065009117 CET	52242	80	192.168.2.4	199.59.243.227
Nov 7, 2024 13:08:50.065615892 CET	80	52242	199.59.243.227	192.168.2.4
Nov 7, 2024 13:08:50.065660954 CET	52242	80	192.168.2.4	199.59.243.227

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 7, 2024 13:06:44.997041941 CET	61849	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:45.028290987 CET	53	61849	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:45.029742956 CET	65376	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:45.061218977 CET	53	65376	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:45.123565912 CET	59310	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:45.320025921 CET	53	59310	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:47.372740984 CET	61815	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:47.405215979 CET	53	61815	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:47.406099081 CET	52678	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:47.415200949 CET	53	52678	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:47.415860891 CET	62262	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:47.445800066 CET	53	62262	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:47.446638107 CET	57883	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:47.477401972 CET	53	57883	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:47.478131056 CET	52054	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:47.508003950 CET	53	52054	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:47.508883953 CET	56568	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:47.540666103 CET	53	56568	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:47.542465925 CET	54926	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:47.573498964 CET	53	54926	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:47.574208975 CET	55720	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:47.659147024 CET	53	55720	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:48.869891882 CET	53783	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:48.901843071 CET	53	53783	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:48.902776957 CET	59393	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:48.912179947 CET	53	59393	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:48.913011074 CET	65305	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:48.923350096 CET	53	65305	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:48.924098969 CET	54002	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:48.934432030 CET	53	54002	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:48.935129881 CET	62570	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:48.966164112 CET	53	62570	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:48.966886044 CET	64584	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:48.976634026 CET	53	64584	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:48.977287054 CET	60759	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:48.986571074 CET	53	60759	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:48.987193108 CET	55258	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.381427050 CET	53	55258	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.382293940 CET	62595	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.392087936 CET	53	62595	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.392904997 CET	51557	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.402755022 CET	53	51557	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.410286903 CET	52779	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.420821905 CET	53	52779	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.421776056 CET	51679	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.452706099 CET	53	51679	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.453483105 CET	61822	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.463118076 CET	53	61822	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.463951111 CET	58934	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.473510027 CET	53	58934	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.474531889 CET	51648	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.506855011 CET	53	51648	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.507837057 CET	60923	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.517035961 CET	53	60923	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.517724991 CET	55296	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.527029991 CET	53	55296	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.527607918 CET	49276	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.558265924 CET	53	49276	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.559097052 CET	51599	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.590118885 CET	53	51599	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.591057062 CET	63946	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.601068974 CET	53	63946	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.601711988 CET	57067	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.632328987 CET	53	57067	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.633083105 CET	58142	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.642018080 CET	53	58142	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.642637968 CET	56078	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.652544022 CET	53	56078	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:49.653161049 CET	57528	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:49.982291937 CET	53	57528	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:50.625765085 CET	50507	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:50.635198116 CET	53	50507	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:50.635843992 CET	60246	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:50.645370007 CET	53	60246	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:50.647250891 CET	55282	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:50.808901072 CET	53	55282	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:50.813476086 CET	50166	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:50.844568014 CET	53	50166	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:50.847502947 CET	61149	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:51.046688080 CET	53	61149	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:52.913860083 CET	60366	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:52.923542023 CET	53	60366	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:52.924273968 CET	63574	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:52.934300900 CET	53	63574	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:52.935017109 CET	62679	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.098623037 CET	53	62679	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.099397898 CET	54016	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.109946966 CET	53	54016	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.124334097 CET	63034	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.155548096 CET	53	63034	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.160398960 CET	61943	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.169590950 CET	53	61943	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.175493956 CET	57411	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.184726954 CET	53	57411	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.185480118 CET	54022	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.195311069 CET	53	54022	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.196157932 CET	59747	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.208364010 CET	53	59747	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.213460922 CET	49599	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.223357916 CET	53	49599	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.224220037 CET	54243	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.235461950 CET	53	54243	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.236377954 CET	54285	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.245455027 CET	53	54285	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.246218920 CET	53846	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.277545929 CET	53	53846	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.278326035 CET	51567	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.309076071 CET	53	51567	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.315196991 CET	51456	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.326215029 CET	53	51456	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.343626976 CET	57589	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.375880957 CET	53	57589	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.376688957 CET	54473	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.386809111 CET	53	54473	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.387612104 CET	62757	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.398435116 CET	53	62757	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.398966074 CET	59925	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.407861948 CET	53	59925	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.408324003 CET	65371	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.440242052 CET	53	65371	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.440927029 CET	49481	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.452891111 CET	53	49481	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.453433990 CET	55221	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.463144064 CET	53	55221	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.463874102 CET	56622	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.475162029 CET	53	56622	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.475806952 CET	56936	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.488821030 CET	53	56936	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.489559889 CET	60065	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.500849962 CET	53	60065	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.501336098 CET	52865	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.511002064 CET	53	52865	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.511682034 CET	61307	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.521368027 CET	53	61307	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.557284117 CET	62838	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.566312075 CET	53	62838	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.627861977 CET	63656	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.637586117 CET	53	63656	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.640057087 CET	57313	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.671376944 CET	53	57313	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.732877016 CET	54649	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.742587090 CET	53	54649	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.791992903 CET	51969	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.824135065 CET	53	51969	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:53.979110956 CET	65123	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:53.989172935 CET	53	65123	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.081970930 CET	53222	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.112411976 CET	53	53222	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.113344908 CET	59860	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.122730970 CET	53	59860	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.124022007 CET	59846	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.133517981 CET	53	59846	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.134260893 CET	50295	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.300561905 CET	53	50295	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.301388025 CET	63223	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.331973076 CET	53	63223	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.332840919 CET	60068	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.343185902 CET	53	60068	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.344001055 CET	65066	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.375349998 CET	53	65066	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.376256943 CET	49456	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.407556057 CET	53	49456	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.408268929 CET	53680	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.417300940 CET	53	53680	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.417861938 CET	51713	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.591020107 CET	53	51713	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.595673084 CET	64624	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.606147051 CET	53	64624	1.1.1.1	192.168.2.4
Nov 7, 2024 13:06:54.606803894 CET	54076	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:06:54.637646914 CET	53	54076	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:07.328124046 CET	53980	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:07.340039968 CET	53	53980	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:08.776973963 CET	61699	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:08.787898064 CET	53	61699	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:08.788595915 CET	61747	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:08.819365978 CET	53	61747	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:08.820312977 CET	57295	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:08.830461979 CET	53	57295	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:08.831265926 CET	61678	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:08.843103886 CET	53	61678	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:08.843883038 CET	59262	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:08.854964018 CET	53	59262	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:08.855673075 CET	53721	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:08.866282940 CET	53	53721	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:08.867002010 CET	61176	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:08.897706032 CET	53	61176	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.075984955 CET	50196	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.106184006 CET	53	50196	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.107024908 CET	60801	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.116302013 CET	53	60801	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.117285013 CET	60330	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.126112938 CET	53	60330	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.126801968 CET	61365	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.157548904 CET	53	61365	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.158626080 CET	62496	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.188281059 CET	53	62496	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.189234018 CET	50760	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.198797941 CET	53	50760	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.202394962 CET	52911	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.212430954 CET	53	52911	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.213316917 CET	49692	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.408690929 CET	53	49692	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.412719011 CET	61463	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.422847033 CET	53	61463	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.423654079 CET	63025	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.434422970 CET	53	63025	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.435358047 CET	59325	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.447561979 CET	53	59325	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.448412895 CET	57444	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.479415894 CET	53	57444	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.480374098 CET	54978	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.489733934 CET	53	54978	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.490715981 CET	65204	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.499798059 CET	53	65204	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.500989914 CET	53744	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.510667086 CET	53	53744	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.511904001 CET	50510	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.520788908 CET	53	50510	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.521671057 CET	60219	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.530967951 CET	53	60219	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.535250902 CET	49710	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.696894884 CET	53	49710	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.705746889 CET	60497	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.715614080 CET	53	60497	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.716706038 CET	60451	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.747482061 CET	53	60451	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.748747110 CET	60268	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.781333923 CET	53	60268	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.782423973 CET	50765	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.792026997 CET	53	50765	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:10.792808056 CET	58946	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:10.951525927 CET	53	58946	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:11.594094038 CET	50559	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:11.604527950 CET	53	50559	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:11.605582952 CET	64277	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:11.637423038 CET	53	64277	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:11.638513088 CET	63695	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:11.647933006 CET	53	63695	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:11.648509026 CET	59838	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:11.657807112 CET	53	59838	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.092276096 CET	54638	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.122703075 CET	53	54638	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.123842001 CET	63426	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.133157969 CET	53	63426	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.133770943 CET	58454	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.144114971 CET	53	58454	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.144896984 CET	61336	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.154495955 CET	53	61336	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.155183077 CET	62454	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.165415049 CET	53	62454	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.166043997 CET	53935	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.174952030 CET	53	53935	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.175409079 CET	61199	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.205694914 CET	53	61199	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.209176064 CET	53744	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.218811035 CET	53	53744	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.219585896 CET	62034	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.230762005 CET	53	62034	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.231368065 CET	52879	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.263077974 CET	53	52879	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.263751984 CET	63752	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.273284912 CET	53	63752	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.273929119 CET	51595	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.284794092 CET	53	51595	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.285459042 CET	64253	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.295640945 CET	53	64253	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.296207905 CET	65279	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.305695057 CET	53	65279	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.306376934 CET	59351	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.316921949 CET	53	59351	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.317698956 CET	57243	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.327630043 CET	53	57243	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.328434944 CET	64286	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.338350058 CET	53	64286	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.339046001 CET	64357	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.348583937 CET	53	64357	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.349188089 CET	64463	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.358561039 CET	53	64463	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.359237909 CET	55044	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.368546963 CET	53	55044	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.369215965 CET	61060	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.399698019 CET	53	61060	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.400631905 CET	49380	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.431369066 CET	53	49380	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.438642025 CET	51200	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.448298931 CET	53	51200	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.448971033 CET	65107	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.458533049 CET	53	65107	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.459454060 CET	58672	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.623022079 CET	53	58672	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.624103069 CET	54482	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.634149075 CET	53	54482	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.638498068 CET	53690	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.647871971 CET	53	53690	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.648652077 CET	52281	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.658642054 CET	53	52281	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.659190893 CET	63118	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.669178009 CET	53	63118	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.669658899 CET	60159	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.680394888 CET	53	60159	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.681061983 CET	62932	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.691234112 CET	53	62932	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.691776037 CET	52181	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.702426910 CET	53	52181	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.703110933 CET	49939	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.713361979 CET	53	49939	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.714185953 CET	60342	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.745786905 CET	53	60342	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.746870995 CET	58848	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.756856918 CET	53	58848	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.757776022 CET	64031	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.768335104 CET	53	64031	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.769197941 CET	57778	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.924192905 CET	53	57778	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.928273916 CET	49755	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.941170931 CET	53	49755	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.941894054 CET	61107	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:13.973563910 CET	53	61107	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:13.974400997 CET	54558	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:14.005325079 CET	53	54558	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:14.006298065 CET	53328	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:14.015969992 CET	53	53328	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:14.016681910 CET	55613	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:14.025475979 CET	53	55613	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:14.026096106 CET	63887	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:14.036644936 CET	53	63887	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:14.037822008 CET	65366	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:14.047142982 CET	53	65366	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:14.047785044 CET	55106	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:14.078545094 CET	53	55106	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:14.081480980 CET	51988	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:14.091135979 CET	53	51988	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.603975058 CET	53086	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.614130974 CET	53	53086	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.614985943 CET	57208	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.647449970 CET	53	57208	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.648267031 CET	62489	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.679666996 CET	53	62489	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.680943966 CET	58435	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.690962076 CET	53	58435	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.691617966 CET	50696	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.701287031 CET	53	50696	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.701981068 CET	56790	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.710793018 CET	53	56790	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.711402893 CET	64320	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.720913887 CET	53	64320	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.721617937 CET	50989	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.767102957 CET	53	50989	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.768165112 CET	64666	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.777762890 CET	53	64666	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.778449059 CET	59112	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.788110018 CET	53	59112	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.792237043 CET	65008	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.802150965 CET	53	65008	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.802994967 CET	51189	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.834275007 CET	53	51189	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.835186958 CET	60635	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.845676899 CET	53	60635	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.846442938 CET	55745	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.855519056 CET	53	55745	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.856311083 CET	49388	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.866318941 CET	53	49388	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.867038965 CET	62290	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.876388073 CET	53	62290	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.877288103 CET	57148	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.907852888 CET	53	57148	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.908673048 CET	61145	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.918411970 CET	53	61145	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.919069052 CET	49766	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.926372051 CET	53	49766	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.927005053 CET	55086	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.936290979 CET	53	55086	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.937072992 CET	53264	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.947788954 CET	53	53264	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.952356100 CET	65102	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.983944893 CET	53	65102	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:18.984905005 CET	61332	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:18.994982958 CET	53	61332	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:19.644350052 CET	49945	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:19.674288988 CET	53	49945	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:19.675137997 CET	61576	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:19.706943035 CET	53	61576	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:19.707969904 CET	55950	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:19.742113113 CET	53	55950	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:19.743107080 CET	63391	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:19.753261089 CET	53	63391	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.176717043 CET	55877	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.208137035 CET	53	55877	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.209104061 CET	51582	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.219018936 CET	53	51582	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.219980001 CET	64269	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.229294062 CET	53	64269	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.230148077 CET	62623	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.239784956 CET	53	62623	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.240770102 CET	59673	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.271097898 CET	53	59673	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.271924019 CET	50630	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.282901049 CET	53	50630	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.283845901 CET	63225	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.315519094 CET	53	63225	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.319665909 CET	57548	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.478698015 CET	53	57548	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.479578972 CET	58770	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.511576891 CET	53	58770	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.512418032 CET	64098	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.523159981 CET	53	64098	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.530080080 CET	64236	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.539542913 CET	53	64236	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.543339968 CET	50438	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.552970886 CET	53	50438	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.553808928 CET	51270	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.563370943 CET	53	51270	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.564012051 CET	55209	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.595623016 CET	53	55209	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.596565008 CET	61891	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.607197046 CET	53	61891	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.608304977 CET	59147	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.617758036 CET	53	59147	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.618643045 CET	56933	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.627551079 CET	53	56933	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.628237009 CET	63590	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.660429001 CET	53	63590	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.661303043 CET	57002	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.671175003 CET	53	57002	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.672255039 CET	63217	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.703644037 CET	53	63217	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.707354069 CET	60265	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.719701052 CET	53	60265	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.720505953 CET	57453	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.729862928 CET	53	57453	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.730683088 CET	49189	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.761498928 CET	53	49189	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.765237093 CET	55868	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.777019978 CET	53	55868	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.777962923 CET	59992	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.788495064 CET	53	59992	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.789434910 CET	54674	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.798912048 CET	53	54674	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.799583912 CET	51552	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.830612898 CET	53	51552	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.831649065 CET	54170	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.864244938 CET	53	54170	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.865169048 CET	49290	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.874449015 CET	53	49290	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.875278950 CET	62659	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.907844067 CET	53	62659	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.908991098 CET	50068	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.920453072 CET	53	50068	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.921402931 CET	52018	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.931427956 CET	53	52018	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.932156086 CET	56817	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.963216066 CET	53	56817	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.967540026 CET	63048	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.977761984 CET	53	63048	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.978552103 CET	65049	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.988485098 CET	53	65049	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.989363909 CET	49639	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:21.998745918 CET	53	49639	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:21.999555111 CET	59233	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.033023119 CET	53	59233	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.033946991 CET	55010	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.044826031 CET	53	55010	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.046344995 CET	64371	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.079191923 CET	53	64371	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.080202103 CET	55305	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.090727091 CET	53	55305	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.091473103 CET	63449	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.102891922 CET	53	63449	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.103569984 CET	63485	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.115529060 CET	53	63485	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.116292000 CET	59921	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.147428036 CET	53	59921	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.148530960 CET	54421	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.158755064 CET	53	54421	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.159491062 CET	49469	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.190347910 CET	53	49469	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.194658995 CET	57179	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.204328060 CET	53	57179	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.205116987 CET	60340	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.216110945 CET	53	60340	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.216973066 CET	49324	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.249876976 CET	53	49324	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.250852108 CET	60856	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.262706041 CET	53	60856	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.263560057 CET	51747	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.294454098 CET	53	51747	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.295326948 CET	52141	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.304795980 CET	53	52141	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.305728912 CET	55613	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.314516068 CET	53	55613	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.318192005 CET	53169	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.327203989 CET	53	53169	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.328036070 CET	59415	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.339973927 CET	53	59415	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.340936899 CET	60653	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.355835915 CET	53	60653	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:22.356678963 CET	58165	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:22.368746042 CET	53	58165	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:26.867815971 CET	62875	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:26.877312899 CET	53	62875	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:26.878074884 CET	49284	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:26.887119055 CET	53	49284	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:26.887767076 CET	58185	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:26.898633003 CET	53	58185	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:26.899286985 CET	51908	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:26.909909964 CET	53	51908	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:26.910790920 CET	63384	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:26.919570923 CET	53	63384	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:26.920326948 CET	59248	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.075798035 CET	53	59248	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.079813957 CET	63064	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.088856936 CET	53	63064	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.089592934 CET	64544	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.098639965 CET	53	64544	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.099349976 CET	54574	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.108783007 CET	53	54574	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.109579086 CET	49464	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.141340017 CET	53	49464	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.142201900 CET	60725	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.151911020 CET	53	60725	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.152697086 CET	64414	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.163024902 CET	53	64414	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.163588047 CET	62436	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.174984932 CET	53	62436	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.175669909 CET	52256	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.185945988 CET	53	52256	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.186652899 CET	63822	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.218453884 CET	53	63822	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.881220102 CET	60523	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.890711069 CET	53	60523	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.893626928 CET	53648	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.903112888 CET	53	53648	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.926412106 CET	61543	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.956995964 CET	53	61543	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:27.967947960 CET	51939	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:27.999917984 CET	53	51939	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.462798119 CET	60423	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.472595930 CET	53	60423	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.473263979 CET	63427	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.483237028 CET	53	63427	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.484061003 CET	62134	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.493269920 CET	53	62134	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.493877888 CET	60517	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.503639936 CET	53	60517	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.504348040 CET	54605	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.514139891 CET	53	54605	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.514786959 CET	51514	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.545272112 CET	53	51514	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.546009064 CET	65335	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.555615902 CET	53	65335	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.556298971 CET	62565	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.565372944 CET	53	62565	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.565855026 CET	61142	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.575661898 CET	53	61142	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.576231956 CET	49488	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.586302042 CET	53	49488	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.586858988 CET	60736	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.595604897 CET	53	60736	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.596282005 CET	54830	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.605057955 CET	53	54830	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.607553959 CET	49253	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.620899916 CET	53	49253	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.621619940 CET	54953	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.631365061 CET	53	54953	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.631962061 CET	63687	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.661910057 CET	53	63687	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.665539026 CET	64044	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.675328970 CET	53	64044	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.675848007 CET	65409	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.706981897 CET	53	65409	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.707695961 CET	59707	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.718066931 CET	53	59707	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.718769073 CET	62880	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.727701902 CET	53	62880	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.728286982 CET	51903	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.737912893 CET	53	51903	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.738461971 CET	58084	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.745371103 CET	53	58084	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.745913029 CET	65167	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.755521059 CET	53	65167	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.756017923 CET	64981	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.766011953 CET	53	64981	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.766587973 CET	51990	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.776555061 CET	53	51990	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.777224064 CET	62138	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.786528111 CET	53	62138	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.787273884 CET	57230	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.817982912 CET	53	57230	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.818627119 CET	60049	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:29.850224018 CET	53	60049	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:29.851116896 CET	65067	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.006727934 CET	53	65067	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.009810925 CET	62681	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.040481091 CET	53	62681	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.041304111 CET	49166	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.050892115 CET	53	49166	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.051548004 CET	63550	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.060878992 CET	53	63550	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.061666965 CET	62855	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.218229055 CET	53	62855	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.222649097 CET	50582	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.253253937 CET	53	50582	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.254503965 CET	61678	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.290036917 CET	53	61678	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.297739983 CET	64071	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.307832956 CET	53	64071	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.308545113 CET	50801	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.324074030 CET	53	50801	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.328156948 CET	60709	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.338908911 CET	53	60709	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.339831114 CET	60322	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.370313883 CET	53	60322	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.371227026 CET	51103	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.380945921 CET	53	51103	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.381630898 CET	62035	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.392451048 CET	53	62035	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.393415928 CET	64603	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.424096107 CET	53	64603	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.425765991 CET	54642	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.436827898 CET	53	54642	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.441030025 CET	64766	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.451275110 CET	53	64766	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.452434063 CET	60541	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.462060928 CET	53	60541	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.463331938 CET	59917	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.473145008 CET	53	59917	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.474811077 CET	60333	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.484009981 CET	53	60333	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.485260963 CET	56939	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.495440006 CET	53	56939	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.496525049 CET	61177	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.527563095 CET	53	61177	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.560684919 CET	57598	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.591506004 CET	53	57598	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.613755941 CET	49373	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.623442888 CET	53	49373	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.660537958 CET	60811	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.669455051 CET	53	60811	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.670265913 CET	52618	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.680478096 CET	53	52618	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.705523014 CET	58301	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.737488985 CET	53	58301	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.746264935 CET	64204	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.755228043 CET	53	64204	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.756721020 CET	52490	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.766583920 CET	53	52490	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.831301928 CET	63689	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.862451077 CET	53	63689	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:30.916342020 CET	59946	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:30.947427988 CET	53	59946	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:31.005338907 CET	50053	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:31.015034914 CET	53	50053	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:31.015861034 CET	60309	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:31.046674013 CET	53	60309	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:31.047507048 CET	53863	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:31.078432083 CET	53	53863	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:31.079500914 CET	52194	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:31.089827061 CET	53	52194	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:31.090591908 CET	54180	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:31.102693081 CET	53	54180	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:31.103367090 CET	60557	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:31.113903046 CET	53	60557	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:31.115056038 CET	51609	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:31.128540993 CET	53	51609	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:35.649214029 CET	52494	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:35.659912109 CET	53	52494	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:35.660631895 CET	62017	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:35.669781923 CET	53	62017	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:35.671158075 CET	50830	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:35.680866003 CET	53	50830	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:35.681516886 CET	61397	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:35.713103056 CET	53	61397	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:35.715194941 CET	61308	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:35.725413084 CET	53	61308	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:35.726176023 CET	53464	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:35.737524986 CET	53	53464	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:35.738467932 CET	58646	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:35.748291016 CET	53	58646	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:35.749026060 CET	57788	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:35.759605885 CET	53	57788	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:36.393743992 CET	59386	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:36.404429913 CET	53	59386	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:36.405148029 CET	53505	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:36.414953947 CET	53	53505	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:36.415467978 CET	55098	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:36.425242901 CET	53	55098	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:36.425743103 CET	63835	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:36.435724020 CET	53	63835	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:37.893115044 CET	63975	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.054997921 CET	53	63975	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.058993101 CET	52530	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.213812113 CET	53	52530	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.214920998 CET	59345	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.224467993 CET	53	59345	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.228168011 CET	55814	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.259322882 CET	53	55814	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.260181904 CET	59500	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.269455910 CET	53	59500	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.270030022 CET	59005	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.279656887 CET	53	59005	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.280206919 CET	53824	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.291847944 CET	53	53824	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.292382002 CET	64798	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.301939011 CET	53	64798	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.302475929 CET	54446	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.313970089 CET	53	54446	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.314552069 CET	60270	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.323740005 CET	53	60270	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.324282885 CET	60132	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.355561018 CET	53	60132	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.356350899 CET	54060	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.366894007 CET	53	54060	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.367464066 CET	63528	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.376796007 CET	53	63528	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.377262115 CET	52187	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.386548996 CET	53	52187	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.387067080 CET	61038	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.397237062 CET	53	61038	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:38.397783995 CET	64837	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:38.404274940 CET	53	64837	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.014065981 CET	62054	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.045469046 CET	53	62054	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.046432972 CET	62232	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.056106091 CET	53	62232	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.056847095 CET	59886	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.066324949 CET	53	59886	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.066893101 CET	60108	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.076924086 CET	53	60108	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.077588081 CET	64647	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.087779045 CET	53	64647	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.088450909 CET	60826	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.099494934 CET	53	60826	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.100049019 CET	54363	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.109849930 CET	53	54363	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.110388994 CET	64407	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.121032953 CET	53	64407	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.121646881 CET	51026	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.151864052 CET	53	51026	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.152571917 CET	61601	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.162739992 CET	53	61601	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.163552999 CET	59117	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.173765898 CET	53	59117	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.174506903 CET	57261	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.184094906 CET	53	57261	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.185058117 CET	65419	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.194814920 CET	53	65419	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.249952078 CET	63164	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.259706974 CET	53	63164	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.263226986 CET	64209	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.294817924 CET	53	64209	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.295902014 CET	55506	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.328047991 CET	53	55506	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.329194069 CET	61686	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.338606119 CET	53	61686	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.339462042 CET	57304	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.349298000 CET	53	57304	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.351026058 CET	53231	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.512175083 CET	53	53231	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.515760899 CET	57277	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.545739889 CET	53	57277	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.546742916 CET	59211	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.557621956 CET	53	59211	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.558640957 CET	54366	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.567692041 CET	53	54366	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.569042921 CET	63693	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.578596115 CET	53	63693	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.582838058 CET	65352	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.591789007 CET	53	65352	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.592591047 CET	49457	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.602659941 CET	53	49457	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.603789091 CET	58004	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.613862991 CET	53	58004	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.614538908 CET	61798	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.624480963 CET	53	61798	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.625226021 CET	57406	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.633982897 CET	53	57406	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.634591103 CET	59844	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.645025015 CET	53	59844	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.645836115 CET	49167	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.656105042 CET	53	49167	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.656860113 CET	49250	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.667375088 CET	53	49250	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.668231010 CET	49479	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.678309917 CET	53	49479	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.679022074 CET	54802	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.709333897 CET	53	54802	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.713093042 CET	55867	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.722807884 CET	53	55867	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.723561049 CET	62039	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.754962921 CET	53	62039	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.755954981 CET	52643	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.787257910 CET	53	52643	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.788023949 CET	62808	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.797873974 CET	53	62808	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.798491955 CET	60223	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.829876900 CET	53	60223	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.830826044 CET	59037	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.840529919 CET	53	59037	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:39.841181040 CET	49156	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:39.999171019 CET	53	49156	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.003523111 CET	54367	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.014547110 CET	53	54367	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.016187906 CET	53308	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.025840044 CET	53	53308	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.027242899 CET	59696	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.058773994 CET	53	59696	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.060195923 CET	52082	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.092169046 CET	53	52082	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.093523026 CET	54892	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.103954077 CET	53	54892	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.105321884 CET	59672	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.135814905 CET	53	59672	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.140872955 CET	51742	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.150938988 CET	53	51742	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.152597904 CET	55665	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.183442116 CET	53	55665	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.185286999 CET	55978	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.196041107 CET	53	55978	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.196737051 CET	53235	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.206978083 CET	53	53235	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.208560944 CET	55967	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.219176054 CET	53	55967	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.220096111 CET	52988	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.250006914 CET	53	52988	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.250936985 CET	50880	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.261003971 CET	53	50880	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.261888027 CET	52566	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.272048950 CET	53	52566	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:40.273267984 CET	50692	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:40.283937931 CET	53	50692	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:44.785115004 CET	63557	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:44.794961929 CET	53	63557	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:44.795737982 CET	64275	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:44.825728893 CET	53	64275	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:44.826673031 CET	53260	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:44.857304096 CET	53	53260	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:44.858179092 CET	57575	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:45.016032934 CET	53	57575	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:46.878249884 CET	60264	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:46.888567924 CET	53	60264	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:46.889436007 CET	53372	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:46.899014950 CET	53	53372	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:46.900569916 CET	62932	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:46.910420895 CET	53	62932	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:46.911206007 CET	59677	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:46.921565056 CET	53	59677	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:46.922133923 CET	56782	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:46.932048082 CET	53	56782	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:46.932650089 CET	58287	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:46.964307070 CET	53	58287	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:46.965117931 CET	57930	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:46.975925922 CET	53	57930	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:46.977389097 CET	53665	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.008898973 CET	53	53665	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.009812117 CET	53225	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.020934105 CET	53	53225	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.025804043 CET	55701	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.057761908 CET	53	55701	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.058914900 CET	51244	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.069180965 CET	53	51244	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.070441008 CET	63374	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.080049038 CET	53	63374	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.081197977 CET	64645	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.090245962 CET	53	64645	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.091440916 CET	49788	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.100975037 CET	53	49788	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.101891994 CET	64284	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.112715006 CET	53	64284	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.113924980 CET	57068	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.123624086 CET	53	57068	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.124409914 CET	51467	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.134490013 CET	53	51467	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.137094021 CET	55423	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.147768974 CET	53	55423	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.148627043 CET	57047	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.158231020 CET	53	57047	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.159252882 CET	63021	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.317078114 CET	53	63021	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.323642015 CET	53494	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.333159924 CET	53	53494	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.337626934 CET	57996	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.346859932 CET	53	57996	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.349085093 CET	59321	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.359200001 CET	53	59321	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.360521078 CET	58566	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.391850948 CET	53	58566	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.396625996 CET	62856	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.427040100 CET	53	62856	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.430805922 CET	62621	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.440474987 CET	53	62621	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.450628996 CET	52285	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.460886955 CET	53	52285	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.468861103 CET	64422	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.626652002 CET	53	64422	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.631702900 CET	53819	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.641220093 CET	53	53819	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.642236948 CET	65381	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.651303053 CET	53	65381	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.652211905 CET	64451	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.662198067 CET	53	64451	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.662960052 CET	58452	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.670053005 CET	53	58452	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.670825005 CET	60111	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.680713892 CET	53	60111	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.681524038 CET	51020	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.690711021 CET	53	51020	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.691396952 CET	61024	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.723037004 CET	53	61024	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.723814011 CET	56403	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.755445004 CET	53	56403	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.759733915 CET	63178	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.770122051 CET	53	63178	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.771286011 CET	50223	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.780349970 CET	53	50223	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.782613039 CET	63146	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.792092085 CET	53	63146	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.794563055 CET	59561	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.826440096 CET	53	59561	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.827552080 CET	58886	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.837580919 CET	53	58886	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.838655949 CET	53449	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.847717047 CET	53	53449	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.848620892 CET	54616	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.858257055 CET	53	54616	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.859141111 CET	60692	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.869313955 CET	53	60692	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.870167017 CET	57861	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.880875111 CET	53	57861	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.881753922 CET	65462	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.891768932 CET	53	65462	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.892723083 CET	57266	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.922178984 CET	53	57266	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.925774097 CET	51505	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.956765890 CET	53	51505	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.957763910 CET	55667	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:47.988411903 CET	53	55667	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:47.989402056 CET	52425	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.001230955 CET	53	52425	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.002316952 CET	58632	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.012079000 CET	53	58632	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.013252020 CET	49255	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.022928953 CET	53	49255	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.024456978 CET	62647	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.033988953 CET	53	62647	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.035420895 CET	64831	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.045491934 CET	53	64831	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.046385050 CET	56670	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.076776028 CET	53	56670	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.081270933 CET	62608	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.091249943 CET	53	62608	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.092498064 CET	55555	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.102410078 CET	53	55555	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.103257895 CET	58241	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.266500950 CET	53	58241	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.270469904 CET	54000	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.301786900 CET	53	54000	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.303487062 CET	55866	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.467585087 CET	53	55866	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.475518942 CET	65133	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.485132933 CET	53	65133	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.488338947 CET	64234	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.497895956 CET	53	64234	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.500349998 CET	56952	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.509994030 CET	53	56952	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.512448072 CET	59253	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.521316051 CET	53	59253	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.521940947 CET	56979	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.531748056 CET	53	56979	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.536427021 CET	58231	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.546286106 CET	53	58231	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.548486948 CET	61794	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.559323072 CET	53	61794	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.560113907 CET	59796	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.570519924 CET	53	59796	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.571177006 CET	61325	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.580209017 CET	53	61325	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.580735922 CET	63995	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.590986967 CET	53	63995	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.591589928 CET	65026	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.600219011 CET	53	65026	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.602644920 CET	50379	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.616590977 CET	53	50379	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.620189905 CET	59216	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.629952908 CET	53	59216	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.632019997 CET	56162	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.662926912 CET	53	56162	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.664334059 CET	61976	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.676250935 CET	53	61976	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.676862001 CET	58251	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.685978889 CET	53	58251	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.686489105 CET	60337	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.696657896 CET	53	60337	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.697165966 CET	60716	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.706851959 CET	53	60716	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:48.707348108 CET	53224	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:48.861963987 CET	53	53224	1.1.1.1	192.168.2.4
Nov 7, 2024 13:08:49.010730982 CET	54976	53	192.168.2.4	1.1.1.1
Nov 7, 2024 13:08:49.427284956 CET	53	54976	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 7, 2024 13:06:44.997041941 CET	192.168.2.4	1.1.1.1	0x6cd7	Standard query (0)	difficultdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:45.029742956 CET	192.168.2.4	1.1.1.1	0x8183	Standard query (0)	hearddivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:45.123565912 CET	192.168.2.4	1.1.1.1	0x2403	Standard query (0)	pleasantstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.372740984 CET	192.168.2.4	1.1.1.1	0xc3d9	Standard query (0)	necessarystream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.406099081 CET	192.168.2.4	1.1.1.1	0x1ad3	Standard query (0)	pleasantnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.415860891 CET	192.168.2.4	1.1.1.1	0xf778	Standard query (0)	necessarynothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.446638107 CET	192.168.2.4	1.1.1.1	0xdbaa	Standard query (0)	pleasantbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.478131056 CET	192.168.2.4	1.1.1.1	0x1197	Standard query (0)	necessarybottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.508883953 CET	192.168.2.4	1.1.1.1	0xb660	Standard query (0)	pleasantdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.542465925 CET	192.168.2.4	1.1.1.1	0x260d	Standard query (0)	necessarydivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.574208975 CET	192.168.2.4	1.1.1.1	0x2b54	Standard query (0)	orderstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.869891882 CET	192.168.2.4	1.1.1.1	0x94ed	Standard query (0)	requirestream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.902776957 CET	192.168.2.4	1.1.1.1	0xec15	Standard query (0)	ordernothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.913011074 CET	192.168.2.4	1.1.1.1	0xd129	Standard query (0)	requirenothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.924098969 CET	192.168.2.4	1.1.1.1	0x321d	Standard query (0)	orderbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.935129881 CET	192.168.2.4	1.1.1.1	0x7c33	Standard query (0)	requirebottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.966886044 CET	192.168.2.4	1.1.1.1	0x774c	Standard query (0)	orderdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.977287054 CET	192.168.2.4	1.1.1.1	0x3353	Standard query (0)	requiredivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.987193108 CET	192.168.2.4	1.1.1.1	0xf370	Standard query (0)	leaderstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.382293940 CET	192.168.2.4	1.1.1.1	0x5612	Standard query (0)	heavenstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.392904997 CET	192.168.2.4	1.1.1.1	0xf9e	Standard query (0)	leadernothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.410286903 CET	192.168.2.4	1.1.1.1	0xf9f7	Standard query (0)	heavennothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.421776056 CET	192.168.2.4	1.1.1.1	0xe775	Standard query (0)	leaderbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.453483105 CET	192.168.2.4	1.1.1.1	0x106c	Standard query (0)	heavenbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.463951111 CET	192.168.2.4	1.1.1.1	0x7062	Standard query (0)	leaderdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.474531889 CET	192.168.2.4	1.1.1.1	0x624	Standard query (0)	heavendivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.507837057 CET	192.168.2.4	1.1.1.1	0x6482	Standard query (0)	heavystream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.517724991 CET	192.168.2.4	1.1.1.1	0xf94c	Standard query (0)	gentlestream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.527607918 CET	192.168.2.4	1.1.1.1	0x6483	Standard query (0)	heavynothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.559097052 CET	192.168.2.4	1.1.1.1	0x91f	Standard query (0)	gentlenothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.591057062 CET	192.168.2.4	1.1.1.1	0xb01e	Standard query (0)	heavybottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.601711988 CET	192.168.2.4	1.1.1.1	0x2efa	Standard query (0)	gentlebottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.633083105 CET	192.168.2.4	1.1.1.1	0xae24	Standard query (0)	heavydivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.642637968 CET	192.168.2.4	1.1.1.1	0xbfac	Standard query (0)	gentledivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.653161049 CET	192.168.2.4	1.1.1.1	0xd13	Standard query (0)	variousstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:50.625765085 CET	192.168.2.4	1.1.1.1	0x164b	Standard query (0)	returnstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:50.635843992 CET	192.168.2.4	1.1.1.1	0x1664	Standard query (0)	variousnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:50.647250891 CET	192.168.2.4	1.1.1.1	0xe969	Standard query (0)	returnnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:50.813476086 CET	192.168.2.4	1.1.1.1	0x370f	Standard query (0)	variousbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:50.847502947 CET	192.168.2.4	1.1.1.1	0x1749	Standard query (0)	returnbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:52.913860083 CET	192.168.2.4	1.1.1.1	0x7471	Standard query (0)	variousdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:52.924273968 CET	192.168.2.4	1.1.1.1	0x3f48	Standard query (0)	returndivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:52.935017109 CET	192.168.2.4	1.1.1.1	0xa025	Standard query (0)	degreemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.099397898 CET	192.168.2.4	1.1.1.1	0xee8f	Standard query (0)	forwardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.124334097 CET	192.168.2.4	1.1.1.1	0x5cdd	Standard query (0)	degreeanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.160398960 CET	192.168.2.4	1.1.1.1	0x8be7	Standard query (0)	forwardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.175493956 CET	192.168.2.4	1.1.1.1	0x5b9d	Standard query (0)	degreebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.185480118 CET	192.168.2.4	1.1.1.1	0x1114	Standard query (0)	forwardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.196157932 CET	192.168.2.4	1.1.1.1	0x998	Standard query (0)	degreeappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.213460922 CET	192.168.2.4	1.1.1.1	0xcd31	Standard query (0)	forwardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.224220037 CET	192.168.2.4	1.1.1.1	0x5650	Standard query (0)	answermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.236377954 CET	192.168.2.4	1.1.1.1	0x88f2	Standard query (0)	glassmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.246218920 CET	192.168.2.4	1.1.1.1	0x95fb	Standard query (0)	answeranother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.278326035 CET	192.168.2.4	1.1.1.1	0x9d40	Standard query (0)	glassanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.315196991 CET	192.168.2.4	1.1.1.1	0xa248	Standard query (0)	answerbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.343626976 CET	192.168.2.4	1.1.1.1	0x7bd	Standard query (0)	glassbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.376688957 CET	192.168.2.4	1.1.1.1	0xa78c	Standard query (0)	answerappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.387612104 CET	192.168.2.4	1.1.1.1	0xfc71	Standard query (0)	glassappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.398966074 CET	192.168.2.4	1.1.1.1	0x3958	Standard query (0)	difficultmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.408324003 CET	192.168.2.4	1.1.1.1	0x4691	Standard query (0)	heardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.440927029 CET	192.168.2.4	1.1.1.1	0xdffe	Standard query (0)	difficultanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.453433990 CET	192.168.2.4	1.1.1.1	0xf42f	Standard query (0)	heardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.463874102 CET	192.168.2.4	1.1.1.1	0xa606	Standard query (0)	difficultbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.475806952 CET	192.168.2.4	1.1.1.1	0xea05	Standard query (0)	heardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.489559889 CET	192.168.2.4	1.1.1.1	0xf49c	Standard query (0)	difficultappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.501336098 CET	192.168.2.4	1.1.1.1	0x7c38	Standard query (0)	heardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.511682034 CET	192.168.2.4	1.1.1.1	0x7a56	Standard query (0)	pleasantmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.557284117 CET	192.168.2.4	1.1.1.1	0x498d	Standard query (0)	necessarymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.627861977 CET	192.168.2.4	1.1.1.1	0x7e81	Standard query (0)	pleasantanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.640057087 CET	192.168.2.4	1.1.1.1	0xc69	Standard query (0)	necessaryanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.732877016 CET	192.168.2.4	1.1.1.1	0xbd3d	Standard query (0)	pleasantbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.791992903 CET	192.168.2.4	1.1.1.1	0x60fc	Standard query (0)	necessarybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.979110956 CET	192.168.2.4	1.1.1.1	0xe8d6	Standard query (0)	pleasantappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.081970930 CET	192.168.2.4	1.1.1.1	0x1eca	Standard query (0)	necessaryappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.113344908 CET	192.168.2.4	1.1.1.1	0xd3fd	Standard query (0)	ordermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.124022007 CET	192.168.2.4	1.1.1.1	0x9ee5	Standard query (0)	requiremanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.134260893 CET	192.168.2.4	1.1.1.1	0xa509	Standard query (0)	orderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.301388025 CET	192.168.2.4	1.1.1.1	0xb7cc	Standard query (0)	requireanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.332840919 CET	192.168.2.4	1.1.1.1	0x257d	Standard query (0)	orderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.344001055 CET	192.168.2.4	1.1.1.1	0x95e7	Standard query (0)	requirebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.376256943 CET	192.168.2.4	1.1.1.1	0x1e0	Standard query (0)	orderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.408268929 CET	192.168.2.4	1.1.1.1	0x95e6	Standard query (0)	requireappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.417861938 CET	192.168.2.4	1.1.1.1	0x7c28	Standard query (0)	leadermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.595673084 CET	192.168.2.4	1.1.1.1	0xac9d	Standard query (0)	heavenmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.606803894 CET	192.168.2.4	1.1.1.1	0xf3d6	Standard query (0)	leaderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:07.328124046 CET	192.168.2.4	1.1.1.1	0x61ff	Standard query (0)	hearddivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.776973963 CET	192.168.2.4	1.1.1.1	0x11d9	Standard query (0)	necessarystream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.788595915 CET	192.168.2.4	1.1.1.1	0x2f50	Standard query (0)	pleasantnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.820312977 CET	192.168.2.4	1.1.1.1	0xd86d	Standard query (0)	necessarynothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.831265926 CET	192.168.2.4	1.1.1.1	0x14a1	Standard query (0)	pleasantbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.843883038 CET	192.168.2.4	1.1.1.1	0xf887	Standard query (0)	necessarybottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.855673075 CET	192.168.2.4	1.1.1.1	0x4364	Standard query (0)	pleasantdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.867002010 CET	192.168.2.4	1.1.1.1	0x8887	Standard query (0)	necessarydivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.075984955 CET	192.168.2.4	1.1.1.1	0x8530	Standard query (0)	requirestream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.107024908 CET	192.168.2.4	1.1.1.1	0x43e7	Standard query (0)	ordernothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.117285013 CET	192.168.2.4	1.1.1.1	0x1b41	Standard query (0)	requirenothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.126801968 CET	192.168.2.4	1.1.1.1	0xc085	Standard query (0)	orderbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.158626080 CET	192.168.2.4	1.1.1.1	0x99c9	Standard query (0)	requirebottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.189234018 CET	192.168.2.4	1.1.1.1	0xff4a	Standard query (0)	orderdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.202394962 CET	192.168.2.4	1.1.1.1	0x29c7	Standard query (0)	requiredivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.213316917 CET	192.168.2.4	1.1.1.1	0x5f2	Standard query (0)	leaderstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.412719011 CET	192.168.2.4	1.1.1.1	0x7947	Standard query (0)	heavenstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.423654079 CET	192.168.2.4	1.1.1.1	0xc178	Standard query (0)	leadernothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.435358047 CET	192.168.2.4	1.1.1.1	0xb195	Standard query (0)	heavennothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.448412895 CET	192.168.2.4	1.1.1.1	0x4d9f	Standard query (0)	leaderbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.480374098 CET	192.168.2.4	1.1.1.1	0xd720	Standard query (0)	heavenbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.490715981 CET	192.168.2.4	1.1.1.1	0x5731	Standard query (0)	leaderdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.500989914 CET	192.168.2.4	1.1.1.1	0xfd35	Standard query (0)	heavendivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.511904001 CET	192.168.2.4	1.1.1.1	0xfce1	Standard query (0)	heavystream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.521671057 CET	192.168.2.4	1.1.1.1	0xe1a2	Standard query (0)	gentlestream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.535250902 CET	192.168.2.4	1.1.1.1	0x2d7	Standard query (0)	heavynothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.705746889 CET	192.168.2.4	1.1.1.1	0x9e38	Standard query (0)	gentlenothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.716706038 CET	192.168.2.4	1.1.1.1	0xdf7d	Standard query (0)	heavybottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.748747110 CET	192.168.2.4	1.1.1.1	0x8060	Standard query (0)	gentlebottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.782423973 CET	192.168.2.4	1.1.1.1	0x75d3	Standard query (0)	heavydivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.792808056 CET	192.168.2.4	1.1.1.1	0x2d49	Standard query (0)	gentledivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:11.594094038 CET	192.168.2.4	1.1.1.1	0x1c18	Standard query (0)	returnstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:11.605582952 CET	192.168.2.4	1.1.1.1	0x6313	Standard query (0)	variousnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:11.638513088 CET	192.168.2.4	1.1.1.1	0x3899	Standard query (0)	returnnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:11.648509026 CET	192.168.2.4	1.1.1.1	0xdb93	Standard query (0)	variousbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.092276096 CET	192.168.2.4	1.1.1.1	0x1ab7	Standard query (0)	variousdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.123842001 CET	192.168.2.4	1.1.1.1	0xcdc9	Standard query (0)	returndivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.133770943 CET	192.168.2.4	1.1.1.1	0xbc40	Standard query (0)	degreemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.144896984 CET	192.168.2.4	1.1.1.1	0x38be	Standard query (0)	forwardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.155183077 CET	192.168.2.4	1.1.1.1	0x6f55	Standard query (0)	degreeanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.166043997 CET	192.168.2.4	1.1.1.1	0x597a	Standard query (0)	forwardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.175409079 CET	192.168.2.4	1.1.1.1	0xf8f2	Standard query (0)	degreebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.209176064 CET	192.168.2.4	1.1.1.1	0xd79d	Standard query (0)	forwardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.219585896 CET	192.168.2.4	1.1.1.1	0x6927	Standard query (0)	degreeappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.231368065 CET	192.168.2.4	1.1.1.1	0xeef2	Standard query (0)	forwardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.263751984 CET	192.168.2.4	1.1.1.1	0x1dc1	Standard query (0)	answermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.273929119 CET	192.168.2.4	1.1.1.1	0xd5a6	Standard query (0)	glassmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.285459042 CET	192.168.2.4	1.1.1.1	0x3c82	Standard query (0)	answeranother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.296207905 CET	192.168.2.4	1.1.1.1	0xf965	Standard query (0)	glassanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.306376934 CET	192.168.2.4	1.1.1.1	0xc267	Standard query (0)	answerbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.317698956 CET	192.168.2.4	1.1.1.1	0xdf2b	Standard query (0)	glassbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.328434944 CET	192.168.2.4	1.1.1.1	0xaf21	Standard query (0)	answerappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.339046001 CET	192.168.2.4	1.1.1.1	0x65	Standard query (0)	glassappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.349188089 CET	192.168.2.4	1.1.1.1	0x3654	Standard query (0)	difficultmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.359237909 CET	192.168.2.4	1.1.1.1	0x1a8b	Standard query (0)	heardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.369215965 CET	192.168.2.4	1.1.1.1	0x7bd6	Standard query (0)	difficultanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.400631905 CET	192.168.2.4	1.1.1.1	0xd872	Standard query (0)	heardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.438642025 CET	192.168.2.4	1.1.1.1	0x7489	Standard query (0)	difficultbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.448971033 CET	192.168.2.4	1.1.1.1	0x6dad	Standard query (0)	heardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.459454060 CET	192.168.2.4	1.1.1.1	0x7840	Standard query (0)	difficultappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.624103069 CET	192.168.2.4	1.1.1.1	0x5635	Standard query (0)	heardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.638498068 CET	192.168.2.4	1.1.1.1	0x168a	Standard query (0)	pleasantmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.648652077 CET	192.168.2.4	1.1.1.1	0x2a3a	Standard query (0)	necessarymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.659190893 CET	192.168.2.4	1.1.1.1	0x5293	Standard query (0)	pleasantanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.669658899 CET	192.168.2.4	1.1.1.1	0x855b	Standard query (0)	necessaryanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.681061983 CET	192.168.2.4	1.1.1.1	0xc029	Standard query (0)	pleasantbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.691776037 CET	192.168.2.4	1.1.1.1	0xe5cf	Standard query (0)	necessarybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.703110933 CET	192.168.2.4	1.1.1.1	0xed6a	Standard query (0)	pleasantappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.714185953 CET	192.168.2.4	1.1.1.1	0x8d1e	Standard query (0)	necessaryappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.746870995 CET	192.168.2.4	1.1.1.1	0x8fb7	Standard query (0)	ordermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.757776022 CET	192.168.2.4	1.1.1.1	0x2c6b	Standard query (0)	requiremanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.769197941 CET	192.168.2.4	1.1.1.1	0x930a	Standard query (0)	orderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.928273916 CET	192.168.2.4	1.1.1.1	0xb2e7	Standard query (0)	requireanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.941894054 CET	192.168.2.4	1.1.1.1	0xfb9a	Standard query (0)	orderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.974400997 CET	192.168.2.4	1.1.1.1	0x98ff	Standard query (0)	requirebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.006298065 CET	192.168.2.4	1.1.1.1	0xb9d4	Standard query (0)	orderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.016681910 CET	192.168.2.4	1.1.1.1	0x1336	Standard query (0)	requireappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.026096106 CET	192.168.2.4	1.1.1.1	0xd536	Standard query (0)	leadermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.037822008 CET	192.168.2.4	1.1.1.1	0xdc0	Standard query (0)	heavenmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.047785044 CET	192.168.2.4	1.1.1.1	0xe60d	Standard query (0)	leaderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.081480980 CET	192.168.2.4	1.1.1.1	0xb863	Standard query (0)	heavenanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.603975058 CET	192.168.2.4	1.1.1.1	0xf3ef	Standard query (0)	requirestream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.614985943 CET	192.168.2.4	1.1.1.1	0x1cb7	Standard query (0)	ordernothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.648267031 CET	192.168.2.4	1.1.1.1	0x8d28	Standard query (0)	requirenothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.680943966 CET	192.168.2.4	1.1.1.1	0xb3b5	Standard query (0)	orderbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.691617966 CET	192.168.2.4	1.1.1.1	0xe917	Standard query (0)	requirebottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.701981068 CET	192.168.2.4	1.1.1.1	0x1a90	Standard query (0)	orderdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.711402893 CET	192.168.2.4	1.1.1.1	0xd935	Standard query (0)	requiredivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.721617937 CET	192.168.2.4	1.1.1.1	0x7b66	Standard query (0)	leaderstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.768165112 CET	192.168.2.4	1.1.1.1	0x566d	Standard query (0)	heavenstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.778449059 CET	192.168.2.4	1.1.1.1	0x4230	Standard query (0)	leadernothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.792237043 CET	192.168.2.4	1.1.1.1	0x164c	Standard query (0)	heavennothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.802994967 CET	192.168.2.4	1.1.1.1	0xc3f6	Standard query (0)	leaderbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.835186958 CET	192.168.2.4	1.1.1.1	0x53d1	Standard query (0)	heavenbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.846442938 CET	192.168.2.4	1.1.1.1	0xf737	Standard query (0)	leaderdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.856311083 CET	192.168.2.4	1.1.1.1	0x514a	Standard query (0)	heavendivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.867038965 CET	192.168.2.4	1.1.1.1	0x403d	Standard query (0)	heavystream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.877288103 CET	192.168.2.4	1.1.1.1	0xd621	Standard query (0)	gentlestream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.908673048 CET	192.168.2.4	1.1.1.1	0xc81e	Standard query (0)	heavynothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.919069052 CET	192.168.2.4	1.1.1.1	0x2088	Standard query (0)	gentlenothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.927005053 CET	192.168.2.4	1.1.1.1	0x65aa	Standard query (0)	heavybottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.937072992 CET	192.168.2.4	1.1.1.1	0xd9b	Standard query (0)	gentlebottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.952356100 CET	192.168.2.4	1.1.1.1	0xb1e0	Standard query (0)	heavydivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.984905005 CET	192.168.2.4	1.1.1.1	0x11e8	Standard query (0)	gentledivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:19.644350052 CET	192.168.2.4	1.1.1.1	0xebf	Standard query (0)	returnstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:19.675137997 CET	192.168.2.4	1.1.1.1	0xf2e2	Standard query (0)	variousnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:19.707969904 CET	192.168.2.4	1.1.1.1	0x2e55	Standard query (0)	returnnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:19.743107080 CET	192.168.2.4	1.1.1.1	0x2157	Standard query (0)	variousbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.176717043 CET	192.168.2.4	1.1.1.1	0xe562	Standard query (0)	variousdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.209104061 CET	192.168.2.4	1.1.1.1	0x16d9	Standard query (0)	returndivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.219980001 CET	192.168.2.4	1.1.1.1	0xb66	Standard query (0)	degreemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.230148077 CET	192.168.2.4	1.1.1.1	0xcbbe	Standard query (0)	forwardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.240770102 CET	192.168.2.4	1.1.1.1	0x362	Standard query (0)	degreeanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.271924019 CET	192.168.2.4	1.1.1.1	0x5c25	Standard query (0)	forwardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.283845901 CET	192.168.2.4	1.1.1.1	0x6cb8	Standard query (0)	degreebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.319665909 CET	192.168.2.4	1.1.1.1	0xce25	Standard query (0)	forwardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.479578972 CET	192.168.2.4	1.1.1.1	0xd3f2	Standard query (0)	degreeappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.512418032 CET	192.168.2.4	1.1.1.1	0x4f1b	Standard query (0)	forwardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.530080080 CET	192.168.2.4	1.1.1.1	0x760a	Standard query (0)	answermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.543339968 CET	192.168.2.4	1.1.1.1	0xfbf7	Standard query (0)	glassmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.553808928 CET	192.168.2.4	1.1.1.1	0x1490	Standard query (0)	answeranother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.564012051 CET	192.168.2.4	1.1.1.1	0x8377	Standard query (0)	glassanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.596565008 CET	192.168.2.4	1.1.1.1	0xe207	Standard query (0)	answerbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.608304977 CET	192.168.2.4	1.1.1.1	0xb8aa	Standard query (0)	glassbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.618643045 CET	192.168.2.4	1.1.1.1	0xe4e8	Standard query (0)	answerappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.628237009 CET	192.168.2.4	1.1.1.1	0xd1ad	Standard query (0)	glassappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.661303043 CET	192.168.2.4	1.1.1.1	0x9aab	Standard query (0)	difficultmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.672255039 CET	192.168.2.4	1.1.1.1	0xc545	Standard query (0)	heardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.707354069 CET	192.168.2.4	1.1.1.1	0x6e	Standard query (0)	difficultanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.720505953 CET	192.168.2.4	1.1.1.1	0xf714	Standard query (0)	heardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.730683088 CET	192.168.2.4	1.1.1.1	0x1d30	Standard query (0)	difficultbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.765237093 CET	192.168.2.4	1.1.1.1	0x62c9	Standard query (0)	heardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.777962923 CET	192.168.2.4	1.1.1.1	0x4245	Standard query (0)	difficultappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.789434910 CET	192.168.2.4	1.1.1.1	0xa242	Standard query (0)	heardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.799583912 CET	192.168.2.4	1.1.1.1	0xbbf4	Standard query (0)	pleasantmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.831649065 CET	192.168.2.4	1.1.1.1	0x20b7	Standard query (0)	necessarymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.865169048 CET	192.168.2.4	1.1.1.1	0x4356	Standard query (0)	pleasantanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.875278950 CET	192.168.2.4	1.1.1.1	0xc265	Standard query (0)	necessaryanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.908991098 CET	192.168.2.4	1.1.1.1	0x509f	Standard query (0)	pleasantbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.921402931 CET	192.168.2.4	1.1.1.1	0x1fe6	Standard query (0)	necessarybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.932156086 CET	192.168.2.4	1.1.1.1	0xc44c	Standard query (0)	pleasantappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.967540026 CET	192.168.2.4	1.1.1.1	0x9790	Standard query (0)	necessaryappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.978552103 CET	192.168.2.4	1.1.1.1	0x319	Standard query (0)	ordermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.989363909 CET	192.168.2.4	1.1.1.1	0x2529	Standard query (0)	requiremanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.999555111 CET	192.168.2.4	1.1.1.1	0xfaf4	Standard query (0)	orderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.033946991 CET	192.168.2.4	1.1.1.1	0x92af	Standard query (0)	requireanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.046344995 CET	192.168.2.4	1.1.1.1	0x2168	Standard query (0)	orderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.080202103 CET	192.168.2.4	1.1.1.1	0xac15	Standard query (0)	requirebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.091473103 CET	192.168.2.4	1.1.1.1	0x4b45	Standard query (0)	orderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.103569984 CET	192.168.2.4	1.1.1.1	0x55d1	Standard query (0)	requireappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.116292000 CET	192.168.2.4	1.1.1.1	0x803e	Standard query (0)	leadermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.148530960 CET	192.168.2.4	1.1.1.1	0xe1c1	Standard query (0)	heavenmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.159491062 CET	192.168.2.4	1.1.1.1	0xd1c0	Standard query (0)	leaderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.194658995 CET	192.168.2.4	1.1.1.1	0x9ed6	Standard query (0)	heavenanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.205116987 CET	192.168.2.4	1.1.1.1	0x24df	Standard query (0)	leaderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.216973066 CET	192.168.2.4	1.1.1.1	0xb5b1	Standard query (0)	heavenbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.250852108 CET	192.168.2.4	1.1.1.1	0xa932	Standard query (0)	leaderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.263560057 CET	192.168.2.4	1.1.1.1	0x8ec8	Standard query (0)	heavenappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.295326948 CET	192.168.2.4	1.1.1.1	0x4c1f	Standard query (0)	heavymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.305728912 CET	192.168.2.4	1.1.1.1	0x9c1	Standard query (0)	gentlemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.318192005 CET	192.168.2.4	1.1.1.1	0x6ab2	Standard query (0)	heavyanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.328036070 CET	192.168.2.4	1.1.1.1	0xa0e7	Standard query (0)	gentleanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.340936899 CET	192.168.2.4	1.1.1.1	0xcd42	Standard query (0)	heavybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.356678963 CET	192.168.2.4	1.1.1.1	0xc20f	Standard query (0)	gentlebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.867815971 CET	192.168.2.4	1.1.1.1	0x2b2c	Standard query (0)	heavenstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.878074884 CET	192.168.2.4	1.1.1.1	0x2dd3	Standard query (0)	leadernothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.887767076 CET	192.168.2.4	1.1.1.1	0x9c32	Standard query (0)	heavennothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.899286985 CET	192.168.2.4	1.1.1.1	0xc134	Standard query (0)	leaderbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.910790920 CET	192.168.2.4	1.1.1.1	0x5c6d	Standard query (0)	heavenbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.920326948 CET	192.168.2.4	1.1.1.1	0x8905	Standard query (0)	leaderdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.079813957 CET	192.168.2.4	1.1.1.1	0x44b1	Standard query (0)	heavendivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.089592934 CET	192.168.2.4	1.1.1.1	0x59fa	Standard query (0)	heavystream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.099349976 CET	192.168.2.4	1.1.1.1	0x2f9f	Standard query (0)	gentlestream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.109579086 CET	192.168.2.4	1.1.1.1	0x9921	Standard query (0)	heavynothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.142201900 CET	192.168.2.4	1.1.1.1	0x3711	Standard query (0)	gentlenothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.152697086 CET	192.168.2.4	1.1.1.1	0xeee1	Standard query (0)	heavybottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.163588047 CET	192.168.2.4	1.1.1.1	0x4e0f	Standard query (0)	gentlebottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.175669909 CET	192.168.2.4	1.1.1.1	0x908b	Standard query (0)	heavydivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.186652899 CET	192.168.2.4	1.1.1.1	0x85a4	Standard query (0)	gentledivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.881220102 CET	192.168.2.4	1.1.1.1	0xc40d	Standard query (0)	returnstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.893626928 CET	192.168.2.4	1.1.1.1	0x4a3f	Standard query (0)	variousnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.926412106 CET	192.168.2.4	1.1.1.1	0x6741	Standard query (0)	returnnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.967947960 CET	192.168.2.4	1.1.1.1	0x9d10	Standard query (0)	variousbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.462798119 CET	192.168.2.4	1.1.1.1	0xc754	Standard query (0)	variousdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.473263979 CET	192.168.2.4	1.1.1.1	0xefcb	Standard query (0)	returndivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.484061003 CET	192.168.2.4	1.1.1.1	0x4fa7	Standard query (0)	degreemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.493877888 CET	192.168.2.4	1.1.1.1	0x34ae	Standard query (0)	forwardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.504348040 CET	192.168.2.4	1.1.1.1	0x147a	Standard query (0)	degreeanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.514786959 CET	192.168.2.4	1.1.1.1	0xad98	Standard query (0)	forwardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.546009064 CET	192.168.2.4	1.1.1.1	0x6f82	Standard query (0)	degreebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.556298971 CET	192.168.2.4	1.1.1.1	0xe43f	Standard query (0)	forwardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.565855026 CET	192.168.2.4	1.1.1.1	0x42be	Standard query (0)	degreeappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.576231956 CET	192.168.2.4	1.1.1.1	0x4afb	Standard query (0)	forwardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.586858988 CET	192.168.2.4	1.1.1.1	0xc7a5	Standard query (0)	answermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.596282005 CET	192.168.2.4	1.1.1.1	0x214f	Standard query (0)	glassmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.607553959 CET	192.168.2.4	1.1.1.1	0xb335	Standard query (0)	answeranother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.621619940 CET	192.168.2.4	1.1.1.1	0x5a1b	Standard query (0)	glassanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.631962061 CET	192.168.2.4	1.1.1.1	0xc4c9	Standard query (0)	answerbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.665539026 CET	192.168.2.4	1.1.1.1	0x7266	Standard query (0)	glassbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.675848007 CET	192.168.2.4	1.1.1.1	0xdca3	Standard query (0)	answerappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.707695961 CET	192.168.2.4	1.1.1.1	0x6d3	Standard query (0)	glassappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.718769073 CET	192.168.2.4	1.1.1.1	0x1894	Standard query (0)	difficultmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.728286982 CET	192.168.2.4	1.1.1.1	0x2b94	Standard query (0)	heardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.738461971 CET	192.168.2.4	1.1.1.1	0x76b2	Standard query (0)	difficultanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.745913029 CET	192.168.2.4	1.1.1.1	0xa8b4	Standard query (0)	heardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.756017923 CET	192.168.2.4	1.1.1.1	0x2a87	Standard query (0)	difficultbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.766587973 CET	192.168.2.4	1.1.1.1	0xd72c	Standard query (0)	heardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.777224064 CET	192.168.2.4	1.1.1.1	0x87	Standard query (0)	difficultappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.787273884 CET	192.168.2.4	1.1.1.1	0xd923	Standard query (0)	heardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.818627119 CET	192.168.2.4	1.1.1.1	0x3afd	Standard query (0)	pleasantmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.851116896 CET	192.168.2.4	1.1.1.1	0xc78c	Standard query (0)	necessarymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.009810925 CET	192.168.2.4	1.1.1.1	0x9a6c	Standard query (0)	pleasantanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.041304111 CET	192.168.2.4	1.1.1.1	0xddb6	Standard query (0)	necessaryanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.051548004 CET	192.168.2.4	1.1.1.1	0xd04e	Standard query (0)	pleasantbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.061666965 CET	192.168.2.4	1.1.1.1	0xedbc	Standard query (0)	necessarybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.222649097 CET	192.168.2.4	1.1.1.1	0x2f1b	Standard query (0)	pleasantappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.254503965 CET	192.168.2.4	1.1.1.1	0xb745	Standard query (0)	necessaryappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.297739983 CET	192.168.2.4	1.1.1.1	0x5595	Standard query (0)	ordermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.308545113 CET	192.168.2.4	1.1.1.1	0x18e1	Standard query (0)	requiremanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.328156948 CET	192.168.2.4	1.1.1.1	0xed72	Standard query (0)	orderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.339831114 CET	192.168.2.4	1.1.1.1	0xeb51	Standard query (0)	requireanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.371227026 CET	192.168.2.4	1.1.1.1	0x2717	Standard query (0)	orderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.381630898 CET	192.168.2.4	1.1.1.1	0x87b3	Standard query (0)	requirebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.393415928 CET	192.168.2.4	1.1.1.1	0x4f69	Standard query (0)	orderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.425765991 CET	192.168.2.4	1.1.1.1	0x25ac	Standard query (0)	requireappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.441030025 CET	192.168.2.4	1.1.1.1	0xbdd5	Standard query (0)	leadermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.452434063 CET	192.168.2.4	1.1.1.1	0x2b0	Standard query (0)	heavenmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.463331938 CET	192.168.2.4	1.1.1.1	0xae53	Standard query (0)	leaderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.474811077 CET	192.168.2.4	1.1.1.1	0x4d68	Standard query (0)	heavenanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.485260963 CET	192.168.2.4	1.1.1.1	0x431a	Standard query (0)	leaderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.496525049 CET	192.168.2.4	1.1.1.1	0x32d1	Standard query (0)	heavenbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.560684919 CET	192.168.2.4	1.1.1.1	0x2d83	Standard query (0)	leaderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.613755941 CET	192.168.2.4	1.1.1.1	0xb669	Standard query (0)	heavenappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.660537958 CET	192.168.2.4	1.1.1.1	0x86e	Standard query (0)	heavymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.670265913 CET	192.168.2.4	1.1.1.1	0x7594	Standard query (0)	gentlemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.705523014 CET	192.168.2.4	1.1.1.1	0xbfe6	Standard query (0)	heavyanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.746264935 CET	192.168.2.4	1.1.1.1	0xf11f	Standard query (0)	gentleanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.756721020 CET	192.168.2.4	1.1.1.1	0xc750	Standard query (0)	heavybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.831301928 CET	192.168.2.4	1.1.1.1	0x79cc	Standard query (0)	gentlebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.916342020 CET	192.168.2.4	1.1.1.1	0xa618	Standard query (0)	heavyappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.005338907 CET	192.168.2.4	1.1.1.1	0xfbd3	Standard query (0)	gentleappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.015861034 CET	192.168.2.4	1.1.1.1	0xb74c	Standard query (0)	variousmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.047507048 CET	192.168.2.4	1.1.1.1	0x6889	Standard query (0)	returnmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.079500914 CET	192.168.2.4	1.1.1.1	0x6d1d	Standard query (0)	variousanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.090591908 CET	192.168.2.4	1.1.1.1	0xf5b1	Standard query (0)	returnanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.103367090 CET	192.168.2.4	1.1.1.1	0xb636	Standard query (0)	variousbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.115056038 CET	192.168.2.4	1.1.1.1	0xba75	Standard query (0)	returnbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.649214029 CET	192.168.2.4	1.1.1.1	0xa5be	Standard query (0)	heavystream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.660631895 CET	192.168.2.4	1.1.1.1	0xfe25	Standard query (0)	gentlestream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.671158075 CET	192.168.2.4	1.1.1.1	0xb3df	Standard query (0)	heavynothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.681516886 CET	192.168.2.4	1.1.1.1	0x5b95	Standard query (0)	gentlenothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.715194941 CET	192.168.2.4	1.1.1.1	0xf5e0	Standard query (0)	heavybottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.726176023 CET	192.168.2.4	1.1.1.1	0xabe	Standard query (0)	gentlebottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.738467932 CET	192.168.2.4	1.1.1.1	0x50ba	Standard query (0)	heavydivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.749026060 CET	192.168.2.4	1.1.1.1	0x49f1	Standard query (0)	gentledivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:36.393743992 CET	192.168.2.4	1.1.1.1	0xf434	Standard query (0)	returnstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:36.405148029 CET	192.168.2.4	1.1.1.1	0x5610	Standard query (0)	variousnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:36.415467978 CET	192.168.2.4	1.1.1.1	0x8963	Standard query (0)	returnnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:36.425743103 CET	192.168.2.4	1.1.1.1	0x5f2f	Standard query (0)	variousbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:37.893115044 CET	192.168.2.4	1.1.1.1	0xf730	Standard query (0)	variousdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.058993101 CET	192.168.2.4	1.1.1.1	0x6d6f	Standard query (0)	returndivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.214920998 CET	192.168.2.4	1.1.1.1	0xef60	Standard query (0)	degreemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.228168011 CET	192.168.2.4	1.1.1.1	0xc999	Standard query (0)	forwardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.260181904 CET	192.168.2.4	1.1.1.1	0xc19e	Standard query (0)	degreeanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.270030022 CET	192.168.2.4	1.1.1.1	0x55ed	Standard query (0)	forwardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.280206919 CET	192.168.2.4	1.1.1.1	0x67c1	Standard query (0)	degreebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.292382002 CET	192.168.2.4	1.1.1.1	0x1e2e	Standard query (0)	forwardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.302475929 CET	192.168.2.4	1.1.1.1	0x7ff7	Standard query (0)	degreeappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.314552069 CET	192.168.2.4	1.1.1.1	0xc13b	Standard query (0)	forwardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.324282885 CET	192.168.2.4	1.1.1.1	0x424f	Standard query (0)	answermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.356350899 CET	192.168.2.4	1.1.1.1	0x4fa9	Standard query (0)	glassmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.367464066 CET	192.168.2.4	1.1.1.1	0xcaf1	Standard query (0)	answeranother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.377262115 CET	192.168.2.4	1.1.1.1	0xb3f9	Standard query (0)	glassanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.387067080 CET	192.168.2.4	1.1.1.1	0xc6d6	Standard query (0)	answerbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.397783995 CET	192.168.2.4	1.1.1.1	0x8ddf	Standard query (0)	glassbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.014065981 CET	192.168.2.4	1.1.1.1	0xa2e7	Standard query (0)	answerappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.046432972 CET	192.168.2.4	1.1.1.1	0xe214	Standard query (0)	glassappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.056847095 CET	192.168.2.4	1.1.1.1	0x15a8	Standard query (0)	difficultmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.066893101 CET	192.168.2.4	1.1.1.1	0x5c7f	Standard query (0)	heardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.077588081 CET	192.168.2.4	1.1.1.1	0xcd2b	Standard query (0)	difficultanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.088450909 CET	192.168.2.4	1.1.1.1	0x2ec6	Standard query (0)	heardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.100049019 CET	192.168.2.4	1.1.1.1	0x672e	Standard query (0)	difficultbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.110388994 CET	192.168.2.4	1.1.1.1	0x6e6b	Standard query (0)	heardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.121646881 CET	192.168.2.4	1.1.1.1	0xa2fa	Standard query (0)	difficultappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.152571917 CET	192.168.2.4	1.1.1.1	0xd0c8	Standard query (0)	heardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.163552999 CET	192.168.2.4	1.1.1.1	0x9282	Standard query (0)	pleasantmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.174506903 CET	192.168.2.4	1.1.1.1	0x3642	Standard query (0)	necessarymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.185058117 CET	192.168.2.4	1.1.1.1	0x2b98	Standard query (0)	pleasantanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.249952078 CET	192.168.2.4	1.1.1.1	0x28fb	Standard query (0)	necessaryanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.263226986 CET	192.168.2.4	1.1.1.1	0xa6e3	Standard query (0)	pleasantbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.295902014 CET	192.168.2.4	1.1.1.1	0x363	Standard query (0)	necessarybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.329194069 CET	192.168.2.4	1.1.1.1	0xea9c	Standard query (0)	pleasantappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.339462042 CET	192.168.2.4	1.1.1.1	0xbc9f	Standard query (0)	necessaryappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.351026058 CET	192.168.2.4	1.1.1.1	0xc456	Standard query (0)	ordermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.515760899 CET	192.168.2.4	1.1.1.1	0x7c29	Standard query (0)	requiremanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.546742916 CET	192.168.2.4	1.1.1.1	0xf77c	Standard query (0)	orderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.558640957 CET	192.168.2.4	1.1.1.1	0xec93	Standard query (0)	requireanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.569042921 CET	192.168.2.4	1.1.1.1	0xfb55	Standard query (0)	orderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.582838058 CET	192.168.2.4	1.1.1.1	0x676b	Standard query (0)	requirebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.592591047 CET	192.168.2.4	1.1.1.1	0x8176	Standard query (0)	orderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.603789091 CET	192.168.2.4	1.1.1.1	0x1b03	Standard query (0)	requireappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.614538908 CET	192.168.2.4	1.1.1.1	0xd210	Standard query (0)	leadermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.625226021 CET	192.168.2.4	1.1.1.1	0xe48c	Standard query (0)	heavenmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.634591103 CET	192.168.2.4	1.1.1.1	0x11b7	Standard query (0)	leaderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.645836115 CET	192.168.2.4	1.1.1.1	0x95dc	Standard query (0)	heavenanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.656860113 CET	192.168.2.4	1.1.1.1	0x508d	Standard query (0)	leaderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.668231010 CET	192.168.2.4	1.1.1.1	0x2b37	Standard query (0)	heavenbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.679022074 CET	192.168.2.4	1.1.1.1	0xc189	Standard query (0)	leaderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.713093042 CET	192.168.2.4	1.1.1.1	0x1763	Standard query (0)	heavenappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.723561049 CET	192.168.2.4	1.1.1.1	0x1676	Standard query (0)	heavymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.755954981 CET	192.168.2.4	1.1.1.1	0x3b8a	Standard query (0)	gentlemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.788023949 CET	192.168.2.4	1.1.1.1	0x2d8c	Standard query (0)	heavyanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.798491955 CET	192.168.2.4	1.1.1.1	0x3279	Standard query (0)	gentleanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.830826044 CET	192.168.2.4	1.1.1.1	0x79d3	Standard query (0)	heavybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.841181040 CET	192.168.2.4	1.1.1.1	0x1ed0	Standard query (0)	gentlebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.003523111 CET	192.168.2.4	1.1.1.1	0x1809	Standard query (0)	heavyappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.016187906 CET	192.168.2.4	1.1.1.1	0xfd35	Standard query (0)	gentleappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.027242899 CET	192.168.2.4	1.1.1.1	0xc29	Standard query (0)	variousmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.060195923 CET	192.168.2.4	1.1.1.1	0x9388	Standard query (0)	returnmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.093523026 CET	192.168.2.4	1.1.1.1	0x2648	Standard query (0)	variousanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.105321884 CET	192.168.2.4	1.1.1.1	0x3754	Standard query (0)	returnanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.140872955 CET	192.168.2.4	1.1.1.1	0xf8d2	Standard query (0)	variousbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.152597904 CET	192.168.2.4	1.1.1.1	0xcbc4	Standard query (0)	returnbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.185286999 CET	192.168.2.4	1.1.1.1	0x331a	Standard query (0)	variousappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.196737051 CET	192.168.2.4	1.1.1.1	0x2738	Standard query (0)	returnappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.208560944 CET	192.168.2.4	1.1.1.1	0x7fa0	Standard query (0)	degreeinstead.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.220096111 CET	192.168.2.4	1.1.1.1	0xde2b	Standard query (0)	forwardinstead.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.250936985 CET	192.168.2.4	1.1.1.1	0x6ec7	Standard query (0)	degreeexplain.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.261888027 CET	192.168.2.4	1.1.1.1	0xd148	Standard query (0)	forwardexplain.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.273267984 CET	192.168.2.4	1.1.1.1	0x76be	Standard query (0)	degreebright.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:44.785115004 CET	192.168.2.4	1.1.1.1	0xb632	Standard query (0)	returnstream.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:44.795737982 CET	192.168.2.4	1.1.1.1	0xd6c0	Standard query (0)	variousnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:44.826673031 CET	192.168.2.4	1.1.1.1	0xa64c	Standard query (0)	returnnothing.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:44.858179092 CET	192.168.2.4	1.1.1.1	0xc5e7	Standard query (0)	variousbottle.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.878249884 CET	192.168.2.4	1.1.1.1	0xf4d4	Standard query (0)	variousdivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.889436007 CET	192.168.2.4	1.1.1.1	0x6af1	Standard query (0)	returndivide.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.900569916 CET	192.168.2.4	1.1.1.1	0xf3e6	Standard query (0)	degreemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.911206007 CET	192.168.2.4	1.1.1.1	0xb4d	Standard query (0)	forwardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.922133923 CET	192.168.2.4	1.1.1.1	0x746e	Standard query (0)	degreeanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.932650089 CET	192.168.2.4	1.1.1.1	0x8f6e	Standard query (0)	forwardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.965117931 CET	192.168.2.4	1.1.1.1	0x4b0b	Standard query (0)	degreebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.977389097 CET	192.168.2.4	1.1.1.1	0xd64d	Standard query (0)	forwardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.009812117 CET	192.168.2.4	1.1.1.1	0x83f6	Standard query (0)	degreeappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.025804043 CET	192.168.2.4	1.1.1.1	0xa1da	Standard query (0)	forwardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.058914900 CET	192.168.2.4	1.1.1.1	0xe5e4	Standard query (0)	answermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.070441008 CET	192.168.2.4	1.1.1.1	0x238e	Standard query (0)	glassmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.081197977 CET	192.168.2.4	1.1.1.1	0x3631	Standard query (0)	answeranother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.091440916 CET	192.168.2.4	1.1.1.1	0x34af	Standard query (0)	glassanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.101891994 CET	192.168.2.4	1.1.1.1	0x77ca	Standard query (0)	answerbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.113924980 CET	192.168.2.4	1.1.1.1	0x1899	Standard query (0)	glassbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.124409914 CET	192.168.2.4	1.1.1.1	0xaed	Standard query (0)	answerappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.137094021 CET	192.168.2.4	1.1.1.1	0xa434	Standard query (0)	glassappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.148627043 CET	192.168.2.4	1.1.1.1	0xe7ec	Standard query (0)	difficultmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.159252882 CET	192.168.2.4	1.1.1.1	0x8cc4	Standard query (0)	heardmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.323642015 CET	192.168.2.4	1.1.1.1	0x1fde	Standard query (0)	difficultanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.337626934 CET	192.168.2.4	1.1.1.1	0x6a0d	Standard query (0)	heardanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.349085093 CET	192.168.2.4	1.1.1.1	0x36d1	Standard query (0)	difficultbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.360521078 CET	192.168.2.4	1.1.1.1	0xbe12	Standard query (0)	heardbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.396625996 CET	192.168.2.4	1.1.1.1	0xfd4	Standard query (0)	difficultappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.430805922 CET	192.168.2.4	1.1.1.1	0xe314	Standard query (0)	heardappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.450628996 CET	192.168.2.4	1.1.1.1	0xcd8f	Standard query (0)	pleasantmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.468861103 CET	192.168.2.4	1.1.1.1	0x33f	Standard query (0)	necessarymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.631702900 CET	192.168.2.4	1.1.1.1	0x7212	Standard query (0)	pleasantanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.642236948 CET	192.168.2.4	1.1.1.1	0xe707	Standard query (0)	necessaryanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.652211905 CET	192.168.2.4	1.1.1.1	0x8a34	Standard query (0)	pleasantbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.662960052 CET	192.168.2.4	1.1.1.1	0x7e7c	Standard query (0)	necessarybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.670825005 CET	192.168.2.4	1.1.1.1	0xbc5	Standard query (0)	pleasantappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.681524038 CET	192.168.2.4	1.1.1.1	0xf1c4	Standard query (0)	necessaryappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.691396952 CET	192.168.2.4	1.1.1.1	0xc292	Standard query (0)	ordermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.723814011 CET	192.168.2.4	1.1.1.1	0xc1f6	Standard query (0)	requiremanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.759733915 CET	192.168.2.4	1.1.1.1	0x5690	Standard query (0)	orderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.771286011 CET	192.168.2.4	1.1.1.1	0x8	Standard query (0)	requireanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.782613039 CET	192.168.2.4	1.1.1.1	0x3216	Standard query (0)	orderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.794563055 CET	192.168.2.4	1.1.1.1	0x292f	Standard query (0)	requirebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.827552080 CET	192.168.2.4	1.1.1.1	0x2ee3	Standard query (0)	orderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.838655949 CET	192.168.2.4	1.1.1.1	0x11e5	Standard query (0)	requireappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.848620892 CET	192.168.2.4	1.1.1.1	0xae02	Standard query (0)	leadermanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.859141111 CET	192.168.2.4	1.1.1.1	0x3c39	Standard query (0)	heavenmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.870167017 CET	192.168.2.4	1.1.1.1	0xa9e5	Standard query (0)	leaderanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.881753922 CET	192.168.2.4	1.1.1.1	0x3d31	Standard query (0)	heavenanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.892723083 CET	192.168.2.4	1.1.1.1	0x7291	Standard query (0)	leaderbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.925774097 CET	192.168.2.4	1.1.1.1	0x5446	Standard query (0)	heavenbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.957763910 CET	192.168.2.4	1.1.1.1	0x9f17	Standard query (0)	leaderappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.989402056 CET	192.168.2.4	1.1.1.1	0xaa4e	Standard query (0)	heavenappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.002316952 CET	192.168.2.4	1.1.1.1	0x400d	Standard query (0)	heavymanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.013252020 CET	192.168.2.4	1.1.1.1	0x15f6	Standard query (0)	gentlemanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.024456978 CET	192.168.2.4	1.1.1.1	0xaab0	Standard query (0)	heavyanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.035420895 CET	192.168.2.4	1.1.1.1	0x5e65	Standard query (0)	gentleanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.046385050 CET	192.168.2.4	1.1.1.1	0xf649	Standard query (0)	heavybusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.081270933 CET	192.168.2.4	1.1.1.1	0x325e	Standard query (0)	gentlebusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.092498064 CET	192.168.2.4	1.1.1.1	0x2d4d	Standard query (0)	heavyappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.103257895 CET	192.168.2.4	1.1.1.1	0x357e	Standard query (0)	gentleappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.270469904 CET	192.168.2.4	1.1.1.1	0x5aa3	Standard query (0)	variousmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.303487062 CET	192.168.2.4	1.1.1.1	0x5b54	Standard query (0)	returnmanner.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.475518942 CET	192.168.2.4	1.1.1.1	0xbca3	Standard query (0)	variousanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.488338947 CET	192.168.2.4	1.1.1.1	0x817f	Standard query (0)	returnanother.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.500349998 CET	192.168.2.4	1.1.1.1	0xe295	Standard query (0)	variousbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.512448072 CET	192.168.2.4	1.1.1.1	0x226e	Standard query (0)	returnbusiness.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.521940947 CET	192.168.2.4	1.1.1.1	0x3889	Standard query (0)	variousappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.536427021 CET	192.168.2.4	1.1.1.1	0x3dec	Standard query (0)	returnappear.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.548486948 CET	192.168.2.4	1.1.1.1	0x742d	Standard query (0)	degreeinstead.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.560113907 CET	192.168.2.4	1.1.1.1	0xad58	Standard query (0)	forwardinstead.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.571177006 CET	192.168.2.4	1.1.1.1	0x1022	Standard query (0)	degreeexplain.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.580735922 CET	192.168.2.4	1.1.1.1	0x30c0	Standard query (0)	forwardexplain.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.591589928 CET	192.168.2.4	1.1.1.1	0x294b	Standard query (0)	degreebright.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.602644920 CET	192.168.2.4	1.1.1.1	0x98f9	Standard query (0)	forwardbright.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.620189905 CET	192.168.2.4	1.1.1.1	0xe175	Standard query (0)	degreeinside.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.632019997 CET	192.168.2.4	1.1.1.1	0x1acb	Standard query (0)	forwardinside.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.664334059 CET	192.168.2.4	1.1.1.1	0x823d	Standard query (0)	answerinstead.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.676862001 CET	192.168.2.4	1.1.1.1	0x2edd	Standard query (0)	glassinstead.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.686489105 CET	192.168.2.4	1.1.1.1	0xb23e	Standard query (0)	answerexplain.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.697165966 CET	192.168.2.4	1.1.1.1	0xf73a	Standard query (0)	glassexplain.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.707348108 CET	192.168.2.4	1.1.1.1	0x1041	Standard query (0)	answerbright.net	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:49.010730982 CET	192.168.2.4	1.1.1.1	0x54ff	Standard query (0)	glassbright.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 7, 2024 13:06:45.028290987 CET	1.1.1.1	192.168.2.4	0x6cd7	Name error (3)	difficultdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:45.061218977 CET	1.1.1.1	192.168.2.4	0x8183	Name error (3)	hearddivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:45.320025921 CET	1.1.1.1	192.168.2.4	0x2403	No error (0)	pleasantstream.net		18.143.155.63	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.405215979 CET	1.1.1.1	192.168.2.4	0xc3d9	Name error (3)	necessarystream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.415200949 CET	1.1.1.1	192.168.2.4	0x1ad3	Name error (3)	pleasantnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.445800066 CET	1.1.1.1	192.168.2.4	0xf778	Name error (3)	necessarynothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.477401972 CET	1.1.1.1	192.168.2.4	0xdbaa	Name error (3)	pleasantbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.508003950 CET	1.1.1.1	192.168.2.4	0x1197	Name error (3)	necessarybottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.540666103 CET	1.1.1.1	192.168.2.4	0xb660	Name error (3)	pleasantdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.573498964 CET	1.1.1.1	192.168.2.4	0x260d	Name error (3)	necessarydivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:47.659147024 CET	1.1.1.1	192.168.2.4	0x2b54	No error (0)	orderstream.net		37.97.254.27	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.901843071 CET	1.1.1.1	192.168.2.4	0x94ed	Name error (3)	requirestream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.912179947 CET	1.1.1.1	192.168.2.4	0xec15	Name error (3)	ordernothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.923350096 CET	1.1.1.1	192.168.2.4	0xd129	Name error (3)	requirenothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.934432030 CET	1.1.1.1	192.168.2.4	0x321d	Name error (3)	orderbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.966164112 CET	1.1.1.1	192.168.2.4	0x7c33	Name error (3)	requirebottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.976634026 CET	1.1.1.1	192.168.2.4	0x774c	Name error (3)	orderdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:48.986571074 CET	1.1.1.1	192.168.2.4	0x3353	Name error (3)	requiredivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.392087936 CET	1.1.1.1	192.168.2.4	0x5612	Name error (3)	heavenstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.402755022 CET	1.1.1.1	192.168.2.4	0xf9e	Name error (3)	leadernothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.420821905 CET	1.1.1.1	192.168.2.4	0xf9f7	Name error (3)	heavennothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.452706099 CET	1.1.1.1	192.168.2.4	0xe775	Name error (3)	leaderbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.463118076 CET	1.1.1.1	192.168.2.4	0x106c	Name error (3)	heavenbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.473510027 CET	1.1.1.1	192.168.2.4	0x7062	Name error (3)	leaderdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.506855011 CET	1.1.1.1	192.168.2.4	0x624	Name error (3)	heavendivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.517035961 CET	1.1.1.1	192.168.2.4	0x6482	Name error (3)	heavystream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.527029991 CET	1.1.1.1	192.168.2.4	0xf94c	Name error (3)	gentlestream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.558265924 CET	1.1.1.1	192.168.2.4	0x6483	Name error (3)	heavynothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.590118885 CET	1.1.1.1	192.168.2.4	0x91f	Name error (3)	gentlenothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.601068974 CET	1.1.1.1	192.168.2.4	0xb01e	Name error (3)	heavybottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.632328987 CET	1.1.1.1	192.168.2.4	0x2efa	Name error (3)	gentlebottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.642018080 CET	1.1.1.1	192.168.2.4	0xae24	Name error (3)	heavydivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.652544022 CET	1.1.1.1	192.168.2.4	0xbfac	Name error (3)	gentledivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:49.982291937 CET	1.1.1.1	192.168.2.4	0xd13	No error (0)	variousstream.net	7450.bodis.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 7, 2024 13:06:49.982291937 CET	1.1.1.1	192.168.2.4	0xd13	No error (0)	7450.bodis.com		199.59.243.227	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:50.635198116 CET	1.1.1.1	192.168.2.4	0x164b	Name error (3)	returnstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:50.645370007 CET	1.1.1.1	192.168.2.4	0x1664	Name error (3)	variousnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:50.808901072 CET	1.1.1.1	192.168.2.4	0xe969	Name error (3)	returnnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:50.844568014 CET	1.1.1.1	192.168.2.4	0x370f	Name error (3)	variousbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:51.046688080 CET	1.1.1.1	192.168.2.4	0x1749	No error (0)	returnbottle.net		18.143.155.63	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:52.923542023 CET	1.1.1.1	192.168.2.4	0x7471	Name error (3)	variousdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:52.934300900 CET	1.1.1.1	192.168.2.4	0x3f48	Name error (3)	returndivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.098623037 CET	1.1.1.1	192.168.2.4	0xa025	Name error (3)	degreemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.109946966 CET	1.1.1.1	192.168.2.4	0xee8f	Name error (3)	forwardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.155548096 CET	1.1.1.1	192.168.2.4	0x5cdd	Name error (3)	degreeanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.169590950 CET	1.1.1.1	192.168.2.4	0x8be7	Name error (3)	forwardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.184726954 CET	1.1.1.1	192.168.2.4	0x5b9d	Name error (3)	degreebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.195311069 CET	1.1.1.1	192.168.2.4	0x1114	Name error (3)	forwardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.208364010 CET	1.1.1.1	192.168.2.4	0x998	Name error (3)	degreeappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.223357916 CET	1.1.1.1	192.168.2.4	0xcd31	Name error (3)	forwardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.235461950 CET	1.1.1.1	192.168.2.4	0x5650	Name error (3)	answermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.245455027 CET	1.1.1.1	192.168.2.4	0x88f2	Name error (3)	glassmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.277545929 CET	1.1.1.1	192.168.2.4	0x95fb	Name error (3)	answeranother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.309076071 CET	1.1.1.1	192.168.2.4	0x9d40	Name error (3)	glassanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.326215029 CET	1.1.1.1	192.168.2.4	0xa248	Name error (3)	answerbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.375880957 CET	1.1.1.1	192.168.2.4	0x7bd	Name error (3)	glassbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.386809111 CET	1.1.1.1	192.168.2.4	0xa78c	Name error (3)	answerappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.398435116 CET	1.1.1.1	192.168.2.4	0xfc71	Name error (3)	glassappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.407861948 CET	1.1.1.1	192.168.2.4	0x3958	Name error (3)	difficultmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.440242052 CET	1.1.1.1	192.168.2.4	0x4691	Name error (3)	heardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.452891111 CET	1.1.1.1	192.168.2.4	0xdffe	Name error (3)	difficultanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.463144064 CET	1.1.1.1	192.168.2.4	0xf42f	Name error (3)	heardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.475162029 CET	1.1.1.1	192.168.2.4	0xa606	Name error (3)	difficultbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.488821030 CET	1.1.1.1	192.168.2.4	0xea05	Name error (3)	heardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.500849962 CET	1.1.1.1	192.168.2.4	0xf49c	Name error (3)	difficultappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.511002064 CET	1.1.1.1	192.168.2.4	0x7c38	Name error (3)	heardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.521368027 CET	1.1.1.1	192.168.2.4	0x7a56	Name error (3)	pleasantmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.566312075 CET	1.1.1.1	192.168.2.4	0x498d	Name error (3)	necessarymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.637586117 CET	1.1.1.1	192.168.2.4	0x7e81	Name error (3)	pleasantanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.671376944 CET	1.1.1.1	192.168.2.4	0xc69	Name error (3)	necessaryanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.742587090 CET	1.1.1.1	192.168.2.4	0xbd3d	Name error (3)	pleasantbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.824135065 CET	1.1.1.1	192.168.2.4	0x60fc	Name error (3)	necessarybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:53.989172935 CET	1.1.1.1	192.168.2.4	0xe8d6	Name error (3)	pleasantappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.112411976 CET	1.1.1.1	192.168.2.4	0x1eca	Name error (3)	necessaryappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.122730970 CET	1.1.1.1	192.168.2.4	0xd3fd	Name error (3)	ordermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.133517981 CET	1.1.1.1	192.168.2.4	0x9ee5	Name error (3)	requiremanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.300561905 CET	1.1.1.1	192.168.2.4	0xa509	Name error (3)	orderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.331973076 CET	1.1.1.1	192.168.2.4	0xb7cc	Name error (3)	requireanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.343185902 CET	1.1.1.1	192.168.2.4	0x257d	Name error (3)	orderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.375349998 CET	1.1.1.1	192.168.2.4	0x95e7	Name error (3)	requirebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.407556057 CET	1.1.1.1	192.168.2.4	0x1e0	Name error (3)	orderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.417300940 CET	1.1.1.1	192.168.2.4	0x95e6	Name error (3)	requireappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.591020107 CET	1.1.1.1	192.168.2.4	0x7c28	Name error (3)	leadermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.606147051 CET	1.1.1.1	192.168.2.4	0xac9d	Name error (3)	heavenmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:06:54.637646914 CET	1.1.1.1	192.168.2.4	0xf3d6	Name error (3)	leaderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:07.340039968 CET	1.1.1.1	192.168.2.4	0x61ff	Name error (3)	hearddivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.787898064 CET	1.1.1.1	192.168.2.4	0x11d9	Name error (3)	necessarystream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.819365978 CET	1.1.1.1	192.168.2.4	0x2f50	Name error (3)	pleasantnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.830461979 CET	1.1.1.1	192.168.2.4	0xd86d	Name error (3)	necessarynothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.843103886 CET	1.1.1.1	192.168.2.4	0x14a1	Name error (3)	pleasantbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.854964018 CET	1.1.1.1	192.168.2.4	0xf887	Name error (3)	necessarybottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.866282940 CET	1.1.1.1	192.168.2.4	0x4364	Name error (3)	pleasantdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:08.897706032 CET	1.1.1.1	192.168.2.4	0x8887	Name error (3)	necessarydivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.106184006 CET	1.1.1.1	192.168.2.4	0x8530	Name error (3)	requirestream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.116302013 CET	1.1.1.1	192.168.2.4	0x43e7	Name error (3)	ordernothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.126112938 CET	1.1.1.1	192.168.2.4	0x1b41	Name error (3)	requirenothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.157548904 CET	1.1.1.1	192.168.2.4	0xc085	Name error (3)	orderbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.188281059 CET	1.1.1.1	192.168.2.4	0x99c9	Name error (3)	requirebottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.198797941 CET	1.1.1.1	192.168.2.4	0xff4a	Name error (3)	orderdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.212430954 CET	1.1.1.1	192.168.2.4	0x29c7	Name error (3)	requiredivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.422847033 CET	1.1.1.1	192.168.2.4	0x7947	Name error (3)	heavenstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.434422970 CET	1.1.1.1	192.168.2.4	0xc178	Name error (3)	leadernothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.447561979 CET	1.1.1.1	192.168.2.4	0xb195	Name error (3)	heavennothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.479415894 CET	1.1.1.1	192.168.2.4	0x4d9f	Name error (3)	leaderbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.489733934 CET	1.1.1.1	192.168.2.4	0xd720	Name error (3)	heavenbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.499798059 CET	1.1.1.1	192.168.2.4	0x5731	Name error (3)	leaderdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.510667086 CET	1.1.1.1	192.168.2.4	0xfd35	Name error (3)	heavendivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.520788908 CET	1.1.1.1	192.168.2.4	0xfce1	Name error (3)	heavystream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.530967951 CET	1.1.1.1	192.168.2.4	0xe1a2	Name error (3)	gentlestream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.696894884 CET	1.1.1.1	192.168.2.4	0x2d7	Name error (3)	heavynothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.715614080 CET	1.1.1.1	192.168.2.4	0x9e38	Name error (3)	gentlenothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.747482061 CET	1.1.1.1	192.168.2.4	0xdf7d	Name error (3)	heavybottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.781333923 CET	1.1.1.1	192.168.2.4	0x8060	Name error (3)	gentlebottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.792026997 CET	1.1.1.1	192.168.2.4	0x75d3	Name error (3)	heavydivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:10.951525927 CET	1.1.1.1	192.168.2.4	0x2d49	Name error (3)	gentledivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:11.604527950 CET	1.1.1.1	192.168.2.4	0x1c18	Name error (3)	returnstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:11.637423038 CET	1.1.1.1	192.168.2.4	0x6313	Name error (3)	variousnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:11.647933006 CET	1.1.1.1	192.168.2.4	0x3899	Name error (3)	returnnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:11.657807112 CET	1.1.1.1	192.168.2.4	0xdb93	Name error (3)	variousbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.122703075 CET	1.1.1.1	192.168.2.4	0x1ab7	Name error (3)	variousdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.133157969 CET	1.1.1.1	192.168.2.4	0xcdc9	Name error (3)	returndivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.144114971 CET	1.1.1.1	192.168.2.4	0xbc40	Name error (3)	degreemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.154495955 CET	1.1.1.1	192.168.2.4	0x38be	Name error (3)	forwardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.165415049 CET	1.1.1.1	192.168.2.4	0x6f55	Name error (3)	degreeanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.174952030 CET	1.1.1.1	192.168.2.4	0x597a	Name error (3)	forwardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.205694914 CET	1.1.1.1	192.168.2.4	0xf8f2	Name error (3)	degreebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.218811035 CET	1.1.1.1	192.168.2.4	0xd79d	Name error (3)	forwardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.230762005 CET	1.1.1.1	192.168.2.4	0x6927	Name error (3)	degreeappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.263077974 CET	1.1.1.1	192.168.2.4	0xeef2	Name error (3)	forwardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.273284912 CET	1.1.1.1	192.168.2.4	0x1dc1	Name error (3)	answermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.284794092 CET	1.1.1.1	192.168.2.4	0xd5a6	Name error (3)	glassmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.295640945 CET	1.1.1.1	192.168.2.4	0x3c82	Name error (3)	answeranother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.305695057 CET	1.1.1.1	192.168.2.4	0xf965	Name error (3)	glassanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.316921949 CET	1.1.1.1	192.168.2.4	0xc267	Name error (3)	answerbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.327630043 CET	1.1.1.1	192.168.2.4	0xdf2b	Name error (3)	glassbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.338350058 CET	1.1.1.1	192.168.2.4	0xaf21	Name error (3)	answerappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.348583937 CET	1.1.1.1	192.168.2.4	0x65	Name error (3)	glassappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.358561039 CET	1.1.1.1	192.168.2.4	0x3654	Name error (3)	difficultmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.368546963 CET	1.1.1.1	192.168.2.4	0x1a8b	Name error (3)	heardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.399698019 CET	1.1.1.1	192.168.2.4	0x7bd6	Name error (3)	difficultanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.431369066 CET	1.1.1.1	192.168.2.4	0xd872	Name error (3)	heardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.448298931 CET	1.1.1.1	192.168.2.4	0x7489	Name error (3)	difficultbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.458533049 CET	1.1.1.1	192.168.2.4	0x6dad	Name error (3)	heardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.623022079 CET	1.1.1.1	192.168.2.4	0x7840	Name error (3)	difficultappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.634149075 CET	1.1.1.1	192.168.2.4	0x5635	Name error (3)	heardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.647871971 CET	1.1.1.1	192.168.2.4	0x168a	Name error (3)	pleasantmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.658642054 CET	1.1.1.1	192.168.2.4	0x2a3a	Name error (3)	necessarymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.669178009 CET	1.1.1.1	192.168.2.4	0x5293	Name error (3)	pleasantanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.680394888 CET	1.1.1.1	192.168.2.4	0x855b	Name error (3)	necessaryanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.691234112 CET	1.1.1.1	192.168.2.4	0xc029	Name error (3)	pleasantbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.702426910 CET	1.1.1.1	192.168.2.4	0xe5cf	Name error (3)	necessarybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.713361979 CET	1.1.1.1	192.168.2.4	0xed6a	Name error (3)	pleasantappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.745786905 CET	1.1.1.1	192.168.2.4	0x8d1e	Name error (3)	necessaryappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.756856918 CET	1.1.1.1	192.168.2.4	0x8fb7	Name error (3)	ordermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.768335104 CET	1.1.1.1	192.168.2.4	0x2c6b	Name error (3)	requiremanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.924192905 CET	1.1.1.1	192.168.2.4	0x930a	Name error (3)	orderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.941170931 CET	1.1.1.1	192.168.2.4	0xb2e7	Name error (3)	requireanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:13.973563910 CET	1.1.1.1	192.168.2.4	0xfb9a	Name error (3)	orderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.005325079 CET	1.1.1.1	192.168.2.4	0x98ff	Name error (3)	requirebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.015969992 CET	1.1.1.1	192.168.2.4	0xb9d4	Name error (3)	orderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.025475979 CET	1.1.1.1	192.168.2.4	0x1336	Name error (3)	requireappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.036644936 CET	1.1.1.1	192.168.2.4	0xd536	Name error (3)	leadermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.047142982 CET	1.1.1.1	192.168.2.4	0xdc0	Name error (3)	heavenmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.078545094 CET	1.1.1.1	192.168.2.4	0xe60d	Name error (3)	leaderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:14.091135979 CET	1.1.1.1	192.168.2.4	0xb863	Name error (3)	heavenanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.614130974 CET	1.1.1.1	192.168.2.4	0xf3ef	Name error (3)	requirestream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.647449970 CET	1.1.1.1	192.168.2.4	0x1cb7	Name error (3)	ordernothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.679666996 CET	1.1.1.1	192.168.2.4	0x8d28	Name error (3)	requirenothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.690962076 CET	1.1.1.1	192.168.2.4	0xb3b5	Name error (3)	orderbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.701287031 CET	1.1.1.1	192.168.2.4	0xe917	Name error (3)	requirebottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.710793018 CET	1.1.1.1	192.168.2.4	0x1a90	Name error (3)	orderdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.720913887 CET	1.1.1.1	192.168.2.4	0xd935	Name error (3)	requiredivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.777762890 CET	1.1.1.1	192.168.2.4	0x566d	Name error (3)	heavenstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.788110018 CET	1.1.1.1	192.168.2.4	0x4230	Name error (3)	leadernothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.802150965 CET	1.1.1.1	192.168.2.4	0x164c	Name error (3)	heavennothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.834275007 CET	1.1.1.1	192.168.2.4	0xc3f6	Name error (3)	leaderbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.845676899 CET	1.1.1.1	192.168.2.4	0x53d1	Name error (3)	heavenbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.855519056 CET	1.1.1.1	192.168.2.4	0xf737	Name error (3)	leaderdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.866318941 CET	1.1.1.1	192.168.2.4	0x514a	Name error (3)	heavendivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.876388073 CET	1.1.1.1	192.168.2.4	0x403d	Name error (3)	heavystream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.907852888 CET	1.1.1.1	192.168.2.4	0xd621	Name error (3)	gentlestream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.918411970 CET	1.1.1.1	192.168.2.4	0xc81e	Name error (3)	heavynothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.926372051 CET	1.1.1.1	192.168.2.4	0x2088	Name error (3)	gentlenothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.936290979 CET	1.1.1.1	192.168.2.4	0x65aa	Name error (3)	heavybottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.947788954 CET	1.1.1.1	192.168.2.4	0xd9b	Name error (3)	gentlebottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.983944893 CET	1.1.1.1	192.168.2.4	0xb1e0	Name error (3)	heavydivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:18.994982958 CET	1.1.1.1	192.168.2.4	0x11e8	Name error (3)	gentledivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:19.674288988 CET	1.1.1.1	192.168.2.4	0xebf	Name error (3)	returnstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:19.706943035 CET	1.1.1.1	192.168.2.4	0xf2e2	Name error (3)	variousnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:19.742113113 CET	1.1.1.1	192.168.2.4	0x2e55	Name error (3)	returnnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:19.753261089 CET	1.1.1.1	192.168.2.4	0x2157	Name error (3)	variousbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.208137035 CET	1.1.1.1	192.168.2.4	0xe562	Name error (3)	variousdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.219018936 CET	1.1.1.1	192.168.2.4	0x16d9	Name error (3)	returndivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.229294062 CET	1.1.1.1	192.168.2.4	0xb66	Name error (3)	degreemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.239784956 CET	1.1.1.1	192.168.2.4	0xcbbe	Name error (3)	forwardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.271097898 CET	1.1.1.1	192.168.2.4	0x362	Name error (3)	degreeanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.282901049 CET	1.1.1.1	192.168.2.4	0x5c25	Name error (3)	forwardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.315519094 CET	1.1.1.1	192.168.2.4	0x6cb8	Name error (3)	degreebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.478698015 CET	1.1.1.1	192.168.2.4	0xce25	Name error (3)	forwardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.511576891 CET	1.1.1.1	192.168.2.4	0xd3f2	Name error (3)	degreeappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.523159981 CET	1.1.1.1	192.168.2.4	0x4f1b	Name error (3)	forwardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.539542913 CET	1.1.1.1	192.168.2.4	0x760a	Name error (3)	answermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.552970886 CET	1.1.1.1	192.168.2.4	0xfbf7	Name error (3)	glassmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.563370943 CET	1.1.1.1	192.168.2.4	0x1490	Name error (3)	answeranother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.595623016 CET	1.1.1.1	192.168.2.4	0x8377	Name error (3)	glassanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.607197046 CET	1.1.1.1	192.168.2.4	0xe207	Name error (3)	answerbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.617758036 CET	1.1.1.1	192.168.2.4	0xb8aa	Name error (3)	glassbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.627551079 CET	1.1.1.1	192.168.2.4	0xe4e8	Name error (3)	answerappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.660429001 CET	1.1.1.1	192.168.2.4	0xd1ad	Name error (3)	glassappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.671175003 CET	1.1.1.1	192.168.2.4	0x9aab	Name error (3)	difficultmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.703644037 CET	1.1.1.1	192.168.2.4	0xc545	Name error (3)	heardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.719701052 CET	1.1.1.1	192.168.2.4	0x6e	Name error (3)	difficultanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.729862928 CET	1.1.1.1	192.168.2.4	0xf714	Name error (3)	heardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.761498928 CET	1.1.1.1	192.168.2.4	0x1d30	Name error (3)	difficultbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.777019978 CET	1.1.1.1	192.168.2.4	0x62c9	Name error (3)	heardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.788495064 CET	1.1.1.1	192.168.2.4	0x4245	Name error (3)	difficultappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.798912048 CET	1.1.1.1	192.168.2.4	0xa242	Name error (3)	heardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.830612898 CET	1.1.1.1	192.168.2.4	0xbbf4	Name error (3)	pleasantmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.864244938 CET	1.1.1.1	192.168.2.4	0x20b7	Name error (3)	necessarymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.874449015 CET	1.1.1.1	192.168.2.4	0x4356	Name error (3)	pleasantanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.907844067 CET	1.1.1.1	192.168.2.4	0xc265	Name error (3)	necessaryanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.920453072 CET	1.1.1.1	192.168.2.4	0x509f	Name error (3)	pleasantbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.931427956 CET	1.1.1.1	192.168.2.4	0x1fe6	Name error (3)	necessarybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.963216066 CET	1.1.1.1	192.168.2.4	0xc44c	Name error (3)	pleasantappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.977761984 CET	1.1.1.1	192.168.2.4	0x9790	Name error (3)	necessaryappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.988485098 CET	1.1.1.1	192.168.2.4	0x319	Name error (3)	ordermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:21.998745918 CET	1.1.1.1	192.168.2.4	0x2529	Name error (3)	requiremanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.033023119 CET	1.1.1.1	192.168.2.4	0xfaf4	Name error (3)	orderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.044826031 CET	1.1.1.1	192.168.2.4	0x92af	Name error (3)	requireanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.079191923 CET	1.1.1.1	192.168.2.4	0x2168	Name error (3)	orderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.090727091 CET	1.1.1.1	192.168.2.4	0xac15	Name error (3)	requirebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.102891922 CET	1.1.1.1	192.168.2.4	0x4b45	Name error (3)	orderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.115529060 CET	1.1.1.1	192.168.2.4	0x55d1	Name error (3)	requireappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.147428036 CET	1.1.1.1	192.168.2.4	0x803e	Name error (3)	leadermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.158755064 CET	1.1.1.1	192.168.2.4	0xe1c1	Name error (3)	heavenmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.190347910 CET	1.1.1.1	192.168.2.4	0xd1c0	Name error (3)	leaderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.204328060 CET	1.1.1.1	192.168.2.4	0x9ed6	Name error (3)	heavenanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.216110945 CET	1.1.1.1	192.168.2.4	0x24df	Name error (3)	leaderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.249876976 CET	1.1.1.1	192.168.2.4	0xb5b1	Name error (3)	heavenbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.262706041 CET	1.1.1.1	192.168.2.4	0xa932	Name error (3)	leaderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.294454098 CET	1.1.1.1	192.168.2.4	0x8ec8	Name error (3)	heavenappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.304795980 CET	1.1.1.1	192.168.2.4	0x4c1f	Name error (3)	heavymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.314516068 CET	1.1.1.1	192.168.2.4	0x9c1	Name error (3)	gentlemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.327203989 CET	1.1.1.1	192.168.2.4	0x6ab2	Name error (3)	heavyanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.339973927 CET	1.1.1.1	192.168.2.4	0xa0e7	Name error (3)	gentleanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.355835915 CET	1.1.1.1	192.168.2.4	0xcd42	Name error (3)	heavybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:22.368746042 CET	1.1.1.1	192.168.2.4	0xc20f	Name error (3)	gentlebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.877312899 CET	1.1.1.1	192.168.2.4	0x2b2c	Name error (3)	heavenstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.887119055 CET	1.1.1.1	192.168.2.4	0x2dd3	Name error (3)	leadernothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.898633003 CET	1.1.1.1	192.168.2.4	0x9c32	Name error (3)	heavennothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.909909964 CET	1.1.1.1	192.168.2.4	0xc134	Name error (3)	leaderbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:26.919570923 CET	1.1.1.1	192.168.2.4	0x5c6d	Name error (3)	heavenbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.075798035 CET	1.1.1.1	192.168.2.4	0x8905	Name error (3)	leaderdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.088856936 CET	1.1.1.1	192.168.2.4	0x44b1	Name error (3)	heavendivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.098639965 CET	1.1.1.1	192.168.2.4	0x59fa	Name error (3)	heavystream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.108783007 CET	1.1.1.1	192.168.2.4	0x2f9f	Name error (3)	gentlestream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.141340017 CET	1.1.1.1	192.168.2.4	0x9921	Name error (3)	heavynothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.151911020 CET	1.1.1.1	192.168.2.4	0x3711	Name error (3)	gentlenothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.163024902 CET	1.1.1.1	192.168.2.4	0xeee1	Name error (3)	heavybottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.174984932 CET	1.1.1.1	192.168.2.4	0x4e0f	Name error (3)	gentlebottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.185945988 CET	1.1.1.1	192.168.2.4	0x908b	Name error (3)	heavydivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.218453884 CET	1.1.1.1	192.168.2.4	0x85a4	Name error (3)	gentledivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.890711069 CET	1.1.1.1	192.168.2.4	0xc40d	Name error (3)	returnstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.903112888 CET	1.1.1.1	192.168.2.4	0x4a3f	Name error (3)	variousnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.956995964 CET	1.1.1.1	192.168.2.4	0x6741	Name error (3)	returnnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:27.999917984 CET	1.1.1.1	192.168.2.4	0x9d10	Name error (3)	variousbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.472595930 CET	1.1.1.1	192.168.2.4	0xc754	Name error (3)	variousdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.483237028 CET	1.1.1.1	192.168.2.4	0xefcb	Name error (3)	returndivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.493269920 CET	1.1.1.1	192.168.2.4	0x4fa7	Name error (3)	degreemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.503639936 CET	1.1.1.1	192.168.2.4	0x34ae	Name error (3)	forwardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.514139891 CET	1.1.1.1	192.168.2.4	0x147a	Name error (3)	degreeanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.545272112 CET	1.1.1.1	192.168.2.4	0xad98	Name error (3)	forwardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.555615902 CET	1.1.1.1	192.168.2.4	0x6f82	Name error (3)	degreebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.565372944 CET	1.1.1.1	192.168.2.4	0xe43f	Name error (3)	forwardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.575661898 CET	1.1.1.1	192.168.2.4	0x42be	Name error (3)	degreeappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.586302042 CET	1.1.1.1	192.168.2.4	0x4afb	Name error (3)	forwardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.595604897 CET	1.1.1.1	192.168.2.4	0xc7a5	Name error (3)	answermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.605057955 CET	1.1.1.1	192.168.2.4	0x214f	Name error (3)	glassmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.620899916 CET	1.1.1.1	192.168.2.4	0xb335	Name error (3)	answeranother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.631365061 CET	1.1.1.1	192.168.2.4	0x5a1b	Name error (3)	glassanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.661910057 CET	1.1.1.1	192.168.2.4	0xc4c9	Name error (3)	answerbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.675328970 CET	1.1.1.1	192.168.2.4	0x7266	Name error (3)	glassbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.706981897 CET	1.1.1.1	192.168.2.4	0xdca3	Name error (3)	answerappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.718066931 CET	1.1.1.1	192.168.2.4	0x6d3	Name error (3)	glassappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.727701902 CET	1.1.1.1	192.168.2.4	0x1894	Name error (3)	difficultmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.737912893 CET	1.1.1.1	192.168.2.4	0x2b94	Name error (3)	heardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.745371103 CET	1.1.1.1	192.168.2.4	0x76b2	Name error (3)	difficultanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.755521059 CET	1.1.1.1	192.168.2.4	0xa8b4	Name error (3)	heardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.766011953 CET	1.1.1.1	192.168.2.4	0x2a87	Name error (3)	difficultbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.776555061 CET	1.1.1.1	192.168.2.4	0xd72c	Name error (3)	heardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.786528111 CET	1.1.1.1	192.168.2.4	0x87	Name error (3)	difficultappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.817982912 CET	1.1.1.1	192.168.2.4	0xd923	Name error (3)	heardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:29.850224018 CET	1.1.1.1	192.168.2.4	0x3afd	Name error (3)	pleasantmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.006727934 CET	1.1.1.1	192.168.2.4	0xc78c	Name error (3)	necessarymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.040481091 CET	1.1.1.1	192.168.2.4	0x9a6c	Name error (3)	pleasantanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.050892115 CET	1.1.1.1	192.168.2.4	0xddb6	Name error (3)	necessaryanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.060878992 CET	1.1.1.1	192.168.2.4	0xd04e	Name error (3)	pleasantbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.218229055 CET	1.1.1.1	192.168.2.4	0xedbc	Name error (3)	necessarybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.253253937 CET	1.1.1.1	192.168.2.4	0x2f1b	Name error (3)	pleasantappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.290036917 CET	1.1.1.1	192.168.2.4	0xb745	Name error (3)	necessaryappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.307832956 CET	1.1.1.1	192.168.2.4	0x5595	Name error (3)	ordermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.324074030 CET	1.1.1.1	192.168.2.4	0x18e1	Name error (3)	requiremanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.338908911 CET	1.1.1.1	192.168.2.4	0xed72	Name error (3)	orderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.370313883 CET	1.1.1.1	192.168.2.4	0xeb51	Name error (3)	requireanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.380945921 CET	1.1.1.1	192.168.2.4	0x2717	Name error (3)	orderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.392451048 CET	1.1.1.1	192.168.2.4	0x87b3	Name error (3)	requirebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.424096107 CET	1.1.1.1	192.168.2.4	0x4f69	Name error (3)	orderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.436827898 CET	1.1.1.1	192.168.2.4	0x25ac	Name error (3)	requireappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.451275110 CET	1.1.1.1	192.168.2.4	0xbdd5	Name error (3)	leadermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.462060928 CET	1.1.1.1	192.168.2.4	0x2b0	Name error (3)	heavenmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.473145008 CET	1.1.1.1	192.168.2.4	0xae53	Name error (3)	leaderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.484009981 CET	1.1.1.1	192.168.2.4	0x4d68	Name error (3)	heavenanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.495440006 CET	1.1.1.1	192.168.2.4	0x431a	Name error (3)	leaderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.527563095 CET	1.1.1.1	192.168.2.4	0x32d1	Name error (3)	heavenbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.591506004 CET	1.1.1.1	192.168.2.4	0x2d83	Name error (3)	leaderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.623442888 CET	1.1.1.1	192.168.2.4	0xb669	Name error (3)	heavenappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.669455051 CET	1.1.1.1	192.168.2.4	0x86e	Name error (3)	heavymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.680478096 CET	1.1.1.1	192.168.2.4	0x7594	Name error (3)	gentlemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.737488985 CET	1.1.1.1	192.168.2.4	0xbfe6	Name error (3)	heavyanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.755228043 CET	1.1.1.1	192.168.2.4	0xf11f	Name error (3)	gentleanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.766583920 CET	1.1.1.1	192.168.2.4	0xc750	Name error (3)	heavybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.862451077 CET	1.1.1.1	192.168.2.4	0x79cc	Name error (3)	gentlebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:30.947427988 CET	1.1.1.1	192.168.2.4	0xa618	Name error (3)	heavyappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.015034914 CET	1.1.1.1	192.168.2.4	0xfbd3	Name error (3)	gentleappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.046674013 CET	1.1.1.1	192.168.2.4	0xb74c	Name error (3)	variousmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.078432083 CET	1.1.1.1	192.168.2.4	0x6889	Name error (3)	returnmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.089827061 CET	1.1.1.1	192.168.2.4	0x6d1d	Name error (3)	variousanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.102693081 CET	1.1.1.1	192.168.2.4	0xf5b1	Name error (3)	returnanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.113903046 CET	1.1.1.1	192.168.2.4	0xb636	Name error (3)	variousbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:31.128540993 CET	1.1.1.1	192.168.2.4	0xba75	Name error (3)	returnbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.659912109 CET	1.1.1.1	192.168.2.4	0xa5be	Name error (3)	heavystream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.669781923 CET	1.1.1.1	192.168.2.4	0xfe25	Name error (3)	gentlestream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.680866003 CET	1.1.1.1	192.168.2.4	0xb3df	Name error (3)	heavynothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.713103056 CET	1.1.1.1	192.168.2.4	0x5b95	Name error (3)	gentlenothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.725413084 CET	1.1.1.1	192.168.2.4	0xf5e0	Name error (3)	heavybottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.737524986 CET	1.1.1.1	192.168.2.4	0xabe	Name error (3)	gentlebottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.748291016 CET	1.1.1.1	192.168.2.4	0x50ba	Name error (3)	heavydivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:35.759605885 CET	1.1.1.1	192.168.2.4	0x49f1	Name error (3)	gentledivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:36.404429913 CET	1.1.1.1	192.168.2.4	0xf434	Name error (3)	returnstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:36.414953947 CET	1.1.1.1	192.168.2.4	0x5610	Name error (3)	variousnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:36.425242901 CET	1.1.1.1	192.168.2.4	0x8963	Name error (3)	returnnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:36.435724020 CET	1.1.1.1	192.168.2.4	0x5f2f	Name error (3)	variousbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.054997921 CET	1.1.1.1	192.168.2.4	0xf730	Name error (3)	variousdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.213812113 CET	1.1.1.1	192.168.2.4	0x6d6f	Name error (3)	returndivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.224467993 CET	1.1.1.1	192.168.2.4	0xef60	Name error (3)	degreemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.259322882 CET	1.1.1.1	192.168.2.4	0xc999	Name error (3)	forwardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.269455910 CET	1.1.1.1	192.168.2.4	0xc19e	Name error (3)	degreeanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.279656887 CET	1.1.1.1	192.168.2.4	0x55ed	Name error (3)	forwardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.291847944 CET	1.1.1.1	192.168.2.4	0x67c1	Name error (3)	degreebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.301939011 CET	1.1.1.1	192.168.2.4	0x1e2e	Name error (3)	forwardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.313970089 CET	1.1.1.1	192.168.2.4	0x7ff7	Name error (3)	degreeappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.323740005 CET	1.1.1.1	192.168.2.4	0xc13b	Name error (3)	forwardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.355561018 CET	1.1.1.1	192.168.2.4	0x424f	Name error (3)	answermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.366894007 CET	1.1.1.1	192.168.2.4	0x4fa9	Name error (3)	glassmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.376796007 CET	1.1.1.1	192.168.2.4	0xcaf1	Name error (3)	answeranother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.386548996 CET	1.1.1.1	192.168.2.4	0xb3f9	Name error (3)	glassanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:38.397237062 CET	1.1.1.1	192.168.2.4	0xc6d6	Name error (3)	answerbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.045469046 CET	1.1.1.1	192.168.2.4	0xa2e7	Name error (3)	answerappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.056106091 CET	1.1.1.1	192.168.2.4	0xe214	Name error (3)	glassappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.066324949 CET	1.1.1.1	192.168.2.4	0x15a8	Name error (3)	difficultmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.076924086 CET	1.1.1.1	192.168.2.4	0x5c7f	Name error (3)	heardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.087779045 CET	1.1.1.1	192.168.2.4	0xcd2b	Name error (3)	difficultanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.099494934 CET	1.1.1.1	192.168.2.4	0x2ec6	Name error (3)	heardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.109849930 CET	1.1.1.1	192.168.2.4	0x672e	Name error (3)	difficultbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.121032953 CET	1.1.1.1	192.168.2.4	0x6e6b	Name error (3)	heardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.151864052 CET	1.1.1.1	192.168.2.4	0xa2fa	Name error (3)	difficultappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.162739992 CET	1.1.1.1	192.168.2.4	0xd0c8	Name error (3)	heardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.173765898 CET	1.1.1.1	192.168.2.4	0x9282	Name error (3)	pleasantmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.184094906 CET	1.1.1.1	192.168.2.4	0x3642	Name error (3)	necessarymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.194814920 CET	1.1.1.1	192.168.2.4	0x2b98	Name error (3)	pleasantanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.259706974 CET	1.1.1.1	192.168.2.4	0x28fb	Name error (3)	necessaryanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.294817924 CET	1.1.1.1	192.168.2.4	0xa6e3	Name error (3)	pleasantbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.328047991 CET	1.1.1.1	192.168.2.4	0x363	Name error (3)	necessarybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.338606119 CET	1.1.1.1	192.168.2.4	0xea9c	Name error (3)	pleasantappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.349298000 CET	1.1.1.1	192.168.2.4	0xbc9f	Name error (3)	necessaryappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.512175083 CET	1.1.1.1	192.168.2.4	0xc456	Name error (3)	ordermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.545739889 CET	1.1.1.1	192.168.2.4	0x7c29	Name error (3)	requiremanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.557621956 CET	1.1.1.1	192.168.2.4	0xf77c	Name error (3)	orderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.567692041 CET	1.1.1.1	192.168.2.4	0xec93	Name error (3)	requireanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.578596115 CET	1.1.1.1	192.168.2.4	0xfb55	Name error (3)	orderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.591789007 CET	1.1.1.1	192.168.2.4	0x676b	Name error (3)	requirebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.602659941 CET	1.1.1.1	192.168.2.4	0x8176	Name error (3)	orderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.613862991 CET	1.1.1.1	192.168.2.4	0x1b03	Name error (3)	requireappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.624480963 CET	1.1.1.1	192.168.2.4	0xd210	Name error (3)	leadermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.633982897 CET	1.1.1.1	192.168.2.4	0xe48c	Name error (3)	heavenmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.645025015 CET	1.1.1.1	192.168.2.4	0x11b7	Name error (3)	leaderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.656105042 CET	1.1.1.1	192.168.2.4	0x95dc	Name error (3)	heavenanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.667375088 CET	1.1.1.1	192.168.2.4	0x508d	Name error (3)	leaderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.678309917 CET	1.1.1.1	192.168.2.4	0x2b37	Name error (3)	heavenbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.709333897 CET	1.1.1.1	192.168.2.4	0xc189	Name error (3)	leaderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.722807884 CET	1.1.1.1	192.168.2.4	0x1763	Name error (3)	heavenappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.754962921 CET	1.1.1.1	192.168.2.4	0x1676	Name error (3)	heavymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.787257910 CET	1.1.1.1	192.168.2.4	0x3b8a	Name error (3)	gentlemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.797873974 CET	1.1.1.1	192.168.2.4	0x2d8c	Name error (3)	heavyanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.829876900 CET	1.1.1.1	192.168.2.4	0x3279	Name error (3)	gentleanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.840529919 CET	1.1.1.1	192.168.2.4	0x79d3	Name error (3)	heavybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:39.999171019 CET	1.1.1.1	192.168.2.4	0x1ed0	Name error (3)	gentlebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.014547110 CET	1.1.1.1	192.168.2.4	0x1809	Name error (3)	heavyappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.025840044 CET	1.1.1.1	192.168.2.4	0xfd35	Name error (3)	gentleappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.058773994 CET	1.1.1.1	192.168.2.4	0xc29	Name error (3)	variousmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.092169046 CET	1.1.1.1	192.168.2.4	0x9388	Name error (3)	returnmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.103954077 CET	1.1.1.1	192.168.2.4	0x2648	Name error (3)	variousanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.135814905 CET	1.1.1.1	192.168.2.4	0x3754	Name error (3)	returnanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.150938988 CET	1.1.1.1	192.168.2.4	0xf8d2	Name error (3)	variousbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.183442116 CET	1.1.1.1	192.168.2.4	0xcbc4	Name error (3)	returnbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.196041107 CET	1.1.1.1	192.168.2.4	0x331a	Name error (3)	variousappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.206978083 CET	1.1.1.1	192.168.2.4	0x2738	Name error (3)	returnappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.219176054 CET	1.1.1.1	192.168.2.4	0x7fa0	Name error (3)	degreeinstead.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.250006914 CET	1.1.1.1	192.168.2.4	0xde2b	Name error (3)	forwardinstead.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.261003971 CET	1.1.1.1	192.168.2.4	0x6ec7	Name error (3)	degreeexplain.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.272048950 CET	1.1.1.1	192.168.2.4	0xd148	Name error (3)	forwardexplain.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:40.283937931 CET	1.1.1.1	192.168.2.4	0x76be	Name error (3)	degreebright.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:44.794961929 CET	1.1.1.1	192.168.2.4	0xb632	Name error (3)	returnstream.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:44.825728893 CET	1.1.1.1	192.168.2.4	0xd6c0	Name error (3)	variousnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:44.857304096 CET	1.1.1.1	192.168.2.4	0xa64c	Name error (3)	returnnothing.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:45.016032934 CET	1.1.1.1	192.168.2.4	0xc5e7	Name error (3)	variousbottle.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.888567924 CET	1.1.1.1	192.168.2.4	0xf4d4	Name error (3)	variousdivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.899014950 CET	1.1.1.1	192.168.2.4	0x6af1	Name error (3)	returndivide.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.910420895 CET	1.1.1.1	192.168.2.4	0xf3e6	Name error (3)	degreemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.921565056 CET	1.1.1.1	192.168.2.4	0xb4d	Name error (3)	forwardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.932048082 CET	1.1.1.1	192.168.2.4	0x746e	Name error (3)	degreeanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.964307070 CET	1.1.1.1	192.168.2.4	0x8f6e	Name error (3)	forwardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:46.975925922 CET	1.1.1.1	192.168.2.4	0x4b0b	Name error (3)	degreebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.008898973 CET	1.1.1.1	192.168.2.4	0xd64d	Name error (3)	forwardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.020934105 CET	1.1.1.1	192.168.2.4	0x83f6	Name error (3)	degreeappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.057761908 CET	1.1.1.1	192.168.2.4	0xa1da	Name error (3)	forwardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.069180965 CET	1.1.1.1	192.168.2.4	0xe5e4	Name error (3)	answermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.080049038 CET	1.1.1.1	192.168.2.4	0x238e	Name error (3)	glassmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.090245962 CET	1.1.1.1	192.168.2.4	0x3631	Name error (3)	answeranother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.100975037 CET	1.1.1.1	192.168.2.4	0x34af	Name error (3)	glassanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.112715006 CET	1.1.1.1	192.168.2.4	0x77ca	Name error (3)	answerbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.123624086 CET	1.1.1.1	192.168.2.4	0x1899	Name error (3)	glassbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.134490013 CET	1.1.1.1	192.168.2.4	0xaed	Name error (3)	answerappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.147768974 CET	1.1.1.1	192.168.2.4	0xa434	Name error (3)	glassappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.158231020 CET	1.1.1.1	192.168.2.4	0xe7ec	Name error (3)	difficultmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.317078114 CET	1.1.1.1	192.168.2.4	0x8cc4	Name error (3)	heardmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.333159924 CET	1.1.1.1	192.168.2.4	0x1fde	Name error (3)	difficultanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.346859932 CET	1.1.1.1	192.168.2.4	0x6a0d	Name error (3)	heardanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.359200001 CET	1.1.1.1	192.168.2.4	0x36d1	Name error (3)	difficultbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.391850948 CET	1.1.1.1	192.168.2.4	0xbe12	Name error (3)	heardbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.427040100 CET	1.1.1.1	192.168.2.4	0xfd4	Name error (3)	difficultappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.440474987 CET	1.1.1.1	192.168.2.4	0xe314	Name error (3)	heardappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.460886955 CET	1.1.1.1	192.168.2.4	0xcd8f	Name error (3)	pleasantmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.626652002 CET	1.1.1.1	192.168.2.4	0x33f	Name error (3)	necessarymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.641220093 CET	1.1.1.1	192.168.2.4	0x7212	Name error (3)	pleasantanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.651303053 CET	1.1.1.1	192.168.2.4	0xe707	Name error (3)	necessaryanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.662198067 CET	1.1.1.1	192.168.2.4	0x8a34	Name error (3)	pleasantbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.670053005 CET	1.1.1.1	192.168.2.4	0x7e7c	Name error (3)	necessarybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.680713892 CET	1.1.1.1	192.168.2.4	0xbc5	Name error (3)	pleasantappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.690711021 CET	1.1.1.1	192.168.2.4	0xf1c4	Name error (3)	necessaryappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.723037004 CET	1.1.1.1	192.168.2.4	0xc292	Name error (3)	ordermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.755445004 CET	1.1.1.1	192.168.2.4	0xc1f6	Name error (3)	requiremanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.770122051 CET	1.1.1.1	192.168.2.4	0x5690	Name error (3)	orderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.780349970 CET	1.1.1.1	192.168.2.4	0x8	Name error (3)	requireanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.792092085 CET	1.1.1.1	192.168.2.4	0x3216	Name error (3)	orderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.826440096 CET	1.1.1.1	192.168.2.4	0x292f	Name error (3)	requirebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.837580919 CET	1.1.1.1	192.168.2.4	0x2ee3	Name error (3)	orderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.847717047 CET	1.1.1.1	192.168.2.4	0x11e5	Name error (3)	requireappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.858257055 CET	1.1.1.1	192.168.2.4	0xae02	Name error (3)	leadermanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.869313955 CET	1.1.1.1	192.168.2.4	0x3c39	Name error (3)	heavenmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.880875111 CET	1.1.1.1	192.168.2.4	0xa9e5	Name error (3)	leaderanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.891768932 CET	1.1.1.1	192.168.2.4	0x3d31	Name error (3)	heavenanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.922178984 CET	1.1.1.1	192.168.2.4	0x7291	Name error (3)	leaderbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.956765890 CET	1.1.1.1	192.168.2.4	0x5446	Name error (3)	heavenbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:47.988411903 CET	1.1.1.1	192.168.2.4	0x9f17	Name error (3)	leaderappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.001230955 CET	1.1.1.1	192.168.2.4	0xaa4e	Name error (3)	heavenappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.012079000 CET	1.1.1.1	192.168.2.4	0x400d	Name error (3)	heavymanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.022928953 CET	1.1.1.1	192.168.2.4	0x15f6	Name error (3)	gentlemanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.033988953 CET	1.1.1.1	192.168.2.4	0xaab0	Name error (3)	heavyanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.045491934 CET	1.1.1.1	192.168.2.4	0x5e65	Name error (3)	gentleanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.076776028 CET	1.1.1.1	192.168.2.4	0xf649	Name error (3)	heavybusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.091249943 CET	1.1.1.1	192.168.2.4	0x325e	Name error (3)	gentlebusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.102410078 CET	1.1.1.1	192.168.2.4	0x2d4d	Name error (3)	heavyappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.266500950 CET	1.1.1.1	192.168.2.4	0x357e	Name error (3)	gentleappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.301786900 CET	1.1.1.1	192.168.2.4	0x5aa3	Name error (3)	variousmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.467585087 CET	1.1.1.1	192.168.2.4	0x5b54	Name error (3)	returnmanner.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.485132933 CET	1.1.1.1	192.168.2.4	0xbca3	Name error (3)	variousanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.497895956 CET	1.1.1.1	192.168.2.4	0x817f	Name error (3)	returnanother.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.509994030 CET	1.1.1.1	192.168.2.4	0xe295	Name error (3)	variousbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.521316051 CET	1.1.1.1	192.168.2.4	0x226e	Name error (3)	returnbusiness.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.531748056 CET	1.1.1.1	192.168.2.4	0x3889	Name error (3)	variousappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.546286106 CET	1.1.1.1	192.168.2.4	0x3dec	Name error (3)	returnappear.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.559323072 CET	1.1.1.1	192.168.2.4	0x742d	Name error (3)	degreeinstead.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.570519924 CET	1.1.1.1	192.168.2.4	0xad58	Name error (3)	forwardinstead.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.580209017 CET	1.1.1.1	192.168.2.4	0x1022	Name error (3)	degreeexplain.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.590986967 CET	1.1.1.1	192.168.2.4	0x30c0	Name error (3)	forwardexplain.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.600219011 CET	1.1.1.1	192.168.2.4	0x294b	Name error (3)	degreebright.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.616590977 CET	1.1.1.1	192.168.2.4	0x98f9	Name error (3)	forwardbright.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.629952908 CET	1.1.1.1	192.168.2.4	0xe175	Name error (3)	degreeinside.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.662926912 CET	1.1.1.1	192.168.2.4	0x1acb	Name error (3)	forwardinside.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.676250935 CET	1.1.1.1	192.168.2.4	0x823d	Name error (3)	answerinstead.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.685978889 CET	1.1.1.1	192.168.2.4	0x2edd	Name error (3)	glassinstead.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.696657896 CET	1.1.1.1	192.168.2.4	0xb23e	Name error (3)	answerexplain.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.706851959 CET	1.1.1.1	192.168.2.4	0xf73a	Name error (3)	glassexplain.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:48.861963987 CET	1.1.1.1	192.168.2.4	0x1041	Name error (3)	answerbright.net	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 13:08:49.427284956 CET	1.1.1.1	192.168.2.4	0x54ff	No error (0)	glassbright.net	7450.bodis.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 7, 2024 13:08:49.427284956 CET	1.1.1.1	192.168.2.4	0x54ff	No error (0)	7450.bodis.com		199.59.243.227	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pleasantstream.net

orderstream.net

variousstream.net

returnbottle.net

glassbright.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	18.143.155.63	80	9620	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:06:45.535998106 CET	85	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: pleasantstream.net
Nov 7, 2024 13:06:46.959748983 CET	389	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Nov 2024 12:06:46 GMT Content-Type: text/html Connection: close Set-Cookie: btst=ac29fb7ec69a50e8954fb300e6ea7266\|173.254.250.79\|1730981206\|1730981206\|0\|1\|0; path=/; domain=.pleasantstream.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=173.254.250.79; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	37.97.254.27	80	9620	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:06:47.665627003 CET	82	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: orderstream.net
Nov 7, 2024 13:06:48.509088039 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 02 Apr 2024 11:23:50 GMT Server: Apache Last-Modified: Mon, 04 Mar 2024 08:41:05 GMT Vary: Accept-Encoding Content-Type: text/html Cache-Control: max-age=31536000 X-Varnish: 218198740 34925 Age: 18924178 Via: 1.1 varnish (Varnish/6.1) Accept-Ranges: bytes Content-Length: 64674 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 [TRUNCATED] Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs
Nov 7, 2024 13:06:48.509113073 CET	1236	IN	Data Raw: 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 Data Ascii: -6 reserved-nav-left reserved-nav-brand"> <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg"
Nov 7, 2024 13:06:48.509125948 CET	424	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 30 2d 30 2e 39 2c 30 2e 33 2d 31 2e 34 2c 33 2e 32 2d 31 2e 34 68 33 2e 33 63 33 2e 35 2c 30 2c 34 2e 38 2c 30 2e 33 2c 34 2e 38 2c 32 2e 33 76 31 2e 38 63 2d 30 2e 38 2d 30 2e 39 Data Ascii: c0-0.9,0.3-1.4,3.2-1.4h3.3c3.5,0,4.8,0.3,4.8,2.3v1.8c-0.8-0.9-2.1-1.1-4.6-1.1h-3.6c-2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,
Nov 7, 2024 13:06:48.509227991 CET	1236	IN	Data Raw: 34 2c 36 34 2e 36 2c 34 2e 34 48 36 31 2e 32 63 2d 32 2e 35 2c 30 2d 34 2e 33 2c 30 2e 33 2d 35 2e 33 2c 31 2e 38 56 34 2e 36 68 2d 32 2e 35 76 31 32 2e 35 68 32 2e 37 56 31 30 63 30 2d 32 2e 37 2c 31 2d 33 2e 35 2c 36 2e 33 2d 33 2e 35 48 36 33 Data Ascii: 4,64.6,4.4H61.2c-2.5,0-4.3,0.3-5.3,1.8V4.6h-2.5v12.5h2.7V10c0-2.7,1-3.5,6.3-3.5H63 c4.4,0.1,4.7,1,4.7,2.7V17.1h2.7V8.8C70.3,7.6,70,6.5,69.1,5.7z"/> <path class="transip-logo-part" d="
Nov 7, 2024 13:06:48.509242058 CET	1236	IN	Data Raw: 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: </g> <g> <g> <rect class="transip-logo-part" x="96.5" y="4.6" fill="#187DC1" width="2.7" height="12.5"/> </g>
Nov 7, 2024 13:06:48.509253979 CET	424	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 74 72 61 6e 73 69 70 2d 6c 6f 67 6f 2d 70 61 72 74 22 20 64 3d 22 4d 31 32 2e 37 2c 31 32 2e 34 63 2d 30 2e 31 2c 32 2e 35 2d 30 2e 33 2c 32 2e Data Ascii: <path class="transip-logo-part" d="M12.7,12.4c-0.1,2.5-0.3,2.8-3.2,2.898H8.7c-2.4-0.1-3.1-0.6-3.1-2.699V6.7h9V4.6h-9V1.8H2.9v2.9H0v2.1h2.9V13.4 c0,1,0.3,2.1,1.1,2.8c0.8,0.8,2.2,1.2,4.3,1.2h1
Nov 7, 2024 13:06:48.509268045 CET	1236	IN	Data Raw: 2e 33 2d 33 2e 39 2c 31 2e 35 56 34 2e 36 68 2d 32 2e 35 76 31 32 2e 35 68 32 2e 37 56 39 2e 33 63 30 2d 31 2e 35 2c 31 2d 32 2e 37 2c 33 2e 33 2d 32 2e 37 48 32 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: .3-3.9,1.5V4.6h-2.5v12.5h2.7V9.3c0-1.5,1-2.7,3.3-2.7H25 c4,0.1,4.4,0.3,4.5,3.3v0.7H32V8.9C31.9,7.4,31.5,6.2,30.6,5.5z"/> <path class="transip-logo-part" d="M48,13.7c0,0.7-0.3,1-1.2,1.
Nov 7, 2024 13:06:48.509584904 CET	1236	IN	Data Raw: 2c 30 2e 31 2d 30 2e 39 2c 30 2e 36 2d 31 2e 31 63 30 2e 35 2d 30 2e 32 2c 31 2e 35 2d 30 2e 33 2c 33 2e 31 30 31 2d 30 2e 33 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 48 38 33 2e 33 63 31 Data Ascii: ,0.1-0.9,0.6-1.1c0.5-0.2,1.5-0.3,3.101-0.3 H83.3c1.2,0,2.2,0,2.8,0.2C86.7,7,87,7.3,87,8.2v0.3h2.5V7.7c0-0.9-0.2-1.8-1.1-2.3c-0.9-0.6-2.4-0.9-4.9-0.9H80 c-2.8,0-4.5,0.3-5.6,0.8c-1,
Nov 7, 2024 13:06:48.509597063 CET	424	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 74 72 61 6e 73 69 70 2d 6c Data Ascii: <g> <path class="transip-logo-part" fill="#187DC1" d="M117.3,12.2c0,2.7-1.3,3.1-4,3.1h-4c-2.399,0-4.1-0.399-4.2-3.2V9.8c0-2,1-3.3,3.9-3.3h4.5 c3.1,
Nov 7, 2024 13:06:48.509664059 CET	1236	IN	Data Raw: 31 37 2e 34 68 34 2e 33 63 32 2e 33 2c 30 2c 34 2d 30 2e 33 30 31 2c 35 2e 32 2d 31 2e 32 63 31 2e 31 2d 30 2e 39 2c 31 2e 36 2d 32 2e 33 2c 31 2e 36 2d 34 2e 33 56 39 2e 38 43 31 32 30 2c 37 2e 36 2c 31 31 39 2e 32 2c 36 2e 33 2c 31 31 38 2c 35 Data Ascii: 17.4h4.3c2.3,0,4-0.301,5.2-1.2c1.1-0.9,1.6-2.3,1.6-4.3V9.8C120,7.6,119.2,6.3,118,5.5z"/> </g> </g> </svg> </a> </div>
Nov 7, 2024 13:06:48.514092922 CET	1236	IN	Data Raw: 31 70 74 22 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 30 30 36 22 20 64 3d 22 4d 2d 32 35 36 20 30 48 37 36 38 2e 30 32 76 35 31 32 2e 30 31 48 2d 32 35 36 7a 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 2d 32 35 36 20 30 76 35 37 2e 32 34 34 6c 39 30 Data Ascii: 1pt"><path fill="#006" d="M-256 0H768.02v512.01H-256z"/><path d="M-256 0v57.244l909.535 454.768H768.02V454.77L-141.515 0H-256zM768.02 0v57.243L-141.515 512.01H-256v-57.243L653.535 0H768.02z" fill="#fff"/><path d="M170.675 0v512.01h170.67V0h-17

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	199.59.243.227	80	9620	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:06:49.988121033 CET	84	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: variousstream.net
Nov 7, 2024 13:06:50.622215033 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 07 Nov 2024 12:06:49 GMT content-type: text/html; charset=utf-8 content-length: 1066 x-request-id: 56f46347-02a5-44eb-ac09-b031399d96ce cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ== set-cookie: parking_session=56f46347-02a5-44eb-ac09-b031399d96ce; expires=Thu, 07 Nov 2024 12:21:50 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 53 48 57 78 4b 61 44 77 6f 44 6f 77 66 36 4c 4b 38 37 48 37 43 67 61 6e 64 75 64 43 5a 44 6d 51 47 5a 44 66 75 6c 48 7a 46 33 2b 71 61 37 37 57 52 36 7a 53 41 4f 70 32 47 6e 6f 6d 44 4b 45 7a 61 45 62 64 50 67 46 4f 47 31 48 77 38 41 67 68 7a 4e 4e 74 45 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 7, 2024 13:06:50.622250080 CET	519	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTZmNDYzNDctMDJhNS00NGViLWFjMDktYjAzMTM5OWQ5NmNlIiwicGFnZV90aW1lIjoxNzMwOTgxMj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	18.143.155.63	80	9620	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:06:51.061451912 CET	83	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: returnbottle.net
Nov 7, 2024 13:06:52.498637915 CET	387	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Nov 2024 12:06:52 GMT Content-Type: text/html Connection: close Set-Cookie: btst=088b4d86a5decc4af44d252ae015aae7\|173.254.250.79\|1730981212\|1730981212\|0\|1\|0; path=/; domain=.returnbottle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=173.254.250.79; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49897	18.143.155.63	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:07.348716974 CET	85	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: pleasantstream.net
Nov 7, 2024 13:08:08.773475885 CET	389	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Nov 2024 12:08:08 GMT Content-Type: text/html Connection: close Set-Cookie: btst=47889931109c3be7de387ed98ba17514\|173.254.250.79\|1730981288\|1730981288\|0\|1\|0; path=/; domain=.pleasantstream.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=173.254.250.79; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49905	37.97.254.27	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:08.906255960 CET	82	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: orderstream.net
Nov 7, 2024 13:08:09.719654083 CET	1236	IN	HTTP/1.1 200 OK Date: Tue, 02 Apr 2024 11:23:50 GMT Server: Apache Last-Modified: Mon, 04 Mar 2024 08:41:05 GMT Vary: Accept-Encoding Content-Type: text/html Cache-Control: max-age=31536000 X-Varnish: 218098319 34925 Age: 18924259 Via: 1.1 varnish (Varnish/6.1) Accept-Ranges: bytes Content-Length: 64674 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 [TRUNCATED] Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs
Nov 7, 2024 13:08:09.719680071 CET	212	IN	Data Raw: 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 Data Ascii: -6 reserved-nav-left reserved-nav-brand"> <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xml
Nov 7, 2024 13:08:09.719695091 CET	1236	IN	Data Raw: 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 6d 6c 3a 73 70 61 Data Ascii: ns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <path class="transip-logo-part" d="M12.7,12.4c-0.1,2.5-0.3,2.8-3.2,2.898H8.7c-2.4-0.1-3.1-0.6-3.1-2.699V6.7h9V4.6h-9V1
Nov 7, 2024 13:08:09.719748020 CET	1236	IN	Data Raw: 63 30 2e 37 2c 30 2e 36 39 39 2c 31 2e 38 2c 31 2c 33 2e 36 2c 31 68 35 2e 34 63 32 2e 39 2c 30 2c 34 2d 30 2e 31 39 39 2c 34 2e 36 2d 31 76 30 2e 38 30 31 68 32 2e 37 56 38 2e 38 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/> <path class="transip-logo-part" d="M69.1,5.7C68.2,4.9,66.7,4.4,64.6,4.4H61.2c-2.5,0-4.3,0.3-
Nov 7, 2024 13:08:09.719762087 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 72 65 63 74 20 63 6c 61 73 73 3d 22 74 72 61 6e Data Ascii: <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g> </g>
Nov 7, 2024 13:08:09.720002890 CET	636	IN	Data Raw: 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 65 6e 20 68 69 64 64 65 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 Data Ascii: -brand-link lang_en hidden" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <path clas
Nov 7, 2024 13:08:09.720016956 CET	1236	IN	Data Raw: 2e 33 2d 33 2e 39 2c 31 2e 35 56 34 2e 36 68 2d 32 2e 35 76 31 32 2e 35 68 32 2e 37 56 39 2e 33 63 30 2d 31 2e 35 2c 31 2d 32 2e 37 2c 33 2e 33 2d 32 2e 37 48 32 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: .3-3.9,1.5V4.6h-2.5v12.5h2.7V9.3c0-1.5,1-2.7,3.3-2.7H25 c4,0.1,4.4,0.3,4.5,3.3v0.7H32V8.9C31.9,7.4,31.5,6.2,30.6,5.5z"/> <path class="transip-logo-part" d="M48,13.7c0,0.7-0.3,1-1.2,1.
Nov 7, 2024 13:08:09.720033884 CET	1236	IN	Data Raw: 2c 30 2e 31 2d 30 2e 39 2c 30 2e 36 2d 31 2e 31 63 30 2e 35 2d 30 2e 32 2c 31 2e 35 2d 30 2e 33 2c 33 2e 31 30 31 2d 30 2e 33 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 48 38 33 2e 33 63 31 Data Ascii: ,0.1-0.9,0.6-1.1c0.5-0.2,1.5-0.3,3.101-0.3 H83.3c1.2,0,2.2,0,2.8,0.2C86.7,7,87,7.3,87,8.2v0.3h2.5V7.7c0-0.9-0.2-1.8-1.1-2.3c-0.9-0.6-2.4-0.9-4.9-0.9H80 c-2.8,0-4.5,0.3-5.6,0.8c-1,
Nov 7, 2024 13:08:09.720045090 CET	424	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 74 72 61 6e 73 69 70 2d 6c Data Ascii: <g> <path class="transip-logo-part" fill="#187DC1" d="M117.3,12.2c0,2.7-1.3,3.1-4,3.1h-4c-2.399,0-4.1-0.399-4.2-3.2V9.8c0-2,1-3.3,3.9-3.3h4.5 c3.1,
Nov 7, 2024 13:08:09.720057011 CET	1236	IN	Data Raw: 31 37 2e 34 68 34 2e 33 63 32 2e 33 2c 30 2c 34 2d 30 2e 33 30 31 2c 35 2e 32 2d 31 2e 32 63 31 2e 31 2d 30 2e 39 2c 31 2e 36 2d 32 2e 33 2c 31 2e 36 2d 34 2e 33 56 39 2e 38 43 31 32 30 2c 37 2e 36 2c 31 31 39 2e 32 2c 36 2e 33 2c 31 31 38 2c 35 Data Ascii: 17.4h4.3c2.3,0,4-0.301,5.2-1.2c1.1-0.9,1.6-2.3,1.6-4.3V9.8C120,7.6,119.2,6.3,118,5.5z"/> </g> </g> </svg> </a> </div>
Nov 7, 2024 13:08:09.724658966 CET	1236	IN	Data Raw: 31 70 74 22 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 30 30 36 22 20 64 3d 22 4d 2d 32 35 36 20 30 48 37 36 38 2e 30 32 76 35 31 32 2e 30 31 48 2d 32 35 36 7a 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 2d 32 35 36 20 30 76 35 37 2e 32 34 34 6c 39 30 Data Ascii: 1pt"><path fill="#006" d="M-256 0H768.02v512.01H-256z"/><path d="M-256 0v57.244l909.535 454.768H768.02V454.77L-141.515 0H-256zM768.02 0v57.243L-141.515 512.01H-256v-57.243L653.535 0H768.02z" fill="#fff"/><path d="M170.675 0v512.01h170.67V0h-17

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49916	199.59.243.227	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:10.960829973 CET	84	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: variousstream.net
Nov 7, 2024 13:08:11.588771105 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 07 Nov 2024 12:08:10 GMT content-type: text/html; charset=utf-8 content-length: 1066 x-request-id: 2d2dbdd5-4961-4be6-87ef-5dd2e9b89df7 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ== set-cookie: parking_session=2d2dbdd5-4961-4be6-87ef-5dd2e9b89df7; expires=Thu, 07 Nov 2024 12:23:11 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 53 48 57 78 4b 61 44 77 6f 44 6f 77 66 36 4c 4b 38 37 48 37 43 67 61 6e 64 75 64 43 5a 44 6d 51 47 5a 44 66 75 6c 48 7a 46 33 2b 71 61 37 37 57 52 36 7a 53 41 4f 70 32 47 6e 6f 6d 44 4b 45 7a 61 45 62 64 50 67 46 4f 47 31 48 77 38 41 67 68 7a 4e 4e 74 45 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 7, 2024 13:08:11.588793039 CET	519	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmQyZGJkZDUtNDk2MS00YmU2LTg3ZWYtNWRkMmU5Yjg5ZGY3IiwicGFnZV90aW1lIjoxNzMwOTgxMj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49920	18.143.155.63	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:11.663703918 CET	83	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: returnbottle.net
Nov 7, 2024 13:08:13.083472967 CET	387	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Nov 2024 12:08:12 GMT Content-Type: text/html Connection: close Set-Cookie: btst=6bc3e5d87d9eb001e38b0fa3a696abd7\|173.254.250.79\|1730981292\|1730981292\|0\|1\|0; path=/; domain=.returnbottle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=173.254.250.79; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49955	199.59.243.227	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:19.000924110 CET	84	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: variousstream.net
Nov 7, 2024 13:08:19.640043974 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 07 Nov 2024 12:08:18 GMT content-type: text/html; charset=utf-8 content-length: 1066 x-request-id: c10772ec-e8c2-4f57-a58f-37d878a96585 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ== set-cookie: parking_session=c10772ec-e8c2-4f57-a58f-37d878a96585; expires=Thu, 07 Nov 2024 12:23:19 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 53 48 57 78 4b 61 44 77 6f 44 6f 77 66 36 4c 4b 38 37 48 37 43 67 61 6e 64 75 64 43 5a 44 6d 51 47 5a 44 66 75 6c 48 7a 46 33 2b 71 61 37 37 57 52 36 7a 53 41 4f 70 32 47 6e 6f 6d 44 4b 45 7a 61 45 62 64 50 67 46 4f 47 31 48 77 38 41 67 68 7a 4e 4e 74 45 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 7, 2024 13:08:19.640065908 CET	519	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzEwNzcyZWMtZThjMi00ZjU3LWE1OGYtMzdkODc4YTk2NTg1IiwicGFnZV90aW1lIjoxNzMwOTgxMj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49960	18.143.155.63	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:19.759273052 CET	83	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: returnbottle.net
Nov 7, 2024 13:08:21.172678947 CET	387	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Nov 2024 12:08:20 GMT Content-Type: text/html Connection: close Set-Cookie: btst=56b6a2574bc7255f6993c6439b40612c\|173.254.250.79\|1730981300\|1730981300\|0\|1\|0; path=/; domain=.returnbottle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=173.254.250.79; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49996	199.59.243.227	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:27.227600098 CET	84	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: variousstream.net
Nov 7, 2024 13:08:27.855182886 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 07 Nov 2024 12:08:27 GMT content-type: text/html; charset=utf-8 content-length: 1066 x-request-id: e814f992-bc3b-4283-b83c-a66b22e11461 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ== set-cookie: parking_session=e814f992-bc3b-4283-b83c-a66b22e11461; expires=Thu, 07 Nov 2024 12:23:27 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 53 48 57 78 4b 61 44 77 6f 44 6f 77 66 36 4c 4b 38 37 48 37 43 67 61 6e 64 75 64 43 5a 44 6d 51 47 5a 44 66 75 6c 48 7a 46 33 2b 71 61 37 37 57 52 36 7a 53 41 4f 70 32 47 6e 6f 6d 44 4b 45 7a 61 45 62 64 50 67 46 4f 47 31 48 77 38 41 67 68 7a 4e 4e 74 45 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 7, 2024 13:08:27.855333090 CET	519	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZTgxNGY5OTItYmMzYi00MjgzLWI4M2MtYTY2YjIyZTExNDYxIiwicGFnZV90aW1lIjoxNzMwOTgxMz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50002	18.143.155.63	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:28.031955957 CET	83	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: returnbottle.net
Nov 7, 2024 13:08:29.458837032 CET	387	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Nov 2024 12:08:29 GMT Content-Type: text/html Connection: close Set-Cookie: btst=28ca203fd6cc41c15e214098eadcea3c\|173.254.250.79\|1730981309\|1730981309\|0\|1\|0; path=/; domain=.returnbottle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=173.254.250.79; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50014	199.59.243.227	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:35.765726089 CET	84	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: variousstream.net
Nov 7, 2024 13:08:36.389648914 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 07 Nov 2024 12:08:35 GMT content-type: text/html; charset=utf-8 content-length: 1066 x-request-id: 9e20ce47-0b21-461d-b74a-7641df96b719 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ== set-cookie: parking_session=9e20ce47-0b21-461d-b74a-7641df96b719; expires=Thu, 07 Nov 2024 12:23:36 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 53 48 57 78 4b 61 44 77 6f 44 6f 77 66 36 4c 4b 38 37 48 37 43 67 61 6e 64 75 64 43 5a 44 6d 51 47 5a 44 66 75 6c 48 7a 46 33 2b 71 61 37 37 57 52 36 7a 53 41 4f 70 32 47 6e 6f 6d 44 4b 45 7a 61 45 62 64 50 67 46 4f 47 31 48 77 38 41 67 68 7a 4e 4e 74 45 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_SHWxKaDwoDowf6LK87H7CgandudCZDmQGZDfulHzF3+qa77WR6zSAOp2GnomDKEzaEbdPgFOG1Hw8AghzNNtEQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 7, 2024 13:08:36.389678001 CET	519	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWUyMGNlNDctMGIyMS00NjFkLWI3NGEtNzY0MWRmOTZiNzE5IiwicGFnZV90aW1lIjoxNzMwOTgxMz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50015	18.143.155.63	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:36.441529036 CET	83	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: returnbottle.net
Nov 7, 2024 13:08:37.889174938 CET	387	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Nov 2024 12:08:37 GMT Content-Type: text/html Connection: close Set-Cookie: btst=fced13c97496fcddd48e56cf2b7270c6\|173.254.250.79\|1730981317\|1730981317\|0\|1\|0; path=/; domain=.returnbottle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=173.254.250.79; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	52241	18.143.155.63	80	9152	C:\qkcgyxexucxsiyk\bsiphbvc.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:45.036760092 CET	83	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: returnbottle.net
Nov 7, 2024 13:08:46.459434986 CET	387	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 07 Nov 2024 12:08:46 GMT Content-Type: text/html Connection: close Set-Cookie: btst=96d75ca74a51132a5abd4e7204d7064a\|173.254.250.79\|1730981326\|1730981326\|0\|1\|0; path=/; domain=.returnbottle.net; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=173.254.250.79; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	52242	199.59.243.227	80

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 13:08:49.437743902 CET	82	OUT	GET /index.php HTTP/1.0 Accept: / Connection: close Host: glassbright.net
Nov 7, 2024 13:08:50.064212084 CET	1236	IN	HTTP/1.1 200 OK date: Thu, 07 Nov 2024 12:08:49 GMT content-type: text/html; charset=utf-8 content-length: 1062 x-request-id: ff5ee2f0-f2c3-45ee-b63c-5e2e082f0302 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_s1OLzxnUOnEH716kBpk/hwkQW3g8J3psjBCQ57GUAZtZS2F4eueKl4iEoqmB9qt7hkS99NIC/yKfNwi3+MVPyg== set-cookie: parking_session=ff5ee2f0-f2c3-45ee-b63c-5e2e082f0302; expires=Thu, 07 Nov 2024 12:23:49 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 73 31 4f 4c 7a 78 6e 55 4f 6e 45 48 37 31 36 6b 42 70 6b 2f 68 77 6b 51 57 33 67 38 4a 33 70 73 6a 42 43 51 35 37 47 55 41 5a 74 5a 53 32 46 34 65 75 65 4b 6c 34 69 45 6f 71 6d 42 39 71 74 37 68 6b 53 39 39 4e 49 43 2f 79 4b 66 4e 77 69 33 2b 4d 56 50 79 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_s1OLzxnUOnEH716kBpk/hwkQW3g8J3psjBCQ57GUAZtZS2F4eueKl4iEoqmB9qt7hkS99NIC/yKfNwi3+MVPyg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
Nov 7, 2024 13:08:50.064956903 CET	515	IN	Data Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmY1ZWUyZjAtZjJjMy00NWVlLWI2M2MtNWUyZTA4MmYwMzAyIiwicGFnZV90aW1lIjoxNzMwOTgxMz

Target ID:	0
Start time:	07:06:41
Start date:	07/11/2024
Path:	C:\Users\user\Desktop\DBROG0eWH7.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\DBROG0eWH7.exe"
Imagebase:	0xd40000
File size:	357'376 bytes
MD5 hash:	FA91458E80BA750FDA0B41D2B88AE1B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	07:06:42
Start date:	07/11/2024
Path:	C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe
Wow64 process (32bit):	true
Commandline:	"C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe"
Imagebase:	0x1d0000
File size:	357'376 bytes
MD5 hash:	FA91458E80BA750FDA0B41D2B88AE1B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	07:06:42
Start date:	07/11/2024
Path:	C:\qkcgyxexucxsiyk\bsiphbvc.exe
Wow64 process (32bit):	true
Commandline:	C:\qkcgyxexucxsiyk\bsiphbvc.exe
Imagebase:	0x90000
File size:	357'376 bytes
MD5 hash:	FA91458E80BA750FDA0B41D2B88AE1B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:06:42
Start date:	07/11/2024
Path:	C:\qkcgyxexucxsiyk\jqvkzish.exe
Wow64 process (32bit):	true
Commandline:	frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe"
Imagebase:	0x2f0000
File size:	357'376 bytes
MD5 hash:	FA91458E80BA750FDA0B41D2B88AE1B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:06:43
Start date:	07/11/2024
Path:	C:\qkcgyxexucxsiyk\bsiphbvc.exe
Wow64 process (32bit):	true
Commandline:	"C:\qkcgyxexucxsiyk\bsiphbvc.exe"
Imagebase:	0x90000
File size:	357'376 bytes
MD5 hash:	FA91458E80BA750FDA0B41D2B88AE1B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	07:08:02
Start date:	07/11/2024
Path:	C:\qkcgyxexucxsiyk\bsiphbvc.exe
Wow64 process (32bit):	true
Commandline:	"c:\qkcgyxexucxsiyk\bsiphbvc.exe"
Imagebase:	0x90000
File size:	357'376 bytes
MD5 hash:	FA91458E80BA750FDA0B41D2B88AE1B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	07:08:04
Start date:	07/11/2024
Path:	C:\qkcgyxexucxsiyk\jqvkzish.exe
Wow64 process (32bit):	true
Commandline:	frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe"
Imagebase:	0x3e0000
File size:	357'376 bytes
MD5 hash:	FA91458E80BA750FDA0B41D2B88AE1B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	15.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	44.1%
Total number of Nodes:	1703
Total number of Limit Nodes:	50

Executed Functions

Function 00D51B80 Relevance: 219.4, APIs: 115, Strings: 8, Instructions: 4198COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00D52593
_memset.LIBCMT ref: 00D5262A

Strings

E:9, xrefs: 00D5204E
->`b, xrefs: 00D54AE3
yG_5, xrefs: 00D53049, 00D537CA
)bg, xrefs: 00D537CD
C:\Users\user, xrefs: 00D55897
jz8, xrefs: 00D55AA2
E:9, xrefs: 00D56915, 00D52459
yG_5, xrefs: 00D52106

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: _malloc_memset
String ID: ->`b$C:\Users\user$yG_5$yG_5$)bg$E:9$E:9$jz8
API String ID: 4137368368-806300838
Opcode ID: cfa249d1e5d64144171a30251d48d695378738742af87125795eaa2814712d67
Instruction ID: defb2e3f708219bda75791a8a0b51fb835d8e233170bb6217a35c393ae360d0e
Opcode Fuzzy Hash: cfa249d1e5d64144171a30251d48d695378738742af87125795eaa2814712d67
Instruction Fuzzy Hash: 1F939C31C10B48AAD712DF75EC51A69B774FF5A780F008317E909BA2A2FB7199D1CB60

Function 00D410A0 Relevance: 85.0, APIs: 13, Strings: 33, Instructions: 4533libraryloaderthreadCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(Ker), ref: 00D41DBD
GetProcAddress.KERNEL32(00007243), ref: 00D42066
GetProcAddress.KERNEL32(Creat), ref: 00D421F4
GetProcAddress.KERNEL32(SetEv), ref: 00D42306
GetProcAddress.KERNEL32(00006157), ref: 00D424D3
GetProcAddress.KERNEL32(CloseHandleSetEv), ref: 00D428DD
GetProcAddress.KERNEL32(65656C53), ref: 00D42A92
_memset.LIBCMT ref: 00D42DC4
CreateThread.KERNELBASE(00000000,00000000,00D57490,00000128,00000000,00000000), ref: 00D439A6
CloseHandle.KERNELBASE(00000000,?,?,00000000), ref: 00D43D76

Strings

ct, xrefs: 00D41AE4
T+, xrefs: 00D4552F
rSin, xrefs: 00D41ABC
Slee, xrefs: 00D41B1E
gl, xrefs: 00D41B28
Cr, xrefs: 00D41B62
vent, xrefs: 00D41AA9
2., xrefs: 00D41B80
tF, xrefs: 00D41B15
U;8, xrefs: 00D447AE
i, xrefs: 00D41B72
Wa, xrefs: 00D41A82
ead, xrefs: 00D41A8B
ent, xrefs: 00D41A9F
E, xrefs: 00D41B79
i}kN, xrefs: 00D413BF
o, xrefs: 00D41B52
CloseHandleSetEv, xrefs: 00D428C6, 00D428CC
"}N, xrefs: 00D4138B
dll, xrefs: 00D41AED
A, xrefs: 00D41B59
e, xrefs: 00D41B42
eObj, xrefs: 00D41ADA
SetEv, xrefs: 00D422F9, 00D422FF
Ker, xrefs: 00D41DB6, 00D41DBC
8e#!, xrefs: 00D418FA
eate, xrefs: 00D41B01
eThr, xrefs: 00D41B31
fM, xrefs: 00D41339
]D87, xrefs: 00D41130
Creat, xrefs: 00D421C7, 00D421E1
p, xrefs: 00D41B49
nel3, xrefs: 00D41A95

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: AddressProc$Handle$CloseCreateModuleThread_memset
String ID: U;8$"}N$2.$8e#!$A$CloseHandleSetEv$Cr$Creat$E$Ker$SetEv$Slee$T+$Wa$]D87$ct$dll$e$eObj$eThr$ead$eate$ent$fM$gl$i$i}kN$nel3$o$p$rSin$tF$vent
API String ID: 3360259145-1701805576
Opcode ID: 44117ffa0953f3da6cd0ab4e8fbf795d32acd287b1b187157abaf3d0e54ca9a3
Instruction ID: 6cb185b76c12f20b40cac0490767c911959e17a3537be417c3ae9dbb1d536c64
Opcode Fuzzy Hash: 44117ffa0953f3da6cd0ab4e8fbf795d32acd287b1b187157abaf3d0e54ca9a3
Instruction Fuzzy Hash: DEB32931C20B599EC753CF7698512A9B378BF9A381F148387E809F6261EB3459D2DF24

Function 00D500B0 Relevance: 39.4, APIs: 19, Strings: 3, Instructions: 900
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExA.KERNEL32(00D944C8,74DEF550,00000000,00000000), ref: 00D50305
CreateDirectoryA.KERNELBASE(?,00000000), ref: 00D50575

Part of subcall function 00D4E550: _memset.LIBCMT ref: 00D4E56E
Part of subcall function 00D4E550: _free.LIBCMT ref: 00D4E596

DeleteFileA.KERNELBASE(?,?,?,?,?,?,00000000), ref: 00D50698
RemoveDirectoryA.KERNELBASE(00000000,?,?,?,?,?,00000000), ref: 00D506CE
CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00D507F4
_strcat.LIBCMT ref: 00D50806
CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D5089E
__snprintf.LIBCMT ref: 00D509E9
CreateDirectoryA.KERNEL32(?,00000000), ref: 00D50AE1

Part of subcall function 00D4E120: _malloc.LIBCMT ref: 00D4E1CF

__snprintf.LIBCMT ref: 00D50A8E
_strcat.LIBCMT ref: 00D50B68
CreateDirectoryA.KERNEL32(?,00000000), ref: 00D50B9D
GetTempPathA.KERNEL32(00000104,?,?,?,?,?,?,00000000), ref: 00D50D22
_strcat.LIBCMT ref: 00D50E50
CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00D50E8C
GetTempPathA.KERNEL32(00000104,?,?,?,?,?,?,00000000), ref: 00D50FB1
_strcat.LIBCMT ref: 00D50FD2
SetFileAttributesA.KERNELBASE(?,00000002,?,?,?,?,?,?,00000000), ref: 00D510C4
_memset.LIBCMT ref: 00D510D8

Strings

\, xrefs: 00D50DBC
C:\qkcgyxexucxsiyk\, xrefs: 00D50801, 00D50B63, 00D50E4B, 00D50FCD
C:\Users\user, xrefs: 00D509DD, 00D50A7C

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: Directory$Create$_strcat$FilePathTemp__snprintf_memset$AttributesDeleteRemoveVersion_free_malloc
String ID: C:\Users\user$C:\qkcgyxexucxsiyk\$\
API String ID: 1290010854-488630046
Opcode ID: 237bed2beb6e8e5cc029479d0047762389692985dc80e785e384a52933031fe0
Instruction ID: dc46e6e2750dc786052a815e1723c85a271bab456c8853002b43abf5065dcdf4
Opcode Fuzzy Hash: 237bed2beb6e8e5cc029479d0047762389692985dc80e785e384a52933031fe0
Instruction Fuzzy Hash: 47928D31C10B49AACB02DFB6DC416ADB778BF5A344F148716E805F62A2FB3066C5DB64

Function 00D4A590 Relevance: 9.2, APIs: 6, Instructions: 219
filesleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D696C0: _strcat.LIBCMT ref: 00D696E2

Sleep.KERNELBASE(000003E8,?,00000000,00000000), ref: 00D4A653
FindFirstFileA.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D4A816
DeleteFileA.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D4A8C7
FindNextFileA.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D4A8D5
FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D4A914
_memset.LIBCMT ref: 00D4A95F

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: FileFind$CloseDeleteFirstNextSleep_memset_strcat
String ID:
API String ID: 1172265220-0
Opcode ID: 435d162f3ae292a2e1cc3f4e486e86450348f2059c5644217d17d8aa8c61875b
Instruction ID: b22c2bfbb1267c8c0ff6702dba3c2a63c9b9fa311bef41bf01810ef278773623
Opcode Fuzzy Hash: 435d162f3ae292a2e1cc3f4e486e86450348f2059c5644217d17d8aa8c61875b
Instruction Fuzzy Hash: C1A15D35C10B0CAACB02DFB5D8516ADB778FF59340F148357E90AB6261EB349A86CB61

Function 00D62230 Relevance: 4.6, APIs: 3, Instructions: 88
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00D622ED
CheckTokenMembership.KERNELBASE(00000000,?,?), ref: 00D62311
FreeSid.ADVAPI32(?), ref: 00D62380

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: fbde97a5b0cab6c1e2432f86d9e96d6de60f82901022ae3353d24a3d206d4303
Instruction ID: 5327dd9629d2e92db08a3186d4e3b80e6c072782ffb06af155a5af4c44eb235c
Opcode Fuzzy Hash: fbde97a5b0cab6c1e2432f86d9e96d6de60f82901022ae3353d24a3d206d4303
Instruction Fuzzy Hash: 2F413D35D10B09AAC702CFB4D8516AEB7B8FF1A381F108357E805FA351EB305A82DB64

Function 00D51B40 Relevance: 273.0, APIs: 145, Strings: 8, Instructions: 5246COMMON

Download Yara Rule

APIs

Part of subcall function 00D4B2A0: WaitForSingleObject.KERNEL32(?,00004E20), ref: 00D4B2C5

Part of subcall function 00D6FF22: _doexit.LIBCMT ref: 00D6FF2C

_malloc.LIBCMT ref: 00D52593
_memset.LIBCMT ref: 00D5262A

Strings

E:9, xrefs: 00D5204E
->`b, xrefs: 00D54AE3
yG_5, xrefs: 00D53049, 00D537CA
)bg, xrefs: 00D537CD
C:\Users\user, xrefs: 00D55897
jz8, xrefs: 00D55AA2
E:9, xrefs: 00D56915, 00D52459
yG_5, xrefs: 00D52106

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: ObjectSingleWait_doexit_malloc_memset
String ID: ->`b$C:\Users\user$yG_5$yG_5$)bg$E:9$E:9$jz8
API String ID: 3291073784-806300838
Opcode ID: 57d5c98e19d01fbedefd1fefe93aac1984fd171fa3336c4192b40da954d91a4e
Instruction ID: 3e13cce4fd089dc01b42e1160bc0c21881bb5f0884de77eec8f8932eeabb07a1
Opcode Fuzzy Hash: 57d5c98e19d01fbedefd1fefe93aac1984fd171fa3336c4192b40da954d91a4e
Instruction Fuzzy Hash: 83B39D31C10B48AAD712DF75EC51AA9B774FF5A780F008357E909B62A2FB7099D1CB60

Function 00D70A9D Relevance: 19.6, APIs: 13, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___security_init_cookie.LIBCMT ref: 00D70A9D
___crtGetShowWindowMode.LIBCMT ref: 00D70AB3

Part of subcall function 00D71D30: GetStartupInfoW.KERNEL32(?), ref: 00D71D3A

_fast_error_exit.LIBCMT ref: 00D70B16
_fast_error_exit.LIBCMT ref: 00D70B27
__RTC_Initialize.LIBCMT ref: 00D70B2D
__ioinit.LIBCMT ref: 00D70B36
_fast_error_exit.LIBCMT ref: 00D70B41
GetCommandLineA.KERNEL32(00D8FDA0,00000014), ref: 00D70B47
___crtGetEnvironmentStringsA.LIBCMT ref: 00D70B52
__setargv.LIBCMT ref: 00D70B5C
__setenvp.LIBCMT ref: 00D70B6D
__cinit.LIBCMT ref: 00D70B80
__wincmdln.LIBCMT ref: 00D70B91

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: _fast_error_exit$___crt$CommandEnvironmentInfoInitializeLineModeShowStartupStringsWindow___security_init_cookie__cinit__ioinit__setargv__setenvp__wincmdln
String ID:
API String ID: 1579532436-0
Opcode ID: 94e961ef29c3e3e1feb48b1ff7152e7fd972d9b0bcb7d7f8f835523498e7ac23
Instruction ID: 011571818c3465d28c404c30899acc620d3e7d6d961a534d42953158cf5845e7
Opcode Fuzzy Hash: 94e961ef29c3e3e1feb48b1ff7152e7fd972d9b0bcb7d7f8f835523498e7ac23
Instruction Fuzzy Hash: B521B531680305DBEB20BBB4A94AB2D2954DF00718F54C469FA4CAA1C2FFB4CA409671

Function 00D4FC60 Relevance: 12.2, APIs: 8, Instructions: 250
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 00D4FCF1
ReadFile.KERNELBASE(00000000,00000000,4EEBF2B6,?,00000000), ref: 00D4FD40
CloseHandle.KERNELBASE(00000000), ref: 00D4FD7D

Part of subcall function 00D696C0: _strcat.LIBCMT ref: 00D696E2

GetTickCount.KERNEL32 ref: 00D4FDBA

Part of subcall function 00D4E5D0: __itow.LIBCMT ref: 00D4E60F

_sprintf.LIBCMT ref: 00D4FEE2
CreateFileA.KERNELBASE(4EADF7CB,40000000,00000000,00000000,00000002,00000000,00000000), ref: 00D4FF44
WriteFile.KERNELBASE(00000000,00000000,4EEBF2B6,?,00000000), ref: 00D4FFB0
CloseHandle.KERNEL32(00000000), ref: 00D50020

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: File$CloseCreateHandle$CountReadTickWrite__itow_sprintf_strcat
String ID:
API String ID: 1645784512-0
Opcode ID: 59892659dec1030e7c2c1111dc4460a4ad6897d4a12b61c1a4b739f92aa59ef8
Instruction ID: 6f6469013a55abde99da39995c3e837948055f35608cee1f8c570d1fcfdfdcf5
Opcode Fuzzy Hash: 59892659dec1030e7c2c1111dc4460a4ad6897d4a12b61c1a4b739f92aa59ef8
Instruction Fuzzy Hash: 32B18931810708EAC702DFB6AC8267EB734EF5A740F188716E905B62A1FB7125D4DBB4

Function 00D4A970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 00D4A9DD
_memset.LIBCMT ref: 00D4A9EA
CreateProcessA.KERNELBASE(6F27C689,CE90F1CB,00000000,00000000,00000000,00000008,00000000,00000000,00000044,?), ref: 00D4AA67
CloseHandle.KERNEL32(00D57244), ref: 00D4AA74
CloseHandle.KERNEL32(?), ref: 00D4AAAB

Strings

D, xrefs: 00D4AA06

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CloseHandle_memset$CreateProcess
String ID: D
API String ID: 1151464618-2746444292
Opcode ID: 609112b34e73bb22809fae42d6a2ae7dc01bc00bd90974725cc901563d4496ba
Instruction ID: a5618215213d62da9476f5e27d3c651ee7fd65dd40fc75ea661941451427b900
Opcode Fuzzy Hash: 609112b34e73bb22809fae42d6a2ae7dc01bc00bd90974725cc901563d4496ba
Instruction Fuzzy Hash: B1414931910748EECB02CFB5E8427ADB7B8AF59340F248352E905F62A1E7316A95DF64

Function 00D4AB30 Relevance: 4.7, APIs: 3, Instructions: 211
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D4B2A0: WaitForSingleObject.KERNEL32(?,00004E20), ref: 00D4B2C5

CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000000,00000000,4E86B585), ref: 00D4ACC1

Part of subcall function 00D4B340: ReleaseMutex.KERNEL32(?), ref: 00D4B357

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CreateFileMutexObjectReleaseSingleWait
String ID:
API String ID: 1564016613-0
Opcode ID: db22bca440b18c5e1e84733ba096c6ec10db04923efcdec86d1bcf900e3649ff
Instruction ID: c933dd26859d0beb8656db56caa2ba493f2055d363b4fd82271b45fe39e0539f
Opcode Fuzzy Hash: db22bca440b18c5e1e84733ba096c6ec10db04923efcdec86d1bcf900e3649ff
Instruction Fuzzy Hash: 71917C32C10B48AACB02CFB5EC516AEB778FF5A380F148317E805B6262EB3555D1DB64

Function 00D6D002 Relevance: 4.5, APIs: 3, Instructions: 29
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 00D6D01A

Part of subcall function 00D6FFBC: __FF_MSGBANNER.LIBCMT ref: 00D6FFD3
Part of subcall function 00D6FFBC: __NMSG_WRITE.LIBCMT ref: 00D6FFDA
Part of subcall function 00D6FFBC: RtlAllocateHeap.NTDLL(?,00000000,00000001,00000000,00000000,00000000,?,00D71324,00000000,00000000,00000000,00000000,?,00D71BFD,00000018,00D8FDC0), ref: 00D6FFFF

std::exception::exception.LIBCMT ref: 00D6D038
__CxxThrowException@8.LIBCMT ref: 00D6D04D

Part of subcall function 00D70D5A: RaiseException.KERNEL32(?,?,?,00D8FBB0,74DEF550,00000000,?,?,?,00D6D052,?,00D8FBB0,00000008,00000001), ref: 00D70DAF

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
String ID:
API String ID: 3074076210-0
Opcode ID: 89c6d8c59609ebb6e6cbd2918e20b74cfe9674d17e229b5c3b735217d163f5e1
Instruction ID: 229f2ed65011c48246eb5ab7bb3f476071cdd93912c1a77fa978e328634bd522
Opcode Fuzzy Hash: 89c6d8c59609ebb6e6cbd2918e20b74cfe9674d17e229b5c3b735217d163f5e1
Instruction Fuzzy Hash: 3FE0653590020DE7DF10FF98DC168EE7B79EF00340F108565F908A55D2EBB19A0996B1

Function 00D4FB80 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 00D4FC0C

Strings

0Z], xrefs: 00D4FBA6

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: _memset
String ID: 0Z]
API String ID: 2102423945-2320452800
Opcode ID: 32da64222213afed56775398579da4f87ee8c2df157b8aba9e62b00cd44383cd
Instruction ID: 71cc69e08acccd15cf33fe56eecdd2eb432c454268b49ca141c5189d8dd418da
Opcode Fuzzy Hash: 32da64222213afed56775398579da4f87ee8c2df157b8aba9e62b00cd44383cd
Instruction Fuzzy Hash: 1921603590030CEBDB05DFB4DD81AADB3B4EF08700F108296E915F72A1E7356A90DB64

Function 00D6FC69 Relevance: 3.0, APIs: 2, Instructions: 7
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 00D6FC6F

Part of subcall function 00D6FC35: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,00D6FC74,00000000,?,00D6FFE9,000000FF,0000001E,00000000,00000000,00000000,?,00D71324), ref: 00D6FC44
Part of subcall function 00D6FC35: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00D6FC56

ExitProcess.KERNEL32 ref: 00D6FC78

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 0877ec400c8f6d5209d19b3ed99a9ea4a7ab77d6f3a928884a8ff92dfaf1757f
Instruction ID: 13874e0b5939d46904f1db0609150625bfa04efa2999ee86362f0aa73167ccb9
Opcode Fuzzy Hash: 0877ec400c8f6d5209d19b3ed99a9ea4a7ab77d6f3a928884a8ff92dfaf1757f
Instruction Fuzzy Hash: 7DB0923101060EBBCB052F55EC0A8483F69EB00E90B004020F80A48131DB76AA929AA0

Function 00D6FF22 Relevance: 1.5, APIs: 1, Instructions: 9
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 00D6FF2C

Part of subcall function 00D6FDF3: __lock.LIBCMT ref: 00D6FE01
Part of subcall function 00D6FDF3: DecodePointer.KERNEL32(00D8FCB8,0000001C,00D6FD4C,00000000,00000001,00000000,?,00D6FC9A,000000FF,?,00D71B56,00000011,?,?,00D733FF,0000000D), ref: 00D6FE40
Part of subcall function 00D6FDF3: DecodePointer.KERNEL32(?,00D6FC9A,000000FF,?,00D71B56,00000011,?,?,00D733FF,0000000D), ref: 00D6FE51
Part of subcall function 00D6FDF3: EncodePointer.KERNEL32(00000000,?,00D6FC9A,000000FF,?,00D71B56,00000011,?,?,00D733FF,0000000D), ref: 00D6FE6A
Part of subcall function 00D6FDF3: DecodePointer.KERNEL32(-00000004,?,00D6FC9A,000000FF,?,00D71B56,00000011,?,?,00D733FF,0000000D), ref: 00D6FE7A
Part of subcall function 00D6FDF3: EncodePointer.KERNEL32(00000000,?,00D6FC9A,000000FF,?,00D71B56,00000011,?,?,00D733FF,0000000D), ref: 00D6FE80
Part of subcall function 00D6FDF3: DecodePointer.KERNEL32(?,00D6FC9A,000000FF,?,00D71B56,00000011,?,?,00D733FF,0000000D), ref: 00D6FE96
Part of subcall function 00D6FDF3: DecodePointer.KERNEL32(?,00D6FC9A,000000FF,?,00D71B56,00000011,?,?,00D733FF,0000000D), ref: 00D6FEA1

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: Pointer$Decode$Encode$__lock_doexit
String ID:
API String ID: 2158581194-0
Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction ID: bc6b2f119353a7d2bcfe83db93ca9c60e94f2a7f3920806e56ba61d51c185224
Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction Fuzzy Hash: 2EB0127158030C33D9112641FC03F053B0C9740B54F200031FA0C1C2E1F593756044EA

Non-executed Functions

Function 00D4BBD0 Relevance: 23.7, APIs: 12, Strings: 1, Instructions: 942networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00D4E550: _memset.LIBCMT ref: 00D4E56E
Part of subcall function 00D4E550: _free.LIBCMT ref: 00D4E596

Part of subcall function 00D4E120: _malloc.LIBCMT ref: 00D4E1CF

__snprintf.LIBCMT ref: 00D4C327
socket.WS2_32(00000002,00000001,00000006), ref: 00D4C4AB
setsockopt.WS2_32(00000000,0000FFFF,00001006,00000000,00000004), ref: 00D4C509
gethostbyname.WS2_32(?), ref: 00D4C516
inet_ntoa.WS2_32(?), ref: 00D4C54E
inet_addr.WS2_32(00000000), ref: 00D4C555
htons.WS2_32(00000050), ref: 00D4C593
connect.WS2_32(00000000,?,00000010), ref: 00D4C5DF
send.WS2_32(00000000,00000000,00000000,00000000), ref: 00D4C6C7
recv.WS2_32(00000000,?,00000400,00000000), ref: 00D4C72C

Strings

/, xrefs: 00D4BE76

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: __snprintf_free_malloc_memsetconnectgethostbynamehtonsinet_addrinet_ntoarecvsendsetsockoptsocket
String ID: /
API String ID: 3604359004-2043925204
Opcode ID: 13f872715879aaf5f2556b1a18488eb02f05f05d690acc1ee10c74292c5b411f
Instruction ID: 4c8d030df26b027f01d6d8f5905dd1d4fcf6183891e4ba8d8ad263d89a29cb2d
Opcode Fuzzy Hash: 13f872715879aaf5f2556b1a18488eb02f05f05d690acc1ee10c74292c5b411f
Instruction Fuzzy Hash: A1928C31D10B08ABCB16DFB5EC516ADB374FF5A780F14931BE906B6261EB349981CB60

Function 00D4D460 Relevance: 13.7, APIs: 9, Instructions: 192serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerA.ADVAPI32(00000000,00000000,00000002,00000000), ref: 00D4D4AF
CreateServiceA.ADVAPI32(00000000,00B90388,00B90388,000F01FF,00000110,00000002,00000000,4EF0193E,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D4D534
ChangeServiceConfig2A.ADVAPI32(00000000,00000001,?), ref: 00D4D57B
StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00D4D598
CloseServiceHandle.ADVAPI32(00000000), ref: 00D4D5B7
OpenServiceA.ADVAPI32(00000000,00000010), ref: 00D4D5D8
StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00D4D648
CloseServiceHandle.ADVAPI32(00000000), ref: 00D4D65C
CloseServiceHandle.ADVAPI32(00000000), ref: 00D4D6A8

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: Service$CloseHandle$OpenStart$ChangeConfig2CreateManager
String ID:
API String ID: 3525021261-0
Opcode ID: 390da723ef61498d81517cefb48218acb3239ab10168816c20a2a108e84ff7ef
Instruction ID: 4151b3eef63f475f32aed0b4632accdee52b781810cdf9fb6ec07359a8365400
Opcode Fuzzy Hash: 390da723ef61498d81517cefb48218acb3239ab10168816c20a2a108e84ff7ef
Instruction Fuzzy Hash: BF913C31C20F4DAAC703CFB69C506AEF778AF5A781F14C306E816B6260EB7155C29B64

Function 00D623B0 Relevance: 12.2, APIs: 8, Instructions: 193serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerA.ADVAPI32(00000000,00000000,80000000,?,00000000), ref: 00D62452
EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,?,00000024,?,?,00000000,?,00000000), ref: 00D6247C
GetLastError.KERNEL32(?,00000000), ref: 00D62484
_malloc.LIBCMT ref: 00D624AB
EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,00000000,?,?,?,00000000,00000000), ref: 00D624D3
__snprintf.LIBCMT ref: 00D62549
_free.LIBCMT ref: 00D62598
CloseServiceHandle.ADVAPI32(00000000,00000000), ref: 00D625A1

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: EnumServicesStatus$CloseErrorHandleLastManagerOpenService__snprintf_free_malloc
String ID:
API String ID: 3403677689-0
Opcode ID: 056bea083a25df47611de3b63d799d1ce74169d0d597072845abc79cf18b49d2
Instruction ID: 82a5ec1113923725b28506d7ef4fa6e8d8f4f2acf1b2ac252871735f33d41b28
Opcode Fuzzy Hash: 056bea083a25df47611de3b63d799d1ce74169d0d597072845abc79cf18b49d2
Instruction Fuzzy Hash: C6719C32D00709ABCB01DFB6DC81AAEB778EF59340F148716E905B7290E7356A859FB0

Function 00D518E0 Relevance: 9.1, APIs: 6, Instructions: 147processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000), ref: 00D51998
Process32First.KERNEL32(00000000,?), ref: 00D519BA
_strcat.LIBCMT ref: 00D51A12
Process32Next.KERNEL32(00000000,00000128), ref: 00D51AC5
CloseHandle.KERNEL32(00000000), ref: 00D51B1A
_memset.LIBCMT ref: 00D51B2E

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset_strcat
String ID:
API String ID: 1640862104-0
Opcode ID: 3134ec85ffb3950cdb1db0fd06cbf26a8fefae6473901a62bf6d2a6f5369ec16
Instruction ID: 1782afe060ffd77955e5e6c99df3899d77494ab895fb6f2af03affa6ad624526
Opcode Fuzzy Hash: 3134ec85ffb3950cdb1db0fd06cbf26a8fefae6473901a62bf6d2a6f5369ec16
Instruction Fuzzy Hash: EF516C71900308ABCB15DFBAD9855ADB7B8FF59304F04826BE905F7361E730AA94CB60

Function 00D7207E Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00D71A59,?,?,?,00000000), ref: 00D72083
UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 00D7208C

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 1be37d3879a3851aa577c1baf62e421e50cc5a5a616fb2f36162717252e5b692
Instruction ID: ad1305880e59fe808fa490ad3872d4026c64afca65e7ff16b7e4a15fe6a6ba1b
Opcode Fuzzy Hash: 1be37d3879a3851aa577c1baf62e421e50cc5a5a616fb2f36162717252e5b692
Instruction Fuzzy Hash: DEB09231054308ABCB002BE5EC0DB597F28FB05F52F444010F60D84261DB7296218BA1

Function 00D4D420 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

StartServiceCtrlDispatcherA.ADVAPI32(?), ref: 00D4D455

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CtrlDispatcherServiceStart
String ID:
API String ID: 3789849863-0
Opcode ID: f535136cb59cb678440fb7be1673d42e22bf3d9a58f1897fbdb50e01f7bf955b
Instruction ID: 04bd961545d28158dfdd94196ec82fa8fd6760f24f705537161234b7122028e5
Opcode Fuzzy Hash: f535136cb59cb678440fb7be1673d42e22bf3d9a58f1897fbdb50e01f7bf955b
Instruction Fuzzy Hash: 32E092B480530DDBDB00DFE5E54579EBBB8AB08305F50829AD805A7300D7715A058BA2

Function 00D7204D Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00D7839F,00D78354,?,00000000,00000000,00000000,00000000), ref: 00D72053

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 09ff875d2a660332ee6efa461a73e6c6b08cafe25927992eddf7c1f1005a0ac7
Instruction ID: 24330e3fe92f9b92a9eac5bb2bd6e2b285ce488830d7a28d8266345ee33e8b15
Opcode Fuzzy Hash: 09ff875d2a660332ee6efa461a73e6c6b08cafe25927992eddf7c1f1005a0ac7
Instruction Fuzzy Hash: BBA0113000030CAB8B002BA2EC088883F2CFA00EA0B880020F80C802208B23AA228AA0

Function 00D734FC Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00D70B10,00D8FDA0,00000014), ref: 00D734FC

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 229986e8298d576921dd12acca72f630384a6f442574cff2d4d9221f62764e7b
Instruction ID: 3a5d26ed71a763c8edfa4efe7f5e3ecf340d9270c6e80f0aa31eeda8f3722433
Opcode Fuzzy Hash: 229986e8298d576921dd12acca72f630384a6f442574cff2d4d9221f62764e7b
Instruction Fuzzy Hash: 4FB012F03017825787090B38BC5C10936D45708A01321003F700BC1360DF30C4909B10

Function 00D66653 Relevance: .8, Instructions: 820COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cef1fd07e56f4d7aeed4826e7e44e0c763936062fc18dfb79484be24bdafc042
Instruction ID: d9b5d41a58d36364a53a0d4478893c40fb457d5e26f3a0313abadeaf76248e23
Opcode Fuzzy Hash: cef1fd07e56f4d7aeed4826e7e44e0c763936062fc18dfb79484be24bdafc042
Instruction Fuzzy Hash: 86827C32D20B589AC706CF7ADC812A9B3B4BF5A380B14C71BE809F7261E73465D5DB64

Function 00D66687 Relevance: .8, Instructions: 796COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7437e074eacf01c73b2b5039662668a6c590f15af12e27527449c4697a2ed5a
Instruction ID: 103acf64ac49cd801b9ae010ca1960c9a3b826869e7f695c74cfd628fb7e653b
Opcode Fuzzy Hash: a7437e074eacf01c73b2b5039662668a6c590f15af12e27527449c4697a2ed5a
Instruction Fuzzy Hash: 1C827B32D20B589BC706CF7ADC812A9B3B4BF5A384B04C71BE809F6261E73465D5DB64

Function 00D59EE0 Relevance: .4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0061ba68b2b9d3743a386351768b6886edf81522c55e908e8d1662349b4acb56
Instruction ID: c93f3568392cbb80896713c0c4dd0c9c49fd2780b78c3452a65e4914c2e99179
Opcode Fuzzy Hash: 0061ba68b2b9d3743a386351768b6886edf81522c55e908e8d1662349b4acb56
Instruction Fuzzy Hash: 9A027B31D10B58AFCB06CFBAD8910ADB7B4EF59341B148317E806F7261E734A996CB64

Function 00D6DF8E Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction ID: 000e784a54d86cb165db25626ad49905185f4a01649520cb46bbb79c97f91b2f
Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction Fuzzy Hash: 64C171366051934BDF2D4A3E947503EBBA25EA27B131E076DE8B7CB1D8EE20C564D630

Function 00D6E3C3 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction ID: 1ce25c78aa723d0b7c13a3b076d99e30150081a47f3281ff28a8d4c2685b1694
Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction Fuzzy Hash: 15C171362051930BDF6D4A3ED43913EBBA15AA27B131E076DD8B7CB1D5EE20D528D630

Function 00D6DB59 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
Instruction ID: 29866d7de2e2e10b8c71ea6f847a6a0ca223601c2649dbd0b374296f754b4de6
Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
Instruction Fuzzy Hash: 47C161327051930BDF2D4A3DA47913EBAA25AA27B131F176DD8B7CB1D9EE20C524D630

Function 00D6D741 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
Instruction ID: 632b80cf006f0849f3a961442ff79e33677e307d91b21f861983ee6a160bddf1
Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
Instruction Fuzzy Hash: DBC142327091930BDF6D4A3E947913EBBA25AA27B131E176DD8B6CB1C9EE10C524D630

Function 00D5A119 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f11c770731614f956e54cb251ddae122e0d4f12ec26bf8d7f3724fd78ca5db07
Instruction ID: b376092d4169ddc1f4a51ca04eb13c334ceb349d829519a400e1f98c47e85985
Opcode Fuzzy Hash: f11c770731614f956e54cb251ddae122e0d4f12ec26bf8d7f3724fd78ca5db07
Instruction Fuzzy Hash: 7EB15B31D10758AFCB06CFBAE88147DB7B1AF99380B148317E806F7261E7346996CB64

Function 00D81A6A Relevance: .2, Instructions: 197COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13ae554fede668713c8418b731cea2a7546aabb52c717da24dcf4f4522932379
Instruction ID: 42a69b6662db6bb5519f6d1d433ea9a319eb617f9cbd825108ff16e4d2567a1d
Opcode Fuzzy Hash: 13ae554fede668713c8418b731cea2a7546aabb52c717da24dcf4f4522932379
Instruction Fuzzy Hash: B2614E75E016268BCF18DF1EC490169FBEAFF95300719C16AD819DF315E670D946CBA0

Function 00D6D1A0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: d8e47830d2f17e26e5881310bb65991ad20afd5a73b50833fa1a944137b7a469
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 4C1157B7F0028243D6148A2DF8F46B7B7D7EBCB32172D437AC0824FB48C266E9459620

Function 00D5FF50 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 377
pipeprocessfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 00D60038
CreatePipe.KERNEL32(?,?,0000000C,00000000,?,00000000,00000000), ref: 00D600DC
SetHandleInformation.KERNEL32(?,00000001,00000000,?,00000000,00000000), ref: 00D600F1
CreatePipe.KERNEL32(?,?,0000000C,00000000,?,00000000,00000000), ref: 00D6019B
SetHandleInformation.KERNEL32(?,00000001,00000000,?,00000000,00000000), ref: 00D60279
_memset.LIBCMT ref: 00D60287
_memset.LIBCMT ref: 00D602CE
CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 00D603F5
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D6043F
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D60461
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D6046A
WriteFile.KERNEL32(?,90D98B10,CD9B3DAB,?,00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 00D604CF
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D604EA
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D60505
WaitForSingleObject.KERNEL32(?,00002710,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D6056E
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D60577
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D6058A
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 00D605AF

Strings

D, xrefs: 00D602E9

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: Handle$Close$Create_memset$InformationPipe$FileObjectProcessSingleWaitWrite
String ID: D
API String ID: 1810108774-2746444292
Opcode ID: 49f8ea96f3c172354d3c5057e06d103b43728c6fefcdde08a26146c224794287
Instruction ID: 62ca5ede18fde32deae94ac2d9fc5e326f8a2561ffd74273cb169a12745c00e0
Opcode Fuzzy Hash: 49f8ea96f3c172354d3c5057e06d103b43728c6fefcdde08a26146c224794287
Instruction Fuzzy Hash: AE024931C10B4DEECB02CFB5D8516AEB778BF5A381F149316E90AF6261EB309595DB20

Function 00D4D090 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 174registrysynchronizationCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerA.ADVAPI32(Function_0000CE40), ref: 00D4D1D8
SetServiceStatus.ADVAPI32(00D94780), ref: 00D4D214
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00D4D27D
SetServiceStatus.ADVAPI32(00D94780), ref: 00D4D2A4
WaitForSingleObject.KERNEL32(00001388), ref: 00D4D2CD
SetServiceStatus.ADVAPI32(00D94780), ref: 00D4D35F
CloseHandle.KERNEL32 ref: 00D4D392
SetServiceStatus.ADVAPI32(00D94780), ref: 00D4D401

Strings

>&|, xrefs: 00D4D311
]/da, xrefs: 00D4D224

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: Service$Status$CloseCreateCtrlEventHandleHandlerObjectRegisterSingleWait
String ID: ]/da$>&|
API String ID: 3399922960-1858257644
Opcode ID: 323ed68611e4b730009a6e0fb31f5bbc066279e6ac4584029f6c40996923873e
Instruction ID: 9fc1a952976d2a6092fc9de8167608d784a4cf18eb69936b97e82213032c0080
Opcode Fuzzy Hash: 323ed68611e4b730009a6e0fb31f5bbc066279e6ac4584029f6c40996923873e
Instruction Fuzzy Hash: CD814435910B08AFC706DFB8EC95629BBB4FB4A341F10831BE806F6361EB755585DBA0

Function 00D514E0 Relevance: 13.7, APIs: 9, Instructions: 231processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000), ref: 00D51579
Process32First.KERNEL32(00000000,00000128), ref: 00D51665
_strcat.LIBCMT ref: 00D51698

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32_strcat
String ID:
API String ID: 4070235666-0
Opcode ID: fdea6e74f4a18dd9a6e0e00ac264390319ad78568db305f95704aaedcf992806
Instruction ID: d13005eb7a1be0a4f60c0168666340bb257812205864ebd6ee1bc1880dc86766
Opcode Fuzzy Hash: fdea6e74f4a18dd9a6e0e00ac264390319ad78568db305f95704aaedcf992806
Instruction Fuzzy Hash: 5AA1AF36D10708EACB02DFB6DC816BDB378AF59781B148757E805F2261E734A9D5CB60

Function 00D63140 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 226synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00D4B2A0: WaitForSingleObject.KERNEL32(?,00004E20), ref: 00D4B2C5

GetModuleFileNameA.KERNEL32(00000000,00D947C8,00000104), ref: 00D63296
_strcat.LIBCMT ref: 00D632B0
_memset.LIBCMT ref: 00D63300
GetTickCount.KERNEL32 ref: 00D63388
__vfwprintf_p.LIBCMT ref: 00D6349A
ReleaseMutex.KERNEL32 ref: 00D634C0

Part of subcall function 00D4D7B0: GetModuleFileNameA.KERNEL32(00000000,00D67F53,00000104,00000000), ref: 00D4D7EF

Strings

oI\:, xrefs: 00D6322B

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: FileModuleName$CountMutexObjectReleaseSingleTickWait__vfwprintf_p_memset_strcat
String ID: oI\:
API String ID: 123108371-3980936684
Opcode ID: 756843969d2a4b0e40c48a12fe187729d81a34fd64f6f96433c1daf908c9a6fc
Instruction ID: 34344cfbc58c7d29f6f624434e117483d49f6a402c2daacb1076b4b1bfd88dc6
Opcode Fuzzy Hash: 756843969d2a4b0e40c48a12fe187729d81a34fd64f6f96433c1daf908c9a6fc
Instruction Fuzzy Hash: 75A18031911B48AEC702DFB4AC5197AB778FF5A791B008317E406B6262FB3455D2CB70

Function 00D626A0 Relevance: 12.2, APIs: 8, Instructions: 241processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000), ref: 00D6274C
Process32First.KERNEL32(00000000,00000128), ref: 00D6281D
__snprintf.LIBCMT ref: 00D628B5
CreateToolhelp32Snapshot.KERNEL32(00000008,?,?), ref: 00D62900
Module32First.KERNEL32(00000000,?), ref: 00D62925
CloseHandle.KERNEL32(0000000A,0000000A,?,00000000), ref: 00D62A6F
Process32Next.KERNEL32(00000000,00000128), ref: 00D62AC0

Part of subcall function 00D4E120: _malloc.LIBCMT ref: 00D4E1CF

Part of subcall function 00D4E550: _memset.LIBCMT ref: 00D4E56E
Part of subcall function 00D4E550: _free.LIBCMT ref: 00D4E596

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32$CloseHandleModule32Next__snprintf_free_malloc_memset
String ID:
API String ID: 2771089087-0
Opcode ID: e6e55e8a8d29731f478034b085296b8a259bec1359aed55f83b0a1ca00773d10
Instruction ID: b089bb6c861e43267d30a4361f418cfc730b93c0f427ecec80bba0a83d75d7bc
Opcode Fuzzy Hash: e6e55e8a8d29731f478034b085296b8a259bec1359aed55f83b0a1ca00773d10
Instruction Fuzzy Hash: 59B19F31D10B09AEC702DFB9DC515AEB778FF5A380F048357E909BA261EB7095819F60

Function 00D67AF0 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 480COMMON

Download Yara Rule

Strings

, xrefs: 00D67E66
, xrefs: 00D68198

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: _free_memset
String ID: $
API String ID: 287624719-227171996
Opcode ID: c2259e97152e202fd1ba4220da17d9879cabb51fe592662e7b4a0b14587f5867
Instruction ID: 5ad12eddb686b1739d03c280396fa9a5a0864fd021805537d3381585163404e4
Opcode Fuzzy Hash: c2259e97152e202fd1ba4220da17d9879cabb51fe592662e7b4a0b14587f5867
Instruction Fuzzy Hash: F7128D31D10B48AAC702DFB5EC515BEB778AF5A384B048317E905F6261FB309996CBB0

Function 00D5F3B0 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 376COMMON

Download Yara Rule

Strings

d'n., xrefs: 00D5F5D1
%>+2, xrefs: 00D5F5B4

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID:
String ID: %>+2$d'n.
API String ID: 0-2693770206
Opcode ID: f95b337320f62653e75bdb02e4627f9ba4857ea9b3a2693fc5719aca1dd3fb93
Instruction ID: ccfcc4b8430fd8666afa61636849fe056a3c32f7a2a251ed2fe7d7bd9aaca9d1
Opcode Fuzzy Hash: f95b337320f62653e75bdb02e4627f9ba4857ea9b3a2693fc5719aca1dd3fb93
Instruction Fuzzy Hash: 89F1C031C10B49AECB02CFBADC512ADF774BF5A381B148317EC45BA2A1E73465D59B60

Function 00D4EC20 Relevance: 10.8, APIs: 7, Instructions: 283sleepfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00D4A530: _strcat.LIBCMT ref: 00D4A562

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00D4EEC0

Part of subcall function 00D4E120: _malloc.LIBCMT ref: 00D4E1CF

__snprintf.LIBCMT ref: 00D4EF09

Part of subcall function 00D4E550: _memset.LIBCMT ref: 00D4E56E
Part of subcall function 00D4E550: _free.LIBCMT ref: 00D4E596

_memset.LIBCMT ref: 00D4EFD9
_memset.LIBCMT ref: 00D4EFEC
Sleep.KERNEL32(00015F90), ref: 00D4F0A5
DeleteFileA.KERNEL32(?), ref: 00D4F0B2
_memset.LIBCMT ref: 00D4F0C6

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: _memset$File$DeleteModuleNameSleep__snprintf_free_malloc_strcat
String ID:
API String ID: 1452756023-0
Opcode ID: e673bd226681aa76ebf5b6612f9a90e5134b058f1ead521482f8272e9405c4cf
Instruction ID: f8ef07fabfe9b9d5c15cb9b16ccab79cf94e7d8fe2eae0e8120c3a3cd65ce84f
Opcode Fuzzy Hash: e673bd226681aa76ebf5b6612f9a90e5134b058f1ead521482f8272e9405c4cf
Instruction Fuzzy Hash: AFC1A071910B48AACB12DFB5DC526BEB378FF59780F048316E909F6262EB3456C18B70

Function 00D51676 Relevance: 10.6, APIs: 7, Instructions: 143COMMON

Download Yara Rule

APIs

_strcat.LIBCMT ref: 00D51698
OpenProcess.KERNEL32(00000001,00000000,?,?,?,?,?,00000000), ref: 00D51739
TerminateProcess.KERNEL32(00000000,000000FF,?,?,?,?,00000000), ref: 00D5174D
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000), ref: 00D517C4
Process32Next.KERNEL32(00000000,00000128), ref: 00D517EE
CloseHandle.KERNEL32(00000000), ref: 00D5184F
_memset.LIBCMT ref: 00D51888

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CloseHandleProcess$NextOpenProcess32Terminate_memset_strcat
String ID:
API String ID: 1974761079-0
Opcode ID: 8b18a31949b06dadb740e44b379bf8f42c41cf5c2b75cbf7d151d18579a0a44e
Instruction ID: d98cac128b415e3d419f5b4b70e78ed83516ef06166f14bc85bec5c4efd382a6
Opcode Fuzzy Hash: 8b18a31949b06dadb740e44b379bf8f42c41cf5c2b75cbf7d151d18579a0a44e
Instruction Fuzzy Hash: 53517E36910708AACB06DB75DC916BDB3B8AF19741F148357E80AB2261FB349AD5CB60

Function 00D73469 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON

Download Yara Rule

APIs

__init_pointers.LIBCMT ref: 00D73469

Part of subcall function 00D6FD51: EncodePointer.KERNEL32(00000000,?,00D7346E,00D70B21,00D8FDA0,00000014), ref: 00D6FD54
Part of subcall function 00D6FD51: __initp_misc_winsig.LIBCMT ref: 00D6FD6F
Part of subcall function 00D6FD51: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00D71DC9
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00D71DDD
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00D71DF0
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00D71E03
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00D71E16
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00D71E29
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00D71E3C
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00D71E4F
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00D71E62
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00D71E75
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00D71E88
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00D71E9B
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00D71EAE
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00D71EC1
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00D71ED4
Part of subcall function 00D6FD51: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00D71EE7

__mtinitlocks.LIBCMT ref: 00D7346E
__mtterm.LIBCMT ref: 00D73477
__calloc_crt.LIBCMT ref: 00D7349C
__initptd.LIBCMT ref: 00D734BE
GetCurrentThreadId.KERNEL32 ref: 00D734C5

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
String ID:
API String ID: 1593083391-0
Opcode ID: 1ef2188099aeedbb7ab45d7580103ddbaa37a4628d3a1422ce00173304646c5f
Instruction ID: f51280e7a0216169538163f390aa32fbf8d9e1e4fc50e25bd2aa645619380489
Opcode Fuzzy Hash: 1ef2188099aeedbb7ab45d7580103ddbaa37a4628d3a1422ce00173304646c5f
Instruction Fuzzy Hash: 2BF0BB3266A7112DE3397B787C0365626C0DF01735B24C72AF69CD51D2FF109A4055B4

Function 00D4D8E0 Relevance: 9.3, APIs: 6, Instructions: 290libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000), ref: 00D4DAD2
GetProcAddress.KERNEL32(00000000), ref: 00D4DB2C
_rand.LIBCMT ref: 00D4DD1E
_rand.LIBCMT ref: 00D4DD25
_rand.LIBCMT ref: 00D4DD30
_rand.LIBCMT ref: 00D4DD37

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: _rand$AddressProc
String ID:
API String ID: 345958962-0
Opcode ID: ec3f82f4bb4acece966f448c0be770a7df62efe2efe26568eaf17045819e1af9
Instruction ID: 3a6ad4c2aef87f4eb15bba158f24f6266b73fe58eb13b016bec36a966a32eefa
Opcode Fuzzy Hash: ec3f82f4bb4acece966f448c0be770a7df62efe2efe26568eaf17045819e1af9
Instruction Fuzzy Hash: 71D16C31D10B48AECB02DFB5E8915ADB7B4FF5A790B148317E805B6362EB3159C2DB60

Function 00D4AEE0 Relevance: 9.2, APIs: 6, Instructions: 223fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00D4B2A0: WaitForSingleObject.KERNEL32(?,00004E20), ref: 00D4B2C5

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00D4AFF0
ReadFile.KERNEL32(00000000,?,00005000,?,00000000), ref: 00D4B0D3
CloseHandle.KERNEL32(00000000,?,?,?), ref: 00D4B1E1
_memset.LIBCMT ref: 00D4B220
CloseHandle.KERNEL32(00000000,?), ref: 00D4B235
_memset.LIBCMT ref: 00D4B282

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CloseFileHandle_memset$CreateObjectReadSingleWait
String ID:
API String ID: 2757182182-0
Opcode ID: b824cbc9cfc597f8d5c57402657040b0b1a6fa7cc92cb068c8f9d5216a81ff44
Instruction ID: 4306bbe07d5a1fa074c9ebdcfbb1fc1f88202ce1378d09bd8d9c0681d39a0532
Opcode Fuzzy Hash: b824cbc9cfc597f8d5c57402657040b0b1a6fa7cc92cb068c8f9d5216a81ff44
Instruction Fuzzy Hash: C7919F31D10B48AADB02DFB59C516AEB378AF9A790F108317E905B72A1FB319581CB74

Function 00D62843 Relevance: 9.1, APIs: 6, Instructions: 96processCOMMON

Download Yara Rule

APIs

Part of subcall function 00D4E120: _malloc.LIBCMT ref: 00D4E1CF

__snprintf.LIBCMT ref: 00D628B5

Part of subcall function 00D4E550: _memset.LIBCMT ref: 00D4E56E
Part of subcall function 00D4E550: _free.LIBCMT ref: 00D4E596

CreateToolhelp32Snapshot.KERNEL32(00000008,?,?), ref: 00D62900
Module32First.KERNEL32(00000000,?), ref: 00D62925
CloseHandle.KERNEL32(0000000A,0000000A,?,00000000), ref: 00D62A6F
Process32Next.KERNEL32(00000000,00000128), ref: 00D62AC0
CloseHandle.KERNEL32(00000000), ref: 00D62AD0

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CloseHandle$CreateFirstModule32NextProcess32SnapshotToolhelp32__snprintf_free_malloc_memset
String ID:
API String ID: 1384585931-0
Opcode ID: 6c188ea2dfa571a75c4184fc022fff823d6e62dd99af559017fb84d9bbd8c78b
Instruction ID: 43b9cce0b728e9568d970ded6857fa4a56a8aa1f51be7d94af08c103c4c22601
Opcode Fuzzy Hash: 6c188ea2dfa571a75c4184fc022fff823d6e62dd99af559017fb84d9bbd8c78b
Instruction Fuzzy Hash: AD416A71910709EBCB11DF76EC85AAEB778FF08304F048256E808F62A0EB3466959F64

Function 00D62C90 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 286COMMON

Download Yara Rule

APIs

Part of subcall function 00D4E120: _malloc.LIBCMT ref: 00D4E1CF

__snprintf.LIBCMT ref: 00D62D37

Part of subcall function 00D4E550: _memset.LIBCMT ref: 00D4E56E
Part of subcall function 00D4E550: _free.LIBCMT ref: 00D4E596

_memset.LIBCMT ref: 00D62DBC
_memset.LIBCMT ref: 00D6310D

Strings

Fs>., xrefs: 00D62FA2
C:\Users\user, xrefs: 00D62DE0

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: _memset$__snprintf_free_malloc
String ID: C:\Users\user$Fs>.
API String ID: 801102166-1231207852
Opcode ID: dcdd1d178a766c07906de19830fa87087c7a14fc17c4a967c6437f721902c696
Instruction ID: 27e9bbd7c01560d0d3d6f281d68e7e47a5b0975a0c3a91c106861b1a83786eda
Opcode Fuzzy Hash: dcdd1d178a766c07906de19830fa87087c7a14fc17c4a967c6437f721902c696
Instruction Fuzzy Hash: 46C13C71810718ABCB06DFB4DC52AAEB778FF19344F108216E545B6292EB306A95CB74

Function 00D5A880 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00D5A8F1

Part of subcall function 00D6FFBC: __FF_MSGBANNER.LIBCMT ref: 00D6FFD3
Part of subcall function 00D6FFBC: __NMSG_WRITE.LIBCMT ref: 00D6FFDA
Part of subcall function 00D6FFBC: RtlAllocateHeap.NTDLL(?,00000000,00000001,00000000,00000000,00000000,?,00D71324,00000000,00000000,00000000,00000000,?,00D71BFD,00000018,00D8FDC0), ref: 00D6FFFF

_memset.LIBCMT ref: 00D5A914
_memset.LIBCMT ref: 00D5A9D1
_free.LIBCMT ref: 00D5A9E4

Strings

\L5, xrefs: 00D5A965

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: _memset$AllocateHeap_free_malloc
String ID: \L5
API String ID: 585861054-1149637256
Opcode ID: 6b056f4f337a65d8d21d85d79cc0debe2aa8d9caa45b71e0cf2d9956d279dc23
Instruction ID: 5f3b15e5e1434ccf424260bee123ad224548250dba5268000245b4f6e488955f
Opcode Fuzzy Hash: 6b056f4f337a65d8d21d85d79cc0debe2aa8d9caa45b71e0cf2d9956d279dc23
Instruction Fuzzy Hash: C6515071910F19AECB12DFB8D85156AF3B8FF5A390B108717E816B7211F7719982CB60

Function 00D63620 Relevance: 7.6, APIs: 5, Instructions: 69synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,00D60ECC,00D677B0,00000001), ref: 00D6366D
CreateThread.KERNEL32(00000000,00000000,00000001,?,00000000,00000000), ref: 00D63681
CloseHandle.KERNEL32(00000000,?,00D60ECC,00D677B0,00000001), ref: 00D636D5
WaitForSingleObject.KERNEL32(00000000,000000FF,?,00D60ECC,00D677B0,00000001), ref: 00D6372A
CloseHandle.KERNEL32(00000000,?,00D60ECC,00D677B0,00000001), ref: 00D63733

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CloseCreateHandle$EventObjectSingleThreadWait
String ID:
API String ID: 1404307249-0
Opcode ID: fb206ff633135dc5a0e826a59daffd164ab12455a032dc21da98893c1ecaa148
Instruction ID: 74cfda330a4e6bac5b7727a90ab9a6dd4ff22e900474d98d5dedcd1674bf556d
Opcode Fuzzy Hash: fb206ff633135dc5a0e826a59daffd164ab12455a032dc21da98893c1ecaa148
Instruction Fuzzy Hash: C2313831910B08AEC702CFB5AC51B59B778BF5A751F20830BF906F73A0E77095909B60

Function 00D79BC5 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00D79BD1

Part of subcall function 00D6FFBC: __FF_MSGBANNER.LIBCMT ref: 00D6FFD3
Part of subcall function 00D6FFBC: __NMSG_WRITE.LIBCMT ref: 00D6FFDA
Part of subcall function 00D6FFBC: RtlAllocateHeap.NTDLL(?,00000000,00000001,00000000,00000000,00000000,?,00D71324,00000000,00000000,00000000,00000000,?,00D71BFD,00000018,00D8FDC0), ref: 00D6FFFF

_free.LIBCMT ref: 00D79BE4

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 2d7b02d3a1f51287d4bd5821447e039effdbafe858175c790644d53ec563378f
Instruction ID: 3e657096bc60e9d9f2f16a7aaf4b6c95d973e8e225bdcc0d7188eeb0e1dcb489
Opcode Fuzzy Hash: 2d7b02d3a1f51287d4bd5821447e039effdbafe858175c790644d53ec563378f
Instruction Fuzzy Hash: 3E11E733504715ABCF222FB4BC55669B7D8EF05360F24C529F94EDA251FA30C8409775

Function 00D4B590 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 209COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00D4B614
_strcat.LIBCMT ref: 00D4B821

Part of subcall function 00D4E120: _malloc.LIBCMT ref: 00D4E1CF

Part of subcall function 00D4E550: _memset.LIBCMT ref: 00D4E56E
Part of subcall function 00D4E550: _free.LIBCMT ref: 00D4E596

Strings

^^MN, xrefs: 00D4B5CB
=, xrefs: 00D4B5DB

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: _memset$_free_malloc_strcat
String ID: =$^^MN
API String ID: 3230045079-2753829600
Opcode ID: 8e04b3539fe39d353ddd9293962a11bb6cd76176a1891954dcc5164b4e5d847e
Instruction ID: e5e4bd7bdb4d4b590e5613dbf3c541e1df5de6e2c62789247a838fc7a5a8f565
Opcode Fuzzy Hash: 8e04b3539fe39d353ddd9293962a11bb6cd76176a1891954dcc5164b4e5d847e
Instruction Fuzzy Hash: F4A17F31C10B49AEC702DFBA98815AEF774AF9A380B14C717E815B6261EB30A5D1DF64

Function 00D4CC40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118registryCOMMON

Download Yara Rule

APIs

RegOpenKeyA.ADVAPI32(80000002,00000000,?), ref: 00D4CD54
RegSetValueExA.ADVAPI32(?,00000000,00000001,CE921463,00000000), ref: 00D4CDBA
RegCloseKey.ADVAPI32(?), ref: 00D4CE29

Strings

htrN, xrefs: 00D4CC88

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CloseOpenValue
String ID: htrN
API String ID: 779948276-4437919
Opcode ID: 0b7070748fd2a759cd78f1b660558e648d6d77215c4199ea1bbc6b37c29d1bd8
Instruction ID: 8335dd73bf68b1c51612636f9e6ea9d0e444d5762cae7fdbef4d64d2e608cb73
Opcode Fuzzy Hash: 0b7070748fd2a759cd78f1b660558e648d6d77215c4199ea1bbc6b37c29d1bd8
Instruction Fuzzy Hash: 90513A72C2074CABDB02DBB7984159DF734AF59344F28D756E800B62A1E7706AD4AF60

Function 00D79554 Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00D795E5
_memmove.LIBCMT ref: 00D79659
___AdjustPointer.LIBCMT ref: 00D796AA
_memmove.LIBCMT ref: 00D796B3

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: AdjustPointer_memmove
String ID:
API String ID: 1721217611-0
Opcode ID: 06946dcb496f32cca04ee9e6abd17f7dd6618b6c65c4feee6ee1a83e5bb6b64a
Instruction ID: a45ab4bc5124a8fea14aefa2af4f26fd1864cc1a82cee3a3bcc6979937daad4c
Opcode Fuzzy Hash: 06946dcb496f32cca04ee9e6abd17f7dd6618b6c65c4feee6ee1a83e5bb6b64a
Instruction Fuzzy Hash: C84186772043035AEB299E18D8A1B6AB7A6DF45330F68C11DF94D865E5FF71D880CA30

Function 00D57EF0 Relevance: 6.2, APIs: 4, Instructions: 158COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00D58000
_malloc.LIBCMT ref: 00D5808E

Part of subcall function 00D6FFBC: __FF_MSGBANNER.LIBCMT ref: 00D6FFD3
Part of subcall function 00D6FFBC: __NMSG_WRITE.LIBCMT ref: 00D6FFDA
Part of subcall function 00D6FFBC: RtlAllocateHeap.NTDLL(?,00000000,00000001,00000000,00000000,00000000,?,00D71324,00000000,00000000,00000000,00000000,?,00D71BFD,00000018,00D8FDC0), ref: 00D6FFFF

_memset.LIBCMT ref: 00D580A5
_free.LIBCMT ref: 00D580AC

Part of subcall function 00D6FF84: HeapFree.KERNEL32(00000000,00000000,?,00D733A7,00000000,00D722E7,00D79CF5,00000000,?,00D712DA,?,?,00000000), ref: 00D6FF98
Part of subcall function 00D6FF84: GetLastError.KERNEL32(00000000,?,00D733A7,00000000,00D722E7,00D79CF5,00000000,?,00D712DA,?,?,00000000,?,?,?,00D734A1), ref: 00D6FFAA

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: Heap_malloc$AllocateErrorFreeLast_free_memset
String ID:
API String ID: 1931880523-0
Opcode ID: b804adcde4bdf188e9801f6428089276a872aa97fd4a90f1472f54c5a7c05648
Instruction ID: f081044d9aefc5b0922792255447b60e0bc83ed2dd7db9bdde71937f240df617
Opcode Fuzzy Hash: b804adcde4bdf188e9801f6428089276a872aa97fd4a90f1472f54c5a7c05648
Instruction Fuzzy Hash: 82619032C10B49AACB03DFBAD84016AF778FF5A390B148317EC05B6261FB319595DB61

Function 00D7C726 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00D7C75C
__isleadbyte_l.LIBCMT ref: 00D7C78A
MultiByteToWideChar.KERNEL32(560C1730,00000009,?,C06E0F66,00000000,00000000,?,00000000,00000000,?,00D50A93,?,00000000), ref: 00D7C7B8
MultiByteToWideChar.KERNEL32(560C1730,00000009,?,00000001,00000000,00000000,?,00000000,00000000,?,00D50A93,?,00000000), ref: 00D7C7EE

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 8fe598e805001a55d7db83886dba8209600d58c9b873c101874c7bdf3f53bcde
Instruction ID: 4bc8b485baf32f53bfd2eec4e145a2a584f638cde145e084b55bd701fd97f9a1
Opcode Fuzzy Hash: 8fe598e805001a55d7db83886dba8209600d58c9b873c101874c7bdf3f53bcde
Instruction Fuzzy Hash: D931A131610246AFDB258F75C844BAA7BA5FF41720F19D11DE868971A0FB30D950DBB0

Function 00D7456C Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000), ref: 00D745BB
GetLastError.KERNEL32 ref: 00D745C5
__free_osfhnd.LIBCMT ref: 00D745D2
__dosmaperr.LIBCMT ref: 00D745F4

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr__free_osfhnd
String ID:
API String ID: 1721093958-0
Opcode ID: 31da8c40200502bb8d51780ea7cc99a864ea2c9ad1cba5a6d48d0cd7923e6c26
Instruction ID: e4301e0268ffa5b4685d025a99c931ddf277f31e9d30bc87fb2c6bfc17055a07
Opcode Fuzzy Hash: 31da8c40200502bb8d51780ea7cc99a864ea2c9ad1cba5a6d48d0cd7923e6c26
Instruction Fuzzy Hash: A20126337112501BCA222274BA5AB7D37848F82778F1DC21EE92D975D2FB61D88083B0

Function 00D778B0 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00D778D4

Part of subcall function 00D77FBB: __fltout2.LIBCMT ref: 00D77FE4

__cftog_l.LIBCMT ref: 00D778FA
__cftoe_l.LIBCMT ref: 00D7792C

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction ID: fde4e1b3d641e47fa0ac67ad65032224b238ea8f6d8bff0cb6e0522631656cb4
Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction Fuzzy Hash: F201443204914EFBCF125E84CC428EE3F62BB19354B998815FA1C58031E336CAB1AFA1

Function 00D78E98 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 00D78EAF

Part of subcall function 00D794C6: ___AdjustPointer.LIBCMT ref: 00D7950F

_UnwindNestedFrames.LIBCMT ref: 00D78EC6
___FrameUnwindToState.LIBCMT ref: 00D78ED8
CallCatchBlock.LIBCMT ref: 00D78EFC

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
String ID:
API String ID: 2633735394-0
Opcode ID: 47ff991701b949d2c6ac9b0ab3a6bae88cad4e47a60bb843eb0d441dcfe1d101
Instruction ID: 5db66e767b5c28152433f9546aa10993c3e3a9af036c4694746684fb2b9ef524
Opcode Fuzzy Hash: 47ff991701b949d2c6ac9b0ab3a6bae88cad4e47a60bb843eb0d441dcfe1d101
Instruction Fuzzy Hash: 5E012532400109BBCF129F55CC05EEA7BBAEF48754F158115F95C66120E732E8A1EBB0

Function 00D7832D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__controlfp_s.LIBCMT ref: 00D7833B

Part of subcall function 00D7D8AF: __control87.LIBCMT ref: 00D7D8D3

__invoke_watson.LIBCMT ref: 00D7834E

Strings

csm, xrefs: 00D7835C

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: __control87__controlfp_s__invoke_watson
String ID: csm
API String ID: 1371525046-1018135373
Opcode ID: f705ddea624a975b14efd783012ffb365ccf384234cfe82f498ebdf4814548d9
Instruction ID: 8dad5259195ad9c9fd5fc9b73370299ef2514b73251849ff458082691cb08735
Opcode Fuzzy Hash: f705ddea624a975b14efd783012ffb365ccf384234cfe82f498ebdf4814548d9
Instruction Fuzzy Hash: F1F0B4212812249E8B28ADED684EAAE334D9F20B11F5CC812F80CCB511FF50DE81E1F6

Function 00D724A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(00D8FE20,00000008,00D78F9B,19930522,00000000,E06D7363), ref: 00D724B2
_abort.LIBCMT ref: 00D72506

Strings

PNv, xrefs: 00D724B2

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: DecodePointer_abort
String ID: PNv
API String ID: 313981576-4070351811
Opcode ID: 83cacf7615c73fbabe28a10d5af9cca05f8bf55be39fbd6459e2c99321fac332
Instruction ID: 32082c7d9e9db8ae2fe8188575e02d0febd0f7cc1296f2daf03f8a5ed3d7f8b0
Opcode Fuzzy Hash: 83cacf7615c73fbabe28a10d5af9cca05f8bf55be39fbd6459e2c99321fac332
Instruction Fuzzy Hash: BEF03A30641342ABE720BBB9C806B3C3265EF60755F24C654E2699A5E2EF30CA44A731

Function 00D71A8D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,00D71AC4,00000000,00000000,00000000,00000000,00000000,00D78856,?,00D7209B,00000003,00D6FFD8,00000000,00000000,00000000), ref: 00D71A96
__invoke_watson.LIBCMT ref: 00D71AB2

Strings

PNv, xrefs: 00D71A96

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: DecodePointer__invoke_watson
String ID: PNv
API String ID: 4034010525-4070351811
Opcode ID: 3974c5c9a95648335959939b103e27261fbc57ae3893c36c1baa9f95d9abf333
Instruction ID: c1b0ace0c8bef541f1899047853d7c7c2a322009477205039ea3208c4b33df37
Opcode Fuzzy Hash: 3974c5c9a95648335959939b103e27261fbc57ae3893c36c1baa9f95d9abf333
Instruction Fuzzy Hash: 72E0EC75501209BBDF026F65DC069AA3A6AFF04740B448450FE1880131E632C9319BB0

Function 00D6CFE1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32 ref: 00D6CFE6
__set_abort_behavior.LIBCMT ref: 00D6CFF6

Strings

PNv, xrefs: 00D6CFE6

Memory Dump Source

Source File: 00000000.00000002.1751262939.0000000000D41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D40000, based on PE: true

Associated: 00000000.00000002.1751214442.0000000000D40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751344220.0000000000D83000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751391951.0000000000D96000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1751480643.0000000000D97000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d40000_DBROG0eWH7.jbxd

Similarity

API ID: DecodePointer__set_abort_behavior
String ID: PNv
API String ID: 4109001881-4070351811
Opcode ID: d2b5ff50da1051f8c2f26e0949241a3358f834c28b1c618196d6f73b7975857c
Instruction ID: 27a9cc72342ca20801007f04cf907d878a7f89b24022e3e96f36ed29d66d59d7
Opcode Fuzzy Hash: d2b5ff50da1051f8c2f26e0949241a3358f834c28b1c618196d6f73b7975857c
Instruction Fuzzy Hash: 62C09B3537930159F75467F92C0BB75114DDF01F12F24411DF659D82C1FD51C5405536

Analysis Process: ek5v3q1axkfpqwron.exePID: 8432, Parent PID: 7652COMMON

Execution Graph

Execution Coverage:	19.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	2000
Total number of Limit Nodes:	64

Executed Functions

Function 001D10A0 Relevance: 88.5, APIs: 13, Strings: 35, Instructions: 4533libraryloaderthreadCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(Ker), ref: 001D1DBD
GetProcAddress.KERNEL32(00007243), ref: 001D2066
GetProcAddress.KERNEL32(Creat), ref: 001D21F4
GetProcAddress.KERNEL32(SetEv), ref: 001D2306
GetProcAddress.KERNEL32(00006157), ref: 001D24D3
GetProcAddress.KERNEL32(CloseHandleSetEv), ref: 001D28DD
GetProcAddress.KERNEL32(65656C53), ref: 001D2A92
_memset.LIBCMT ref: 001D2DC4
CreateThread.KERNELBASE(00000000,00000000,001E7490,00000128,00000000,00000000), ref: 001D39A6
CloseHandle.KERNELBASE(00000000,?,?,00000000), ref: 001D3D76

Strings

vent, xrefs: 001D1AA9
e, xrefs: 001D1B42
rSin, xrefs: 001D1ABC
Wa, xrefs: 001D1A82
eate, xrefs: 001D1B01
"}N, xrefs: 001D138B
fM, xrefs: 001D1339
Ker, xrefs: 001D1DB6, 001D1DBC
A, xrefs: 001D1B59
j1v{, xrefs: 001D3CEE, 001D5166, 001D5170, 001D6D0C, 001D6D1B
2., xrefs: 001D1B80
dll, xrefs: 001D1AED
o, xrefs: 001D1B52
ead, xrefs: 001D1A8B
i, xrefs: 001D1B72
Cr, xrefs: 001D1B62
ct, xrefs: 001D1AE4
p, xrefs: 001D1B49
i}kN, xrefs: 001D13BF
8e#!, xrefs: 001D18FA
CloseHandleSetEv, xrefs: 001D28C6, 001D28CC
nel3, xrefs: 001D1A95
eThr, xrefs: 001D1B31
ent, xrefs: 001D1A9F
Creat, xrefs: 001D21C7, 001D21E1
tF, xrefs: 001D1B15
]D87, xrefs: 001D1130
Slee, xrefs: 001D1B1E
E, xrefs: 001D1B79
U;8, xrefs: 001D47AE
eObj, xrefs: 001D1ADA
SetEv, xrefs: 001D22F9, 001D22FF
gl, xrefs: 001D1B28
_W!, xrefs: 001D2C67, 001D3620, 001D456C
T+, xrefs: 001D552F

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: AddressProc$Handle$CloseCreateModuleThread_memset
String ID: U;8$"}N$2.$8e#!$A$CloseHandleSetEv$Cr$Creat$E$Ker$SetEv$Slee$T+$Wa$]D87$_W!$ct$dll$e$eObj$eThr$ead$eate$ent$fM$gl$i$i}kN$j1v{$nel3$o$p$rSin$tF$vent
API String ID: 3360259145-3223800096
Opcode ID: 1789894abfa704d5d99e5afa821fa3419e2aa34e6551ddba31cf8f74a4bbdcbd
Instruction ID: 1fead710ce27699fee746c0ca4b4820940a1192736ca151877ebfde26029d17d
Opcode Fuzzy Hash: 1789894abfa704d5d99e5afa821fa3419e2aa34e6551ddba31cf8f74a4bbdcbd
Instruction Fuzzy Hash: 81B34F31C10B59EEC727CFB5A8556A9B374BF6A380F10A386E809B6161FB3655C6DF00

Function 001F8C10 Relevance: 27.6, APIs: 18, Instructions: 619
memorylibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strcat.LIBCMT ref: 001F8E56
GetProcessHeap.KERNEL32(?,?,?,?,?,00000000), ref: 001F8E66
LoadLibraryA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,00000000), ref: 001F8F1F

Part of subcall function 001DE120: _malloc.LIBCMT ref: 001DE1CF

GetProcAddress.KERNEL32(00000000,00000000), ref: 001F8F75

Part of subcall function 001DE550: _memset.LIBCMT ref: 001DE56E
Part of subcall function 001DE550: _free.LIBCMT ref: 001DE596

FreeLibrary.KERNEL32(00000000,?,?,?,00000000,?,?,?,00000000,?,?,?,?,?,00000000), ref: 001F8F8D
HeapAlloc.KERNEL32(00000000,00000000,00000288,?,?,?,00000000,?,?,?,00000000), ref: 001F9006
FreeLibrary.KERNEL32(00000100,?,?,?,00000000,?,?,?,00000000,?,?,?,?,?,00000000), ref: 001F9015

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: Library$FreeHeap$AddressAllocLoadProcProcess_free_malloc_memset_strcat
String ID:
API String ID: 1947443141-0
Opcode ID: 667abc305e19ebd28fb54079d9999cb717d83e8c0e1e2e3866c57dc46802c314
Instruction ID: 89c67354a83d78d6c6161267d61452e5ac4d2a128d8ded5a3c8ebf7d11b68d07
Opcode Fuzzy Hash: 667abc305e19ebd28fb54079d9999cb717d83e8c0e1e2e3866c57dc46802c314
Instruction Fuzzy Hash: 85528D31C10A09EEC712DFB5FC556AAB778BF6A380B10D316E905BA261FB3655C6CB40

Function 001DD460 Relevance: 13.7, APIs: 9, Instructions: 192
serviceCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenSCManagerA.SECHOST(00000000,00000000,00000002,00000000), ref: 001DD4AF
CreateServiceA.ADVAPI32(00000000,00736488,00736488,000F01FF,00000110,00000002,00000000,4EF0193E,00000000,00000000,00000000,00000000,00000000,00000000), ref: 001DD534
ChangeServiceConfig2A.ADVAPI32(00000000,00000001,?), ref: 001DD57B
StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 001DD598
CloseServiceHandle.ADVAPI32(00000000), ref: 001DD5B7
OpenServiceA.ADVAPI32(00000000,00000010), ref: 001DD5D8
StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 001DD648
CloseServiceHandle.ADVAPI32(00000000), ref: 001DD65C
CloseServiceHandle.ADVAPI32(00000000), ref: 001DD6A8

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: Service$CloseHandle$OpenStart$ChangeConfig2CreateManager
String ID:
API String ID: 3525021261-0
Opcode ID: 92b86c44ebcc90e2f80d5c7d6927220a4d92d26cc63f3583916cbcb57f1f438e
Instruction ID: 676764944cd0fd8c36fa17e60228cfb922b4b9a9547f9647e31d7a280edfa5a0
Opcode Fuzzy Hash: 92b86c44ebcc90e2f80d5c7d6927220a4d92d26cc63f3583916cbcb57f1f438e
Instruction Fuzzy Hash: CB915931D10F0DAAC713CFB6A8186AEF778BF9A781F10D302E816761A0EB7155C68B04

Function 001DD8E0 Relevance: 10.8, APIs: 7, Instructions: 290
libraryloaderencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(00000000), ref: 001DDAD2
GetProcAddress.KERNEL32(00000000), ref: 001DDB2C
CryptGenRandom.ADVAPI32(00000004,?), ref: 001DDC5E
_rand.LIBCMT ref: 001DDD1E
_rand.LIBCMT ref: 001DDD25
_rand.LIBCMT ref: 001DDD30
_rand.LIBCMT ref: 001DDD37

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _rand$AddressProc$CryptRandom
String ID:
API String ID: 2249235034-0
Opcode ID: 11e439ea9a87cb5100b061b3ba60dab6c8893e4d5df39db76531104a8859d82b
Instruction ID: 692ee30559b2ba81092c01cf115a38f31aa0484b980fe783e078aebcb7078dc7
Opcode Fuzzy Hash: 11e439ea9a87cb5100b061b3ba60dab6c8893e4d5df39db76531104a8859d82b
Instruction Fuzzy Hash: 9CD1AF31C10A48EECB12DFF5F8595ADB774FF6A390B14A316E811B62A1EB3255C6DB00

Function 001E1B40 Relevance: 276.5, APIs: 144, Strings: 11, Instructions: 5246COMMON

Download Yara Rule

APIs

Part of subcall function 001DB2A0: WaitForSingleObject.KERNEL32(?,00004E20), ref: 001DB2C5

Part of subcall function 001FFF22: _doexit.LIBCMT ref: 001FFF2C

_malloc.LIBCMT ref: 001E2593
_memset.LIBCMT ref: 001E262A

Strings

j1v{, xrefs: 001E2AEA, 001E3A1D, 001E3A3E
C:\qkcgyxexucxsiyk\jqvkzish.exe, xrefs: 001E6A53, 001E6A63, 001E6EDB, 001E6F03, 001E6F1D, 001E7087
yG_5, xrefs: 001E3049, 001E37CA
jz8, xrefs: 001E5AA2
E:9, xrefs: 001E6915, 001E2459
_W!, xrefs: 001E79F6
C:\Users\user, xrefs: 001E5897
->`b, xrefs: 001E4AE3
E:9, xrefs: 001E204E
)bg, xrefs: 001E37CD
yG_5, xrefs: 001E2106

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: ObjectSingleWait_doexit_malloc_memset
String ID: ->`b$C:\Users\user$C:\qkcgyxexucxsiyk\jqvkzish.exe$_W!$j1v{$yG_5$yG_5$)bg$E:9$E:9$jz8
API String ID: 3291073784-2701354279
Opcode ID: b307125273f6e53687da66d6298e1b833d8e78a46e23e49766a0310b901ea61c
Instruction ID: da6484f57ef9d1740e0b42a98687323ed2be918801ddba7e94ad1275ac6c3523
Opcode Fuzzy Hash: b307125273f6e53687da66d6298e1b833d8e78a46e23e49766a0310b901ea61c
Instruction Fuzzy Hash: 49B3B231C00B58EAD722DFB5FC596A9B774BF6A380F009356E9097A262FB3555C6CB00

Function 001E1B80 Relevance: 221.2, APIs: 114, Strings: 10, Instructions: 4198COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 001E2593
_memset.LIBCMT ref: 001E262A

Strings

j1v{, xrefs: 001E2AEA, 001E3A1D, 001E3A3E
yG_5, xrefs: 001E3049, 001E37CA
jz8, xrefs: 001E5AA2
E:9, xrefs: 001E6915, 001E2459
_W!, xrefs: 001E79F6
C:\Users\user, xrefs: 001E5897
->`b, xrefs: 001E4AE3
E:9, xrefs: 001E204E
)bg, xrefs: 001E37CD
yG_5, xrefs: 001E2106

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _malloc_memset
String ID: ->`b$C:\Users\user$_W!$j1v{$yG_5$yG_5$)bg$E:9$E:9$jz8
API String ID: 4137368368-420926361
Opcode ID: b752b3fc841e3aebad731c9ac9e32a5036674f535eb774a8d15632d53a18e939
Instruction ID: 70c4a3e5f61c687157dd01800a56e4b0efb2c29022999a4649347f9396e90d05
Opcode Fuzzy Hash: b752b3fc841e3aebad731c9ac9e32a5036674f535eb774a8d15632d53a18e939
Instruction Fuzzy Hash: 8493B231C00B58FED722EFB5BC59699B774AF6A380F009356E8057A262FB7655C6CB00

Function 001E00B0 Relevance: 41.2, APIs: 19, Strings: 4, Instructions: 900
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExA.KERNEL32(002244C8,74DEF550,00000000,00000000), ref: 001E0305
CreateDirectoryA.KERNELBASE(?,00000000), ref: 001E0575

Part of subcall function 001DE550: _memset.LIBCMT ref: 001DE56E
Part of subcall function 001DE550: _free.LIBCMT ref: 001DE596

DeleteFileA.KERNELBASE(?,?,?,?,?,?,00000000), ref: 001E0698
RemoveDirectoryA.KERNELBASE(00000000,?,?,?,?,?,00000000), ref: 001E06CE
CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 001E07F4
_strcat.LIBCMT ref: 001E0806
CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 001E089E
__snprintf.LIBCMT ref: 001E09E9
CreateDirectoryA.KERNEL32(?,00000000), ref: 001E0AE1

Part of subcall function 001DE120: _malloc.LIBCMT ref: 001DE1CF

__snprintf.LIBCMT ref: 001E0A8E
_strcat.LIBCMT ref: 001E0B68
CreateDirectoryA.KERNEL32(?,00000000), ref: 001E0B9D
GetTempPathA.KERNEL32(00000104,?,?,?,?,?,?,00000000), ref: 001E0D22
_strcat.LIBCMT ref: 001E0E50
CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 001E0E8C
GetTempPathA.KERNEL32(00000104,?,?,?,?,?,?,00000000), ref: 001E0FB1
_strcat.LIBCMT ref: 001E0FD2
SetFileAttributesA.KERNELBASE(?,00000002,?,?,?,?,?,?,00000000), ref: 001E10C4
_memset.LIBCMT ref: 001E10D8

Strings

j1v{, xrefs: 001E0FC1
\, xrefs: 001E0DBC
C:\Users\user, xrefs: 001E09DD, 001E0A7C
C:\qkcgyxexucxsiyk\, xrefs: 001E0801, 001E0B63, 001E0E4B, 001E0FCD

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: Directory$Create$_strcat$FilePathTemp__snprintf_memset$AttributesDeleteRemoveVersion_free_malloc
String ID: C:\Users\user$C:\qkcgyxexucxsiyk\$\$j1v{
API String ID: 1290010854-1099778286
Opcode ID: 1689695b57c7cfe2bff908e84bebe3ee5421c62218e3e5944e95ee75d952f0ba
Instruction ID: f35abe922b29b83a879787f2e4aaca98f203516ca08c24e75db9ad913d3df638
Opcode Fuzzy Hash: 1689695b57c7cfe2bff908e84bebe3ee5421c62218e3e5944e95ee75d952f0ba
Instruction Fuzzy Hash: B7928E31C10A4DEACB12DFB6EC456ADB378AF69340F00D356E905B6162FB7166CADB40

Function 00200A9D Relevance: 19.6, APIs: 13, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___security_init_cookie.LIBCMT ref: 00200A9D
___crtGetShowWindowMode.LIBCMT ref: 00200AB3

Part of subcall function 00201D30: GetStartupInfoW.KERNEL32(?), ref: 00201D3A

_fast_error_exit.LIBCMT ref: 00200B16
_fast_error_exit.LIBCMT ref: 00200B27
__RTC_Initialize.LIBCMT ref: 00200B2D
__ioinit.LIBCMT ref: 00200B36
_fast_error_exit.LIBCMT ref: 00200B41
GetCommandLineA.KERNEL32(0021FDA0,00000014), ref: 00200B47
___crtGetEnvironmentStringsA.LIBCMT ref: 00200B52
__setargv.LIBCMT ref: 00200B5C
__setenvp.LIBCMT ref: 00200B6D
__cinit.LIBCMT ref: 00200B80
__wincmdln.LIBCMT ref: 00200B91

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _fast_error_exit$___crt$CommandEnvironmentInfoInitializeLineModeShowStartupStringsWindow___security_init_cookie__cinit__ioinit__setargv__setenvp__wincmdln
String ID:
API String ID: 1579532436-0
Opcode ID: 8471865db25c44fa7698712e82b4d5c9a2f4327c155130685c535e87cb852232
Instruction ID: 80a3c36ea6532679cdf8f397d28623af518850c2c39b92ccb2be21eac8bcce2e
Opcode Fuzzy Hash: 8471865db25c44fa7698712e82b4d5c9a2f4327c155130685c535e87cb852232
Instruction Fuzzy Hash: 8F21F731A7031AA9FB20BBB059CAF7E32549F1075CF50406AFA04AA0D3DFF4C9A08A51

Function 001F82D0 Relevance: 18.0, APIs: 8, Strings: 2, Instructions: 550
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetComputerNameA.KERNEL32(?,00000010), ref: 001F8543
_strcat.LIBCMT ref: 001F8564
_strcat.LIBCMT ref: 001F8673
_strcat.LIBCMT ref: 001F86CC
_memset.LIBCMT ref: 001F86EF
_memset.LIBCMT ref: 001F8BCA
_memset.LIBCMT ref: 001F8BDA
_memset.LIBCMT ref: 001F8BED

Strings

<XM, xrefs: 001F8306
J}, xrefs: 001F8502, 001F8509, 001F8B4C

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _memset$_strcat$ComputerName
String ID: J}$<XM
API String ID: 1094313773-3228054999
Opcode ID: 83fbcc9822afa43fd34823131209026e2327eeca6bbaf19396097cb085ee4b53
Instruction ID: 2a0742411952cca8020fbea1269c6f2f45573ea984b2cad9ea554d063847fe08
Opcode Fuzzy Hash: 83fbcc9822afa43fd34823131209026e2327eeca6bbaf19396097cb085ee4b53
Instruction Fuzzy Hash: 7432AF31C10618EACB15EFF4EC956BDB3B4AF29340F109316E906B71A2FB35658ACB50

Function 001DAEE0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 223
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001DB2A0: WaitForSingleObject.KERNEL32(?,00004E20), ref: 001DB2C5

CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 001DAFF0
ReadFile.KERNEL32(00000000,?,00005000,?,00000000), ref: 001DB0D3
CloseHandle.KERNEL32(00000000,?,?,?), ref: 001DB1E1
_memset.LIBCMT ref: 001DB220
CloseHandle.KERNEL32(00000000,?), ref: 001DB235
_memset.LIBCMT ref: 001DB282

Strings

j1v{, xrefs: 001DB053

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CloseFileHandle_memset$CreateObjectReadSingleWait
String ID: j1v{
API String ID: 2757182182-4005835032
Opcode ID: 68a5de797538f1f354c3f249fad8855ca665f35b8dd43977d90177d8537a16f4
Instruction ID: b61c0e0a938ba390c7bd0a648830a908dcbb71c5c0d645177dd218e52e04a3ed
Opcode Fuzzy Hash: 68a5de797538f1f354c3f249fad8855ca665f35b8dd43977d90177d8537a16f4
Instruction Fuzzy Hash: 6E91D131D10B48FACB12DFB5AC555AEB378AF9A380F109316E906B6261FB3255C6CB50

Function 001DA970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 001DA9DD
_memset.LIBCMT ref: 001DA9EA
CreateProcessA.KERNELBASE(6F27C689,CE90F1CB,00000000,00000000,00000000,00000008,00000000,00000000,00000044,?), ref: 001DAA67
CloseHandle.KERNEL32(001E7244), ref: 001DAA74
CloseHandle.KERNEL32(?), ref: 001DAAAB

Strings

D, xrefs: 001DAA06

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CloseHandle_memset$CreateProcess
String ID: D
API String ID: 1151464618-2746444292
Opcode ID: e881b2ede54ff69086a4d0717c96d483075ead78f939f9017c6d96f1edb3a79e
Instruction ID: 7d1bfd821e1702930901e460c9bf42755a398faf368c7b8769de51922b9abf27
Opcode Fuzzy Hash: e881b2ede54ff69086a4d0717c96d483075ead78f939f9017c6d96f1edb3a79e
Instruction Fuzzy Hash: BC418C31D1064CFEC712CFB1E84679CB7B8AF59340F109312E904B62A1EB726A96CF04

Function 001DAB30 Relevance: 4.7, APIs: 3, Instructions: 211
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001DB2A0: WaitForSingleObject.KERNEL32(?,00004E20), ref: 001DB2C5

CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000000,00000000,4E86B585), ref: 001DACC1

Part of subcall function 001DB340: ReleaseMutex.KERNEL32(?), ref: 001DB357

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CreateFileMutexObjectReleaseSingleWait
String ID:
API String ID: 1564016613-0
Opcode ID: e8d355bbe5acdea2ac1c39a2d74cdc9e671999eed4b0fc73be9dddcd4bfdbb8d
Instruction ID: 1e17006f7a43f2c05de66a4c9993cfcdee96e07cf903648435e1bfc5a8e98c87
Opcode Fuzzy Hash: e8d355bbe5acdea2ac1c39a2d74cdc9e671999eed4b0fc73be9dddcd4bfdbb8d
Instruction Fuzzy Hash: 33919C32C10A48EACB12CFF5EC556AEB778BF5A780F009316E80576162EB3656D6DB40

Function 001F2230 Relevance: 4.6, APIs: 3, Instructions: 88
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 001F22ED
CheckTokenMembership.KERNELBASE(00000000,?,?), ref: 001F2311
FreeSid.ADVAPI32(?), ref: 001F2380

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 92ed5c6293a61a43dc41c976cb59b3977a4804e24654994c9d97e3fbce9cbb6e
Instruction ID: 0b8797f13c73bc38dab6f28891082717a5b6bd662a8ebeab3d4eb403e5603fca
Opcode Fuzzy Hash: 92ed5c6293a61a43dc41c976cb59b3977a4804e24654994c9d97e3fbce9cbb6e
Instruction Fuzzy Hash: 61415035D00B09FAC712CFB4E8496AEB7B8FF1A381F109356E805BA151EB365686CB40

Function 001E1280 Relevance: 3.1, APIs: 2, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 001E1495

Part of subcall function 001DE120: _malloc.LIBCMT ref: 001DE1CF

Part of subcall function 001DE550: _memset.LIBCMT ref: 001DE56E
Part of subcall function 001DE550: _free.LIBCMT ref: 001DE596

Part of subcall function 001DAEE0: CreateFileA.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 001DAFF0

_memset.LIBCMT ref: 001E14BC

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _memset$CreateFile_free_malloc
String ID:
API String ID: 2908176987-0
Opcode ID: 367161d23b658ecb99e62b8e5bb140862b8dd7be7cf5d4410ce63983e46ff056
Instruction ID: 326b5a2d500ce738e102989bf6dac6e26bbf51492fbcecbc637c20bc63c256f8
Opcode Fuzzy Hash: 367161d23b658ecb99e62b8e5bb140862b8dd7be7cf5d4410ce63983e46ff056
Instruction Fuzzy Hash: 5151A631C00B49FAC712DFB6BC55699B338AF6A340F00A352E905B6162FB7256DADF40

Function 001E1110 Relevance: 3.1, APIs: 2, Instructions: 83
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000000,00000000,?,?,?,?,?,?,00000000), ref: 001E11E3
_memset.LIBCMT ref: 001E1211

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CreateFile_memset
String ID:
API String ID: 3830271748-0
Opcode ID: 0415faf6bbf61938f6c42a0a9a24e9c1a7f76789bc3f7f7be52bb7e833b7c17c
Instruction ID: d3653566e44fc23df9a53072f3d369b9e0ab9399b397fcbf47fd347bcc775ae5
Opcode Fuzzy Hash: 0415faf6bbf61938f6c42a0a9a24e9c1a7f76789bc3f7f7be52bb7e833b7c17c
Instruction Fuzzy Hash: C931A031C00B1DAACB12DFB5AC1579EB738AF6A780F10C752F9067A291EB745686CA40

Function 001FFC69 Relevance: 3.0, APIs: 2, Instructions: 7
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 001FFC6F

Part of subcall function 001FFC35: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,001FFC74,00000000,?,001FFFE9,000000FF,0000001E,00000000,00000000,00000000,?,00201324), ref: 001FFC44
Part of subcall function 001FFC35: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 001FFC56

ExitProcess.KERNEL32 ref: 001FFC78

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 4a4be5c4d69115133200a463f4cf990dc079ed0deec159c76c37e3ea685e8388
Instruction ID: 040b82a4a56f3ae6605e28d3f1b05665b2138f2443cb98cbd899a138113b7661
Opcode Fuzzy Hash: 4a4be5c4d69115133200a463f4cf990dc079ed0deec159c76c37e3ea685e8388
Instruction Fuzzy Hash: A0B0923000010EBBCF012F11EC0A8993F6AEF106A0B008024F90A08031DFB2AA939A80

Function 001FFF22 Relevance: 1.5, APIs: 1, Instructions: 9
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 001FFF2C

Part of subcall function 001FFDF3: __lock.LIBCMT ref: 001FFE01
Part of subcall function 001FFDF3: DecodePointer.KERNEL32(0021FCB8,0000001C,001FFD4C,00000000,00000001,00000000,?,001FFC9A,000000FF,?,00201B56,00000011,?,?,002033FF,0000000D), ref: 001FFE40
Part of subcall function 001FFDF3: DecodePointer.KERNEL32(?,001FFC9A,000000FF,?,00201B56,00000011,?,?,002033FF,0000000D), ref: 001FFE51
Part of subcall function 001FFDF3: EncodePointer.KERNEL32(00000000,?,001FFC9A,000000FF,?,00201B56,00000011,?,?,002033FF,0000000D), ref: 001FFE6A
Part of subcall function 001FFDF3: DecodePointer.KERNEL32(-00000004,?,001FFC9A,000000FF,?,00201B56,00000011,?,?,002033FF,0000000D), ref: 001FFE7A
Part of subcall function 001FFDF3: EncodePointer.KERNEL32(00000000,?,001FFC9A,000000FF,?,00201B56,00000011,?,?,002033FF,0000000D), ref: 001FFE80
Part of subcall function 001FFDF3: DecodePointer.KERNEL32(?,001FFC9A,000000FF,?,00201B56,00000011,?,?,002033FF,0000000D), ref: 001FFE96
Part of subcall function 001FFDF3: DecodePointer.KERNEL32(?,001FFC9A,000000FF,?,00201B56,00000011,?,?,002033FF,0000000D), ref: 001FFEA1

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: Pointer$Decode$Encode$__lock_doexit
String ID:
API String ID: 2158581194-0
Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction ID: 0b38a86f0abb13e771ef13d2b3f61284921a9b57dcafce97461133f68ee133c9
Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction Fuzzy Hash: E1B0127158030C33D9112581EC03F153B0C5B50B54F200031FB0C2C2E1A6D3756240C9

Non-executed Functions

Function 001F23B0 Relevance: 12.2, APIs: 8, Instructions: 193serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerA.ADVAPI32(00000000,00000000,80000000,?,00000000), ref: 001F2452
EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,?,00000024,?,?,00000000,?,00000000), ref: 001F247C
GetLastError.KERNEL32(?,00000000), ref: 001F2484
_malloc.LIBCMT ref: 001F24AB
EnumServicesStatusA.ADVAPI32(00000000,00000030,00000003,00000000,?,?,?,00000000,00000000), ref: 001F24D3
__snprintf.LIBCMT ref: 001F2549
_free.LIBCMT ref: 001F2598
CloseServiceHandle.ADVAPI32(00000000,00000000), ref: 001F25A1

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: EnumServicesStatus$CloseErrorHandleLastManagerOpenService__snprintf_free_malloc
String ID:
API String ID: 3403677689-0
Opcode ID: f0a5d43d1c3b62944ef2e006f9a01123b37f55cc849d83e9f633daf6e8155756
Instruction ID: 9264dd600ce004231ed69519f40dfee9d89c72afc0baddaa1f1ab36d863cf485
Opcode Fuzzy Hash: f0a5d43d1c3b62944ef2e006f9a01123b37f55cc849d83e9f633daf6e8155756
Instruction Fuzzy Hash: 3871BF32D0020DFACB11DFF6E885AEEB778EF59340F149716EA0477190E7752A869B90

Function 001DA590 Relevance: 9.2, APIs: 6, Instructions: 219filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 001F96C0: _strcat.LIBCMT ref: 001F96E2

Sleep.KERNEL32(000003E8,?,00000000,00000000), ref: 001DA653
FindFirstFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001DA816
DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001DA8C7
FindNextFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001DA8D5
FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001DA914
_memset.LIBCMT ref: 001DA95F

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: FileFind$CloseDeleteFirstNextSleep_memset_strcat
String ID:
API String ID: 1172265220-0
Opcode ID: e99ece68a79a36d0958a146a9eec49fcc469a83323a4f9353c74b2dec1a66a4f
Instruction ID: 5f9d0d75d0dd9fa9256635b134b0b1698067c46e69c9897fc11df27e8d4f7c81
Opcode Fuzzy Hash: e99ece68a79a36d0958a146a9eec49fcc469a83323a4f9353c74b2dec1a66a4f
Instruction Fuzzy Hash: 45A19C31C00A0CEACB12DFB5E8596ADB778FF5A340F149356E906B6261EB355AC6CB40

Function 001EFF50 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 377pipeprocessfileCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 001F0038
CreatePipe.KERNEL32(?,?,0000000C,00000000,?,00000000,00000000), ref: 001F00DC
SetHandleInformation.KERNEL32(?,00000001,00000000,?,00000000,00000000), ref: 001F00F1
CreatePipe.KERNEL32(?,?,0000000C,00000000,?,00000000,00000000), ref: 001F019B
SetHandleInformation.KERNEL32(?,00000001,00000000,?,00000000,00000000), ref: 001F0279
_memset.LIBCMT ref: 001F0287
_memset.LIBCMT ref: 001F02CE
CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 001F03F5
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F043F
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F0461
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F046A
WriteFile.KERNEL32(?,90D98B10,CD9B3DAB,?,00000000,?,?,?,?,?,?,?,00000000,00000000), ref: 001F04CF
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F04EA
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F0505
WaitForSingleObject.KERNEL32(?,00002710,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F056E
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F0577
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F058A
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000), ref: 001F05AF

Strings

D, xrefs: 001F02E9

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: Handle$Close$Create_memset$InformationPipe$FileObjectProcessSingleWaitWrite
String ID: D
API String ID: 1810108774-2746444292
Opcode ID: ce9462833fc5f75e6d72505586828d534d758654f256c174117c995bc6effc5a
Instruction ID: a92c0d4b958eaf063b809e23b14b348319f37cc86ba1f9826b76cc683d7dbf63
Opcode Fuzzy Hash: ce9462833fc5f75e6d72505586828d534d758654f256c174117c995bc6effc5a
Instruction Fuzzy Hash: 0D025C31C10B4DEECB12CFB5EC596ADB778BF5A380F10A316E905B6162EB355686DB00

Function 001E14E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 231processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000), ref: 001E1579
Process32First.KERNEL32(00000000,00000128), ref: 001E1665
_strcat.LIBCMT ref: 001E1698

Strings

j1v{, xrefs: 001E163F, 001E1658

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32_strcat
String ID: j1v{
API String ID: 4070235666-4005835032
Opcode ID: 359a86962d306e9106ac5daf96d56fcb0d6bee0a71ccbdc19374e5fb14cc4703
Instruction ID: 234d6a42778d380dde0591c2206ae9b0bd72e8f8a8fa6a7e3585fe28fc9e42cb
Opcode Fuzzy Hash: 359a86962d306e9106ac5daf96d56fcb0d6bee0a71ccbdc19374e5fb14cc4703
Instruction Fuzzy Hash: 1AA1D232C10A4CFAC712CFB6EC495ADB378BF69740B149756E805B2161FB356ADACB00

Function 001DD090 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 174registrysynchronizationCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerA.ADVAPI32(Function_0000CE40), ref: 001DD1D8
SetServiceStatus.ADVAPI32(00224780), ref: 001DD214
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 001DD27D
SetServiceStatus.ADVAPI32(00224780), ref: 001DD2A4
WaitForSingleObject.KERNEL32(00001388), ref: 001DD2CD
SetServiceStatus.ADVAPI32(00224780), ref: 001DD35F
CloseHandle.KERNEL32 ref: 001DD392
SetServiceStatus.ADVAPI32(00224780), ref: 001DD401

Strings

]/da, xrefs: 001DD224
>&|, xrefs: 001DD311

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: Service$Status$CloseCreateCtrlEventHandleHandlerObjectRegisterSingleWait
String ID: ]/da$>&|
API String ID: 3399922960-1858257644
Opcode ID: fea97bbd8fb6d47b2bffec3c0734470692eaf90b31a036bf60f5ed8d957b2d0f
Instruction ID: 036f02f6b2ab6d0e4345e86f5508dff97ebb478bffb017b60b4a8ae88da0c840
Opcode Fuzzy Hash: fea97bbd8fb6d47b2bffec3c0734470692eaf90b31a036bf60f5ed8d957b2d0f
Instruction Fuzzy Hash: 81815D31900608FEC726DFF8FC59669BBB4FF5A340F10A316E805B6260EB76558ADB40

Function 001F3140 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 226synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 001DB2A0: WaitForSingleObject.KERNEL32(?,00004E20), ref: 001DB2C5

GetModuleFileNameA.KERNEL32(00000000,002247C8,00000104), ref: 001F3296
_strcat.LIBCMT ref: 001F32B0
_memset.LIBCMT ref: 001F3300
GetTickCount.KERNEL32 ref: 001F3388
__vfwprintf_p.LIBCMT ref: 001F349A
ReleaseMutex.KERNEL32 ref: 001F34C0

Part of subcall function 001DD7B0: GetModuleFileNameA.KERNEL32(00000000,001F7F53,00000104,00000000), ref: 001DD7EF

Strings

oI\:, xrefs: 001F322B

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: FileModuleName$CountMutexObjectReleaseSingleTickWait__vfwprintf_p_memset_strcat
String ID: oI\:
API String ID: 123108371-3980936684
Opcode ID: bbb438a42bb256dcd4ae5b308380db8dc0a984d6e039471c81750b3de812776c
Instruction ID: cd66857390953c1b3db904d9b36498bf88dbd6e53a5c58001efc8f5e73551aa6
Opcode Fuzzy Hash: bbb438a42bb256dcd4ae5b308380db8dc0a984d6e039471c81750b3de812776c
Instruction Fuzzy Hash: D5A1C331810B48FEC723EFF4BC5956AB778AF5A781B00A316E9067A161EB3645D7CB40

Function 001DFC60 Relevance: 12.2, APIs: 8, Instructions: 250fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000), ref: 001DFCF1
ReadFile.KERNEL32(00000000,00000000,4EEBF2B6,?,00000000), ref: 001DFD40
CloseHandle.KERNEL32(00000000), ref: 001DFD7D

Part of subcall function 001F96C0: _strcat.LIBCMT ref: 001F96E2

GetTickCount.KERNEL32 ref: 001DFDBA

Part of subcall function 001DE5D0: __itow.LIBCMT ref: 001DE60F

_sprintf.LIBCMT ref: 001DFEE2
CreateFileA.KERNEL32(4EADF7CB,40000000,00000000,00000000,00000002,00000000,00000000), ref: 001DFF44
WriteFile.KERNEL32(00000000,00000000,4EEBF2B6,?,00000000), ref: 001DFFB0
CloseHandle.KERNEL32(00000000), ref: 001E0020

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: File$CloseCreateHandle$CountReadTickWrite__itow_sprintf_strcat
String ID:
API String ID: 1645784512-0
Opcode ID: d514eb0081483187beaecdd40ff4a435fde0585b2132ad6ae3025398f23f0caa
Instruction ID: a8b50e844f3569314743f918c629b9ffa04a3489909aab7fc0c492acfec32ffd
Opcode Fuzzy Hash: d514eb0081483187beaecdd40ff4a435fde0585b2132ad6ae3025398f23f0caa
Instruction Fuzzy Hash: A8B1AF31C00608FAC722DFB6BC496ADB734AF59340F14A706E905761A2FB7226DADF54

Function 001F26A0 Relevance: 12.2, APIs: 8, Instructions: 241processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000), ref: 001F274C
Process32First.KERNEL32(00000000,00000128), ref: 001F281D
__snprintf.LIBCMT ref: 001F28B5
CreateToolhelp32Snapshot.KERNEL32(00000008,?,?), ref: 001F2900
Module32First.KERNEL32(00000000,?), ref: 001F2925
CloseHandle.KERNEL32(0000000A,0000000A,?,00000000), ref: 001F2A6F
Process32Next.KERNEL32(00000000,00000128), ref: 001F2AC0

Part of subcall function 001DE120: _malloc.LIBCMT ref: 001DE1CF

Part of subcall function 001DE550: _memset.LIBCMT ref: 001DE56E
Part of subcall function 001DE550: _free.LIBCMT ref: 001DE596

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32$CloseHandleModule32Next__snprintf_free_malloc_memset
String ID:
API String ID: 2771089087-0
Opcode ID: 4095f4ba5ba0ae62dcaf2e33746d2f179b812e351d05c7c4e0f601977c16ec20
Instruction ID: 269d0d30009d5e64c661c443c44acbaf04be73f4068001504a87dc39104d1fde
Opcode Fuzzy Hash: 4095f4ba5ba0ae62dcaf2e33746d2f179b812e351d05c7c4e0f601977c16ec20
Instruction Fuzzy Hash: 04B1CE31D00B0DEAC712DFB5AC595AEB778BF6A380F009356E909BA261EB7155C6CB40

Function 001F7AF0 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 480COMMON

Download Yara Rule

Strings

, xrefs: 001F8198
, xrefs: 001F7E66

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _free_memset
String ID: $
API String ID: 287624719-227171996
Opcode ID: 6a774f14aebc4b2704854608ab01cce79d024e9026eee8a02599d7397b90aac4
Instruction ID: bc412b1450c922114ff18385b80057d1d930ace87db3cfd15f6c23ac772b56e9
Opcode Fuzzy Hash: 6a774f14aebc4b2704854608ab01cce79d024e9026eee8a02599d7397b90aac4
Instruction Fuzzy Hash: 47120332D00A48EAC712DFB5FC556AEB378AF69380F049316F905B6262FB3255D6CB50

Function 001EF3B0 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 376COMMON

Download Yara Rule

Strings

d'n., xrefs: 001EF5D1
%>+2, xrefs: 001EF5B4

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID:
String ID: %>+2$d'n.
API String ID: 0-2693770206
Opcode ID: 7ee5b0e71f4e4962a74b05f1dd46ae304f392146405afbf93b4e908f32ba0c4b
Instruction ID: d4af2509afc42c438b7c71e6a02896f6cd8f85980849cce0c9243cf43f41e3a3
Opcode Fuzzy Hash: 7ee5b0e71f4e4962a74b05f1dd46ae304f392146405afbf93b4e908f32ba0c4b
Instruction Fuzzy Hash: 78F1F231C10A49EECB12CFBAE8552ADF374BFAA380F109356EC05761A1EB3655C69B40

Function 001F2C90 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 286COMMON

Download Yara Rule

APIs

Part of subcall function 001DE120: _malloc.LIBCMT ref: 001DE1CF

__snprintf.LIBCMT ref: 001F2D37

Part of subcall function 001DE550: _memset.LIBCMT ref: 001DE56E
Part of subcall function 001DE550: _free.LIBCMT ref: 001DE596

_memset.LIBCMT ref: 001F2DBC
_memset.LIBCMT ref: 001F310D

Strings

J}, xrefs: 001F2ED1
C:\Users\user, xrefs: 001F2DE0
Fs>., xrefs: 001F2FA2

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _memset$__snprintf_free_malloc
String ID: J}$C:\Users\user$Fs>.
API String ID: 801102166-1786765212
Opcode ID: 289647a9458ce27498e76f82a11873fa83d74b67647b8048448d1ca2085a9c8b
Instruction ID: 0fdcda6222ac843a06e28f23758b1265d31fbe0e6ec452702a986869a0c1b83d
Opcode Fuzzy Hash: 289647a9458ce27498e76f82a11873fa83d74b67647b8048448d1ca2085a9c8b
Instruction Fuzzy Hash: C6C18E71C0061CEACB12EFF4EC56AEEB778BF29340F409316E505B6192EB316686CB50

Function 001DEC20 Relevance: 10.8, APIs: 7, Instructions: 283sleepfileCOMMON

Download Yara Rule

APIs

Part of subcall function 001DA530: _strcat.LIBCMT ref: 001DA562

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 001DEEC0

Part of subcall function 001DE120: _malloc.LIBCMT ref: 001DE1CF

__snprintf.LIBCMT ref: 001DEF09

Part of subcall function 001DE550: _memset.LIBCMT ref: 001DE56E
Part of subcall function 001DE550: _free.LIBCMT ref: 001DE596

_memset.LIBCMT ref: 001DEFD9
_memset.LIBCMT ref: 001DEFEC
Sleep.KERNEL32(00015F90), ref: 001DF0A5
DeleteFileA.KERNEL32(?), ref: 001DF0B2
_memset.LIBCMT ref: 001DF0C6

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _memset$File$DeleteModuleNameSleep__snprintf_free_malloc_strcat
String ID:
API String ID: 1452756023-0
Opcode ID: 55547c062bb859705e3c76dcaadbb4f3d1db34f8eda9fe75f1d7dc96c532126b
Instruction ID: 73254220b5bda11695de77508f8d0f97a36c2ad92b00c4bd2617ba47dc00403d
Opcode Fuzzy Hash: 55547c062bb859705e3c76dcaadbb4f3d1db34f8eda9fe75f1d7dc96c532126b
Instruction Fuzzy Hash: 7BC1D631D00A48EAC712EFB5EC556AEB378AF59780F009316F905BB262EB3556C6CB50

Function 001E1676 Relevance: 10.6, APIs: 7, Instructions: 143COMMON

Download Yara Rule

APIs

_strcat.LIBCMT ref: 001E1698
OpenProcess.KERNEL32(00000001,00000000,?,?,?,?,?,00000000), ref: 001E1739
TerminateProcess.KERNEL32(00000000,000000FF,?,?,?,?,00000000), ref: 001E174D
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000), ref: 001E17C4
Process32Next.KERNEL32(00000000,00000128), ref: 001E17EE
CloseHandle.KERNEL32(00000000), ref: 001E184F
_memset.LIBCMT ref: 001E1888

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CloseHandleProcess$NextOpenProcess32Terminate_memset_strcat
String ID:
API String ID: 1974761079-0
Opcode ID: c3caf7bc5517fa7be1aa20c5abdef9993c8182a37050f70e85125362ad11a271
Instruction ID: ed5b671d623e9d7abc1d5fe54c564b16a98c5c2c60f9bc0f437c3254667ab957
Opcode Fuzzy Hash: c3caf7bc5517fa7be1aa20c5abdef9993c8182a37050f70e85125362ad11a271
Instruction Fuzzy Hash: 5651C232C00608FAC726DFB5EC496BDB374AF29741F149356E806B2161FB3556D6CB40

Function 00203469 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON

Download Yara Rule

APIs

__init_pointers.LIBCMT ref: 00203469

Part of subcall function 001FFD51: EncodePointer.KERNEL32(00000000,?,0020346E,00200B21,0021FDA0,00000014), ref: 001FFD54
Part of subcall function 001FFD51: __initp_misc_winsig.LIBCMT ref: 001FFD6F
Part of subcall function 001FFD51: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00201DC9
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00201DDD
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00201DF0
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00201E03
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00201E16
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00201E29
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00201E3C
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00201E4F
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00201E62
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00201E75
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00201E88
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00201E9B
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00201EAE
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00201EC1
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00201ED4
Part of subcall function 001FFD51: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00201EE7

__mtinitlocks.LIBCMT ref: 0020346E
__mtterm.LIBCMT ref: 00203477
__calloc_crt.LIBCMT ref: 0020349C
__initptd.LIBCMT ref: 002034BE
GetCurrentThreadId.KERNEL32 ref: 002034C5

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
String ID:
API String ID: 1593083391-0
Opcode ID: 601715fc46ea73be4e3a38730307f7d754f013d0c4cb887b357b98b63712b881
Instruction ID: 4a92d269a59eca8402d70af7af403fdb47247d1b577c1f407ded4209477d564e
Opcode Fuzzy Hash: 601715fc46ea73be4e3a38730307f7d754f013d0c4cb887b357b98b63712b881
Instruction Fuzzy Hash: 86F0B4326793222EE335FBB47C0769A269C9F01731B21462AF994D91E3FF11CA714990

Function 001E18E0 Relevance: 9.1, APIs: 6, Instructions: 147processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000000), ref: 001E1998
Process32First.KERNEL32(00000000,?), ref: 001E19BA
_strcat.LIBCMT ref: 001E1A12
Process32Next.KERNEL32(00000000,00000128), ref: 001E1AC5
CloseHandle.KERNEL32(00000000), ref: 001E1B1A
_memset.LIBCMT ref: 001E1B2E

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset_strcat
String ID:
API String ID: 1640862104-0
Opcode ID: d0be8631ffa6027a89cee91dc0862ce7d50b9e79db787a6392d9c338b56991c5
Instruction ID: fd48cd7569d4c6cfe3f8fffd4260247c4ee302c4f7a63d82f7de7d77193b6278
Opcode Fuzzy Hash: d0be8631ffa6027a89cee91dc0862ce7d50b9e79db787a6392d9c338b56991c5
Instruction Fuzzy Hash: 18517031900248EBCB25CFB6E9495ADB7B8FF59300F04925AE905F7261E7319A99CF40

Function 001F2843 Relevance: 9.1, APIs: 6, Instructions: 96processCOMMON

Download Yara Rule

APIs

Part of subcall function 001DE120: _malloc.LIBCMT ref: 001DE1CF

__snprintf.LIBCMT ref: 001F28B5

Part of subcall function 001DE550: _memset.LIBCMT ref: 001DE56E
Part of subcall function 001DE550: _free.LIBCMT ref: 001DE596

CreateToolhelp32Snapshot.KERNEL32(00000008,?,?), ref: 001F2900
Module32First.KERNEL32(00000000,?), ref: 001F2925
CloseHandle.KERNEL32(0000000A,0000000A,?,00000000), ref: 001F2A6F
Process32Next.KERNEL32(00000000,00000128), ref: 001F2AC0
CloseHandle.KERNEL32(00000000), ref: 001F2AD0

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CloseHandle$CreateFirstModule32NextProcess32SnapshotToolhelp32__snprintf_free_malloc_memset
String ID:
API String ID: 1384585931-0
Opcode ID: 85b0a1e0fd7939a52b6da86bf8569ab57bcc0aa2ea358b40b66da131fb0490a9
Instruction ID: 998f64b65c930cb2cbf953f864c78294a1cfa93ca4e8088d2c22bd2e33d62cec
Opcode Fuzzy Hash: 85b0a1e0fd7939a52b6da86bf8569ab57bcc0aa2ea358b40b66da131fb0490a9
Instruction Fuzzy Hash: DC418571900209FACB21DFB5FC496A9B778FF18304F04A355E904B6160EB75668ADF00

Function 001DB590 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 209COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 001DB614
_strcat.LIBCMT ref: 001DB821

Part of subcall function 001DE120: _malloc.LIBCMT ref: 001DE1CF

Part of subcall function 001DE550: _memset.LIBCMT ref: 001DE56E
Part of subcall function 001DE550: _free.LIBCMT ref: 001DE596

Strings

j1v{, xrefs: 001DB7F8
^^MN, xrefs: 001DB5CB
=, xrefs: 001DB5DB

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _memset$_free_malloc_strcat
String ID: =$^^MN$j1v{
API String ID: 3230045079-3753670440
Opcode ID: a5b39d5cb19a151c6bc2dc3ca03167d3eab6f9a197ef30a1df3d5c5ce0de15fc
Instruction ID: cfa7a01339ed8887674c6e02e1ea22e4a17ddcf0a17d452c2c022ca934d6261d
Opcode Fuzzy Hash: a5b39d5cb19a151c6bc2dc3ca03167d3eab6f9a197ef30a1df3d5c5ce0de15fc
Instruction Fuzzy Hash: 6BA19031C10A4DEEC712CFBAA8855AEB774AFAA380B14D716E80576261EB3165D6CB40

Function 001EA880 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 001EA8F1

Part of subcall function 001FFFBC: __FF_MSGBANNER.LIBCMT ref: 001FFFD3
Part of subcall function 001FFFBC: __NMSG_WRITE.LIBCMT ref: 001FFFDA
Part of subcall function 001FFFBC: RtlAllocateHeap.NTDLL(?,00000000,00000001,00000000,00000000,00000000,?,00201324,00000000,00000000,00000000,00000000,?,00201BFD,00000018,0021FDC0), ref: 001FFFFF

_memset.LIBCMT ref: 001EA914
_memset.LIBCMT ref: 001EA9D1
_free.LIBCMT ref: 001EA9E4

Strings

\L5, xrefs: 001EA965

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: _memset$AllocateHeap_free_malloc
String ID: \L5
API String ID: 585861054-1149637256
Opcode ID: 4029271b5c483337592073b4b8ef654967fb877aa7bcd005c1ce3c7008a11f5b
Instruction ID: 6889ae1f52527e179b31ce0f1a824f0c306fc11e3e09b86937c01ba1ee9580d6
Opcode Fuzzy Hash: 4029271b5c483337592073b4b8ef654967fb877aa7bcd005c1ce3c7008a11f5b
Instruction Fuzzy Hash: 70518531810F19EEC712DFB8E85456EF3B8FF5A390B009716E81677211EB719986CB40

Function 001F3620 Relevance: 7.6, APIs: 5, Instructions: 69synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,001F0ECC,001F77B0,00000001), ref: 001F366D
CreateThread.KERNEL32(00000000,00000000,00000001,?,00000000,00000000), ref: 001F3681
CloseHandle.KERNEL32(00000000,?,001F0ECC,001F77B0,00000001), ref: 001F36D5
WaitForSingleObject.KERNEL32(00000000,000000FF,?,001F0ECC,001F77B0,00000001), ref: 001F372A
CloseHandle.KERNEL32(00000000,?,001F0ECC,001F77B0,00000001), ref: 001F3733

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CloseCreateHandle$EventObjectSingleThreadWait
String ID:
API String ID: 1404307249-0
Opcode ID: f7bebeb5656bcd49d642711454c50c1add1a47e4353e8d39aa78cf6a6348cdd0
Instruction ID: 7a7a30c713747ad81732f17980294520d1a3505849641228fe690a5a171124af
Opcode Fuzzy Hash: f7bebeb5656bcd49d642711454c50c1add1a47e4353e8d39aa78cf6a6348cdd0
Instruction Fuzzy Hash: 1F316D30910B08FED322CFB5BC58B49B778BF5A751F60930AF909B76A1EB7555868B00

Function 00209BC5 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00209BD1

Part of subcall function 001FFFBC: __FF_MSGBANNER.LIBCMT ref: 001FFFD3
Part of subcall function 001FFFBC: __NMSG_WRITE.LIBCMT ref: 001FFFDA
Part of subcall function 001FFFBC: RtlAllocateHeap.NTDLL(?,00000000,00000001,00000000,00000000,00000000,?,00201324,00000000,00000000,00000000,00000000,?,00201BFD,00000018,0021FDC0), ref: 001FFFFF

_free.LIBCMT ref: 00209BE4

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 877fee905b14a2a2c0e956da24a6f688aff7be0c8e3954262fbdab55ab333290
Instruction ID: 78e627c8ebb511c752b012481349e135aa6b03ec158cbd3d1aaa2f5f97d79993
Opcode Fuzzy Hash: 877fee905b14a2a2c0e956da24a6f688aff7be0c8e3954262fbdab55ab333290
Instruction Fuzzy Hash: 2011C432928316EFDB216FB4BC4865937D8AF19364F208526FD4B961D3DF3088B09A54

Function 001E7490 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 480synchronizationCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 001E76AC
WaitForSingleObject.KERNEL32(00002710), ref: 001E7924
CloseHandle.KERNEL32 ref: 001E7B02

Strings

_W!, xrefs: 001E79F6

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CloseCreateEventHandleObjectSingleWait
String ID: _W!
API String ID: 2631291778-556952402
Opcode ID: fd80ba902766f93c1beaf25eed6606d679a988946cb4239f316c12d0645d4d3c
Instruction ID: f2f6682663c9aeacfb0ec74920d58ee3231e33d7aafb029e4f144391d5be55f5
Opcode Fuzzy Hash: fd80ba902766f93c1beaf25eed6606d679a988946cb4239f316c12d0645d4d3c
Instruction Fuzzy Hash: 7B328D31C10A89EECB16CFF6E8551ADF7B4BF6A381B10A306E801B6161FB3655C6DB04

Function 001DF356 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 396sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 001D75B0: GetSystemTimeAsFileTime.KERNEL32(001DE0E5,00000014,00000014,?,001DE0E5,00000014), ref: 00200057
Part of subcall function 001D75B0: __aulldiv.LIBCMT ref: 00200077

Part of subcall function 001DE990: Sleep.KERNEL32(000003E8,?,?,?,?,00000000,00000000,?,00000000,0000001F,00000000), ref: 001DEB4F

_memset.LIBCMT ref: 001DF8B0
Sleep.KERNEL32(000008AE), ref: 001DF94A

Strings

C:\qkcgyxexucxsiyk\jqvkzish.exe, xrefs: 001DF9DC
J}, xrefs: 001DF736

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: SleepTime$FileSystem__aulldiv_memset
String ID: J}$C:\qkcgyxexucxsiyk\jqvkzish.exe
API String ID: 906812606-1980911069
Opcode ID: 8b8681637ec2fe019804551bc26dd5064e8a33078ffe7b2e3d22c0028dcb0c61
Instruction ID: 0781091ac4037da3b88e37065df55e2a3b5e360359838808493c451cef6edc0a
Opcode Fuzzy Hash: 8b8681637ec2fe019804551bc26dd5064e8a33078ffe7b2e3d22c0028dcb0c61
Instruction Fuzzy Hash: 4F029031C1064CEECB12DFF5E8859ADB7B4BF69340F14971AE805B6261EB31668ACF50

Function 001DCC40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118registryCOMMON

Download Yara Rule

APIs

RegOpenKeyA.ADVAPI32(80000002,00000000,?), ref: 001DCD54
RegSetValueExA.ADVAPI32(?,00000000,00000001,CE921463,00000000), ref: 001DCDBA
RegCloseKey.ADVAPI32(?), ref: 001DCE29

Strings

htrN, xrefs: 001DCC88

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CloseOpenValue
String ID: htrN
API String ID: 779948276-4437919
Opcode ID: c8d1787068b3f1b1f7e25d9ae3479c6da0989c5333cd1a77cc275147967b8ac1
Instruction ID: 271c0fdf0f071f0871247e06b06367bc9505bf5ca8516d655bb62ab07667acad
Opcode Fuzzy Hash: c8d1787068b3f1b1f7e25d9ae3479c6da0989c5333cd1a77cc275147967b8ac1
Instruction Fuzzy Hash: FE517B32C1064CEECB12DBB7A84559DF734AF59344F14DB56E800761A1E7712AD9EF40

Function 00209554 Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 002095E5
_memmove.LIBCMT ref: 00209659
___AdjustPointer.LIBCMT ref: 002096AA
_memmove.LIBCMT ref: 002096B3

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: AdjustPointer_memmove
String ID:
API String ID: 1721217611-0
Opcode ID: 23291f4fc0bc25c72654e1ab397793835d2a024f3cd77a291ec4836c2cfd9af9
Instruction ID: 69fc0894a0de54f764a30bd3110bd7d264c22c87144f1c4f64e1211c06aac264
Opcode Fuzzy Hash: 23291f4fc0bc25c72654e1ab397793835d2a024f3cd77a291ec4836c2cfd9af9
Instruction Fuzzy Hash: 4341C7752343079EEB299F59D8A1B6677A8AF44320F64441DF8428A1E3EF72D8F1DE10

Function 001E7EF0 Relevance: 6.2, APIs: 4, Instructions: 158COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 001E8000
_malloc.LIBCMT ref: 001E808E

Part of subcall function 001FFFBC: __FF_MSGBANNER.LIBCMT ref: 001FFFD3
Part of subcall function 001FFFBC: __NMSG_WRITE.LIBCMT ref: 001FFFDA
Part of subcall function 001FFFBC: RtlAllocateHeap.NTDLL(?,00000000,00000001,00000000,00000000,00000000,?,00201324,00000000,00000000,00000000,00000000,?,00201BFD,00000018,0021FDC0), ref: 001FFFFF

_memset.LIBCMT ref: 001E80A5
_free.LIBCMT ref: 001E80AC

Part of subcall function 001FFF84: HeapFree.KERNEL32(00000000,00000000,?,002033A7,00000000,002022E7,00209CF5,00000000,?,002012DA,?,?,00000000), ref: 001FFF98
Part of subcall function 001FFF84: GetLastError.KERNEL32(00000000,?,002033A7,00000000,002022E7,00209CF5,00000000,?,002012DA,?,?,00000000,?,?,?,002034A1), ref: 001FFFAA

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: Heap_malloc$AllocateErrorFreeLast_free_memset
String ID:
API String ID: 1931880523-0
Opcode ID: 8e7b15c24fdf06ead57fc4efc2fdc5e33249a1155455e2e09d39569461f9d50f
Instruction ID: b25b394125c6b65e7e85b4b0387ca0ff14154479db5b3ce58cfce2aaf0d7457a
Opcode Fuzzy Hash: 8e7b15c24fdf06ead57fc4efc2fdc5e33249a1155455e2e09d39569461f9d50f
Instruction Fuzzy Hash: 0061B232C10A49EECB13DFBAE84006AF378FF6A390B00D356E80576261EB3255D6CB51

Function 0020C726 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0020C75C
__isleadbyte_l.LIBCMT ref: 0020C78A
MultiByteToWideChar.KERNEL32(560C1730,00000009,?,C06E0F66,00000000,00000000,?,00000000,00000000,?,001E0A93,?,00000000), ref: 0020C7B8
MultiByteToWideChar.KERNEL32(560C1730,00000009,?,00000001,00000000,00000000,?,00000000,00000000,?,001E0A93,?,00000000), ref: 0020C7EE

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 1a8cde806f06127487821a5206cf3138b4c6272ca45a0bc6f3817feccee1a5f8
Instruction ID: 5e3b0d273403d5b239d9b13c3e2a623b6dfc21fee324c3fd6da05a93a37b16b7
Opcode Fuzzy Hash: 1a8cde806f06127487821a5206cf3138b4c6272ca45a0bc6f3817feccee1a5f8
Instruction Fuzzy Hash: BF318371610346EFDB218F75C844BAABBA9FF41360F258219F865971E2E730D960DF90

Function 0020456C Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000), ref: 002045BB
GetLastError.KERNEL32 ref: 002045C5
__free_osfhnd.LIBCMT ref: 002045D2
__dosmaperr.LIBCMT ref: 002045F4

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr__free_osfhnd
String ID:
API String ID: 1721093958-0
Opcode ID: a7fd128009b832fd10d15ef84bcbf37120fde1960ad240a233d7a2e3f574bb60
Instruction ID: 8c30e83eb5bb9e5a2d63cb6739b44859a559e45bb984123634364c218581b889
Opcode Fuzzy Hash: a7fd128009b832fd10d15ef84bcbf37120fde1960ad240a233d7a2e3f574bb60
Instruction Fuzzy Hash: 230148B36303612BC72077707D09B7D2AC54F92730F29C319EB18870C3DA6188614580

Function 002078B0 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 002078D4

Part of subcall function 00207FBB: __fltout2.LIBCMT ref: 00207FE4

__cftog_l.LIBCMT ref: 002078FA
__cftoe_l.LIBCMT ref: 0020792C

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction ID: 48b4eecca417cb28509d7fb79b1b6eb6ad77e6c704f9ff10af2f2ce3e6dbc1fb
Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction Fuzzy Hash: B701497286824EBBCF125E84CC41CEE3F62BB18350B588415FE1859072D237EAB1AB81

Function 00208E98 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 00208EAF

Part of subcall function 002094C6: ___AdjustPointer.LIBCMT ref: 0020950F

_UnwindNestedFrames.LIBCMT ref: 00208EC6
___FrameUnwindToState.LIBCMT ref: 00208ED8
CallCatchBlock.LIBCMT ref: 00208EFC

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
String ID:
API String ID: 2633735394-0
Opcode ID: 47ff991701b949d2c6ac9b0ab3a6bae88cad4e47a60bb843eb0d441dcfe1d101
Instruction ID: 842e0f9443f39a3d5c64a7f6f3457992bd3c25936e008c0fb023b3ba1d017b77
Opcode Fuzzy Hash: 47ff991701b949d2c6ac9b0ab3a6bae88cad4e47a60bb843eb0d441dcfe1d101
Instruction Fuzzy Hash: 7F010532410209BBCF125F55CC05EAB3BBAAF58750F058014FA9866162D732E8B1DFA0

Function 00202A9A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0020332F: __getptd_noexit.LIBCMT ref: 00203330

__lock.LIBCMT ref: 00202ADB
_free.LIBCMT ref: 00202B08

Strings

)", xrefs: 00202AFF

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: __getptd_noexit__lock_free
String ID: )"
API String ID: 1533244847-1964460691
Opcode ID: 114a1a161abb1704794b598cfd941ee96f078e190db2f26a1c615e06ec4850fb
Instruction ID: b558285fbc68de47d9b1e983178365adfe78bc06dd277f1945ba92881c3b899e
Opcode Fuzzy Hash: 114a1a161abb1704794b598cfd941ee96f078e190db2f26a1c615e06ec4850fb
Instruction Fuzzy Hash: A811A532D21726EBC721EFA8944971DB3A0FF04720B15011BE815A32D2CF30AA66CFC0

Function 0020832D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__controlfp_s.LIBCMT ref: 0020833B

Part of subcall function 0020D8AF: __control87.LIBCMT ref: 0020D8D3

__invoke_watson.LIBCMT ref: 0020834E

Strings

csm, xrefs: 0020835C

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: __control87__controlfp_s__invoke_watson
String ID: csm
API String ID: 1371525046-1018135373
Opcode ID: caa10d78398dfa6d9f5e5f608144c9395baa9fad8c98fbd29cc81ca505c82219
Instruction ID: fc23c761e65a1630c47f247c07f10f530a440b45a50a0c0a220f98a63d55eeed
Opcode Fuzzy Hash: caa10d78398dfa6d9f5e5f608144c9395baa9fad8c98fbd29cc81ca505c82219
Instruction Fuzzy Hash: 7AF0BB21221305DFCB286FA96849A6F374D5F50B11F584491F884CA9D3DF50DDB1C4D6

Function 0020431A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0020433C
__calloc_crt.LIBCMT ref: 00204355

Strings

W", xrefs: 0020436C

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: __calloc_crt
String ID: W"
API String ID: 3494438863-3299548907
Opcode ID: acc5aa85f4955d06912e47e94518134cf617c65a9568cbe6f50339e87cfa1f50
Instruction ID: 4925abcdc7c83fde43d740afe2720adc2f95c83f04c4aee3eccac31cecda4fc4
Opcode Fuzzy Hash: acc5aa85f4955d06912e47e94518134cf617c65a9568cbe6f50339e87cfa1f50
Instruction Fuzzy Hash: 8AF0CDB2224712EAF734EFD5BC496A57794F755324F206067E700CE1D9E370C8664744

Function 00201A8D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,00201AC4,00000000,00000000,00000000,00000000,00000000,00208856,?,0020209B,00000003,001FFFD8,00000000,00000000,00000000), ref: 00201A96
__invoke_watson.LIBCMT ref: 00201AB2

Strings

PNv, xrefs: 00201A96

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: DecodePointer__invoke_watson
String ID: PNv
API String ID: 4034010525-4070351811
Opcode ID: 95c9542d860d24977870c950845e03413651682c34fd2df589e214b85c1a3906
Instruction ID: 0625d9f6a7307afc28a5f0c5e5b99c429fb7316601a22328e7a5912040274227
Opcode Fuzzy Hash: 95c9542d860d24977870c950845e03413651682c34fd2df589e214b85c1a3906
Instruction Fuzzy Hash: 8DE01271611209BBDF026FB1DC098AA3F66FF14340B444450FE1480472D736C970DF90

Function 001FCFE1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32 ref: 001FCFE6
__set_abort_behavior.LIBCMT ref: 001FCFF6

Strings

PNv, xrefs: 001FCFE6

Memory Dump Source

Source File: 00000001.00000002.1727898316.00000000001D1000.00000020.00000001.01000000.00000004.sdmp, Offset: 001D0000, based on PE: true

Associated: 00000001.00000002.1727883930.00000000001D0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728429510.0000000000213000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000222000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728694087.0000000000226000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000001.00000002.1728894056.0000000000227000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1d0000_ek5v3q1axkfpqwron.jbxd

Similarity

API ID: DecodePointer__set_abort_behavior
String ID: PNv
API String ID: 4109001881-4070351811
Opcode ID: 4413edba09ea5024050290f12326e42277eb8d7829109f52c928d680307dd872
Instruction ID: 0fb5638f5cc27895d424c7b2ab827ab4ad38e27bd2fd91a13ba304916743ae5c
Opcode Fuzzy Hash: 4413edba09ea5024050290f12326e42277eb8d7829109f52c928d680307dd872
Instruction Fuzzy Hash: 9FC04C3127831569E71466F538067655145AB11B12F204119F615D40C1DD9185A09862

Analysis Process: bsiphbvc.exePID: 9620, Parent PID: 620COMMON

Execution Graph

Execution Coverage:	17.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	2000
Total number of Limit Nodes:	112

Executed Functions

Function 000910A0 Relevance: 86.8, APIs: 13, Strings: 34, Instructions: 4533libraryloaderthreadCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(Ker), ref: 00091DBD
GetProcAddress.KERNEL32(00007243), ref: 00092066
GetProcAddress.KERNEL32(Creat), ref: 000921F4
GetProcAddress.KERNEL32(SetEv), ref: 00092306
GetProcAddress.KERNEL32(00006157), ref: 000924D3
GetProcAddress.KERNEL32(CloseHandleSetEv), ref: 000928DD
GetProcAddress.KERNEL32(65656C53), ref: 00092A92
_memset.LIBCMT ref: 00092DC4
CreateThread.KERNELBASE(00000000,00000000,000A7490,00000128,00000000,00000000), ref: 000939A6
CloseHandle.KERNELBASE(00000000,?,?,00000000), ref: 00093D76

Strings

SetEv, xrefs: 000922F9, 000922FF
]D87, xrefs: 00091130
Creat, xrefs: 000921C7, 000921E1
"}N, xrefs: 0009138B
eate, xrefs: 00091B01
2., xrefs: 00091B80
i}kN, xrefs: 000913BF
rSin, xrefs: 00091ABC
gl, xrefs: 00091B28
eObj, xrefs: 00091ADA
ead, xrefs: 00091A8B
dll, xrefs: 00091AED
CloseHandleSetEv, xrefs: 000928C6, 000928CC
A, xrefs: 00091B59
T+, xrefs: 0009552F
E, xrefs: 00091B79
Ker, xrefs: 00091DB6, 00091DBC
_W, xrefs: 00092C67, 00093620, 0009456C
fM, xrefs: 00091339
i, xrefs: 00091B72
vent, xrefs: 00091AA9
ct, xrefs: 00091AE4
eThr, xrefs: 00091B31
ent, xrefs: 00091A9F
p, xrefs: 00091B49
U;8, xrefs: 000947AE
8e#!, xrefs: 000918FA
e, xrefs: 00091B42
Slee, xrefs: 00091B1E
tF, xrefs: 00091B15
o, xrefs: 00091B52
nel3, xrefs: 00091A95
Wa, xrefs: 00091A82
Cr, xrefs: 00091B62

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: AddressProc$Handle$CloseCreateModuleThread_memset
String ID: U;8$"}N$2.$8e#!$A$CloseHandleSetEv$Cr$Creat$E$Ker$SetEv$Slee$T+$Wa$]D87$_W$ct$dll$e$eObj$eThr$ead$eate$ent$fM$gl$i$i}kN$nel3$o$p$rSin$tF$vent
API String ID: 3360259145-820725974
Opcode ID: ae522b3fdedfba4a37cefa263d950f3e8c59d554c7f3e0d6139ce7d3a72b2f1d
Instruction ID: a913a79d18f209ac143e5d8c752bfa2a09facc9aad7f30853cbe5675ce4077d1
Opcode Fuzzy Hash: ae522b3fdedfba4a37cefa263d950f3e8c59d554c7f3e0d6139ce7d3a72b2f1d
Instruction Fuzzy Hash: B7B34F31C11B998EE757CF769891269B378BF9A780F108397E8097A161FB7856C2DF00

Function 0009D8E0 Relevance: 10.8, APIs: 7, Instructions: 290
libraryloaderencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(00000000), ref: 0009DAD2
GetProcAddress.KERNEL32(00000000), ref: 0009DB2C
CryptGenRandom.ADVAPI32(00000004,?), ref: 0009DC5E
_rand.LIBCMT ref: 0009DD1E
_rand.LIBCMT ref: 0009DD25
_rand.LIBCMT ref: 0009DD30
_rand.LIBCMT ref: 0009DD37

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: _rand$AddressProc$CryptRandom
String ID:
API String ID: 2249235034-0
Opcode ID: 4907d214d13e62f09d02febcde177ed35ad43a5771ba600e4bb8f3bdf6a836bb
Instruction ID: eab191ec7f2a2d435a99cf3f25304a91068d3e7cc9b2466d87085ba42c008e0f
Opcode Fuzzy Hash: 4907d214d13e62f09d02febcde177ed35ad43a5771ba600e4bb8f3bdf6a836bb
Instruction Fuzzy Hash: 32D1C131C10A89DEEB02DFB5E8811ADB778FF5AB90B148317E8017B1A1E73955C1DB50

Function 000A21AD Relevance: 291.3, APIs: 123, Strings: 41, Instructions: 4260COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 000A2593
_memset.LIBCMT ref: 000A262A

Strings

jh/8, xrefs: 000A3364
h-3, xrefs: 000A4099
huA, xrefs: 000A4193
->`b, xrefs: 000A4AE3
hdC, xrefs: 000A580D
h!, xrefs: 000A2C03
hd8, xrefs: 000A52CF
h@4, xrefs: 000A3B75
hL8, xrefs: 000A278B
h4, xrefs: 000A4594
h0$, xrefs: 000A42BB
jjj, xrefs: 000A58FF
h|8, xrefs: 000A5688
h=$, xrefs: 000A517D
jz8, xrefs: 000A5AA2
xAt, xrefs: 000A2850
_W, xrefs: 000A79F6
h4E, xrefs: 000A2A3C
jh14, xrefs: 000A3670
h{C, xrefs: 000A47EA
jh+A, xrefs: 000A4D29
huE, xrefs: 000A4F38
h@3, xrefs: 000A44C9
C:\Windows\system32\config\systemprofile, xrefs: 000A5897
jh.7, xrefs: 000A38EA
j!h1, xrefs: 000A2881
huD, xrefs: 000A2AC9
h , xrefs: 000A489F
h$!, xrefs: 000A4BB8
jhUC, xrefs: 000A3EFF
hoF, xrefs: 000A48EA
h)#, xrefs: 000A559F
jjj, xrefs: 000A58F3
jhN4, xrefs: 000A3476
hDE, xrefs: 000A5286
)bg, xrefs: 000A37CD
yG_5, xrefs: 000A3049
hM$, xrefs: 000A3FC3
h", xrefs: 000A30E8
h#2, xrefs: 000A39AE
h%1, xrefs: 000A37F2

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: _malloc_memset
String ID: ->`b$C:\Windows\system32\config\systemprofile$_W$h#2$h$!$h%1$h)#$h-3$h0$$h4E$h=$$h@3$h@4$hDE$hL8$hM$$hd8$hdC$hoF$huA$huD$huE$h{C$h|8$h $h!$h"$h4$jhN4$jh+A$jh.7$jh/8$jh14$jhUC$j!h1$jjj$jjj$xAt$yG_5$)bg$jz8
API String ID: 4137368368-1823144531
Opcode ID: f48a69d68b357f6e3525a99f14710a9c423b6b8a0f4cbbb83bcd0ba72d9cd5f8
Instruction ID: 60a512aabee57ba054f16a8bf9134102c55f63ca52a1f29a65afd5d37ca32bc0
Opcode Fuzzy Hash: f48a69d68b357f6e3525a99f14710a9c423b6b8a0f4cbbb83bcd0ba72d9cd5f8
Instruction Fuzzy Hash: 3A93C031D00B889EE712DF75EC916A9B778BF5AB80F008356E9057B1A2FB7859C1DB10

Function 000A00B0 Relevance: 39.4, APIs: 19, Strings: 3, Instructions: 900
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExA.KERNEL32(000E44C8), ref: 000A0305
CreateDirectoryA.KERNELBASE(0000005C,00000000), ref: 000A0575

Part of subcall function 0009E550: _memset.LIBCMT ref: 0009E56E
Part of subcall function 0009E550: _free.LIBCMT ref: 0009E596

DeleteFileA.KERNELBASE(?,?,?,?,?,?,00000000), ref: 000A0698
RemoveDirectoryA.KERNELBASE(00000000,?,?,?,?,?,00000000), ref: 000A06CE
CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 000A07F4
_strcat.LIBCMT ref: 000A0806
CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 000A089E
__snprintf.LIBCMT ref: 000A09E9
CreateDirectoryA.KERNEL32(?,00000000), ref: 000A0AE1

Part of subcall function 0009E120: _malloc.LIBCMT ref: 0009E1CF

__snprintf.LIBCMT ref: 000A0A8E
_strcat.LIBCMT ref: 000A0B68
CreateDirectoryA.KERNEL32(?,00000000), ref: 000A0B9D
GetTempPathA.KERNEL32(00000104,?,?,?,?,?,?,00000000), ref: 000A0D22
_strcat.LIBCMT ref: 000A0E50
CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 000A0E8C
GetTempPathA.KERNEL32(00000104,?,?,?,?,?,?,00000000), ref: 000A0FB1
_strcat.LIBCMT ref: 000A0FD2
SetFileAttributesA.KERNELBASE(?,00000002,?,?,?,?,?,?,00000000), ref: 000A10C4
_memset.LIBCMT ref: 000A10D8

Strings

C:\qkcgyxexucxsiyk\, xrefs: 000A0801, 000A0B63, 000A0E4B, 000A0FCD
C:\Windows\system32\config\systemprofile, xrefs: 000A09DD, 000A0A7C
\, xrefs: 000A0DBC

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: Directory$Create$_strcat$FilePathTemp__snprintf_memset$AttributesDeleteRemoveVersion_free_malloc
String ID: C:\Windows\system32\config\systemprofile$C:\qkcgyxexucxsiyk\$\
API String ID: 1290010854-1658841855
Opcode ID: dd8fa9f2b06f0ce20d4a9852c0fa1803d46182b0f7eb2fbde668a931f33cac6d
Instruction ID: d5389b7472429f9c13bf92c6af372c429e2b1fe72ebd038c8d6318048974ddc3
Opcode Fuzzy Hash: dd8fa9f2b06f0ce20d4a9852c0fa1803d46182b0f7eb2fbde668a931f33cac6d
Instruction Fuzzy Hash: B692A131C11B8DAADB02DBB6DC8159DB778BF5A740F008356E905BB1A2FB3866C5DB10

Function 0009D090 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 174
registrysynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegisterServiceCtrlHandlerA.ADVAPI32(Function_0000CE40), ref: 0009D1D8
SetServiceStatus.SECHOST(000E4780), ref: 0009D214
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0009D27D
SetServiceStatus.ADVAPI32(000E4780), ref: 0009D2A4
WaitForSingleObject.KERNEL32(00001388), ref: 0009D2CD
SetServiceStatus.ADVAPI32(000E4780), ref: 0009D35F
CloseHandle.KERNEL32 ref: 0009D392
SetServiceStatus.ADVAPI32(000E4780), ref: 0009D401

Strings

>&|, xrefs: 0009D311
]/da, xrefs: 0009D224

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: Service$Status$CloseCreateCtrlEventHandleHandlerObjectRegisterSingleWait
String ID: ]/da$>&|
API String ID: 3399922960-1858257644
Opcode ID: 350e2a03a6d3f5e207688a9524fe0319fffe779edfcf748fc04320e6538ffed1
Instruction ID: 6b0ddd47aa186a09f915e172c22cae4f24d8e976691b791e64a0668f12872dd1
Opcode Fuzzy Hash: 350e2a03a6d3f5e207688a9524fe0319fffe779edfcf748fc04320e6538ffed1
Instruction Fuzzy Hash: 0D8163359006889EE706DF75EC99629BB78FF59B40F10831AE805BB260E7B956C0DF40

Function 0009A970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0009A9DD
_memset.LIBCMT ref: 0009A9EA
CreateProcessA.KERNELBASE(6F27C689,CE90F1CB,00000000,00000000,00000000,00000008,00000000,00000000,00000044,?), ref: 0009AA67
CloseHandle.KERNEL32(?), ref: 0009AA74
CloseHandle.KERNEL32(?), ref: 0009AAAB

Strings

D, xrefs: 0009AA06

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: CloseHandle_memset$CreateProcess
String ID: D
API String ID: 1151464618-2746444292
Opcode ID: 407ab93e636f140b6fb66fff08ed0a6ffae3343fe988ee2e9037f5e15f6798f8
Instruction ID: d1c9e9ebf23067b6d1a346c0f0df51c7c17dfd215f2a88d8105187498188a4be
Opcode Fuzzy Hash: 407ab93e636f140b6fb66fff08ed0a6ffae3343fe988ee2e9037f5e15f6798f8
Instruction Fuzzy Hash: 7E419D31D1068CEEEB02CFB5D88279CB7B8AF59740F108352E904BB1A1E7756A80DF44

Function 0009F0E0 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 527
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

C:\qkcgyxexucxsiyk\jqvkzish.exe, xrefs: 0009F9DC
h:A, xrefs: 0009F676
frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe", xrefs: 0009F9D7

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID:
String ID: C:\qkcgyxexucxsiyk\jqvkzish.exe$frrqzdvmnkqk "c:\qkcgyxexucxsiyk\bsiphbvc.exe"$h:A
API String ID: 0-429150623
Opcode ID: c354ae348527f774b98e8e56df775a77f03545ca6a12a6b4f66da777c882322a
Instruction ID: 94ec2c6125fb3bfb9259018306c09b528bd2cea5143273e175288a71cab6a1e0
Opcode Fuzzy Hash: c354ae348527f774b98e8e56df775a77f03545ca6a12a6b4f66da777c882322a
Instruction Fuzzy Hash: 4C32AF71C1068D9EDB02DFB5D8815ADB7B8BF59740F108716E805BB2A2FB386A81DF50

Function 000A18E0 Relevance: 9.1, APIs: 6, Instructions: 147
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?), ref: 000A1998
Process32First.KERNEL32(00000000,?), ref: 000A19BA
_strcat.LIBCMT ref: 000A1A12
Process32Next.KERNEL32(00000000,00000128), ref: 000A1AC5
CloseHandle.KERNELBASE(00000000), ref: 000A1B1A
_memset.LIBCMT ref: 000A1B2E

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset_strcat
String ID:
API String ID: 1640862104-0
Opcode ID: efc523016d4bebcb74af6743dcab815c5cd1426acabebcd730f6dcb286901fd7
Instruction ID: dd61443b050e1c4256be3655f37aed4ea615f61283fbf8685cc0816d9198fbb9
Opcode Fuzzy Hash: efc523016d4bebcb74af6743dcab815c5cd1426acabebcd730f6dcb286901fd7
Instruction Fuzzy Hash: 0A518F719002489BDB15CFB9D9855ADB7B8FF59700F04826AE904FB2A1E734AB84CF50

Function 000BD002 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 000BD01A

Part of subcall function 000BFFBC: __FF_MSGBANNER.LIBCMT ref: 000BFFD3
Part of subcall function 000BFFBC: __NMSG_WRITE.LIBCMT ref: 000BFFDA
Part of subcall function 000BFFBC: RtlAllocateHeap.NTDLL(?,00000000,00000001,00000000,00000000,00000000,?,000C1324,00000000,00000000,00000000,00000000,?,000C1BFD,00000018,000DFDC0), ref: 000BFFFF

std::exception::exception.LIBCMT ref: 000BD038
__CxxThrowException@8.LIBCMT ref: 000BD04D

Part of subcall function 000C0D5A: RaiseException.KERNEL32(?,?,000BCF8B,000000FF,00000000,00000000,?,?,?,?,000BCF8B,000000FF,000DFC5C,00000000), ref: 000C0DAF

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
String ID:
API String ID: 3074076210-0
Opcode ID: ccda11a2116184cd03758d5c3ecf3bf6ec28ade4202168879adeae362305f3be
Instruction ID: 3b8ab01c3f5849314f43f2252b9027987d585a38a484e47c39399d7ded898517
Opcode Fuzzy Hash: ccda11a2116184cd03758d5c3ecf3bf6ec28ade4202168879adeae362305f3be
Instruction Fuzzy Hash: 68E0E53490420EE6CB10BB94CC25EFEB7B8AF01300F0044ABF900A6293EB708A05D6A1

Function 0009E990 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 141sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000,?,?,?,0009F3A2), ref: 0009EB4F

Strings

q6[N, xrefs: 0009E9AA

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: Sleep
String ID: q6[N
API String ID: 3472027048-436890063
Opcode ID: a51e0bd5e7ebff57409a7fb13a814ef7d825536eaf478e25fac6832213a33548
Instruction ID: e6d519c24ac84a6992e436b04e9cc25dcaaf3d1a3a3acd3fb912631620be4a8f
Opcode Fuzzy Hash: a51e0bd5e7ebff57409a7fb13a814ef7d825536eaf478e25fac6832213a33548
Instruction Fuzzy Hash: 6851B331C10B899AEB03CFB9DC5155EB738BF9A780B048706E9057E1A2FB7856C1DB51

Function 000A1110 Relevance: 3.1, APIs: 2, Instructions: 83fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,C0000000,00000000,00000000,00000002,00000000,00000000), ref: 000A11E3
_memset.LIBCMT ref: 000A1211

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: CreateFile_memset
String ID:
API String ID: 3830271748-0
Opcode ID: a03f4314a4a7b7c943725d964b2e3307cbe5d3a8ca0b47d21de337d2ed9dc201
Instruction ID: 393348312141e4432fe710694fa0c39491ff9794025250518d58ce06f1419a0c
Opcode Fuzzy Hash: a03f4314a4a7b7c943725d964b2e3307cbe5d3a8ca0b47d21de337d2ed9dc201
Instruction Fuzzy Hash: 9C31D031C01B5D9ADB12DFB9AC417DEB738AF4A780F108352E9057A192EB785682CF50

Function 000B9860 Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 000BCF15
__CxxThrowException@8.LIBCMT ref: 000BCF2A

Part of subcall function 000BD002: _malloc.LIBCMT ref: 000BD01A

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID:
API String ID: 4063778783-0
Opcode ID: f54d8044d4db76a470347a4f1e0e9706a51113674cf51444eae4419a566dda8a
Instruction ID: 2ac90ca7192f9adce37d8dc16a64156ee361ef379273067a1223cec0a73523d3
Opcode Fuzzy Hash: f54d8044d4db76a470347a4f1e0e9706a51113674cf51444eae4419a566dda8a
Instruction Fuzzy Hash: 9DF0897060030997DF08BBA8CC56EEE73EC5B41310F40056AE525D6282EBB4EA048161

Function 000C0151 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 000C22E2: __getptd_noexit.LIBCMT ref: 000C22E2

__lock_file.LIBCMT ref: 000C0196

Part of subcall function 000C43BA: __lock.LIBCMT ref: 000C43DD

__fclose_nolock.LIBCMT ref: 000C01A1

Memory Dump Source

Source File: 00000002.00000002.2492655262.0000000000091000.00000020.00000001.01000000.00000005.sdmp, Offset: 00090000, based on PE: true

Associated: 00000002.00000002.2492625699.0000000000090000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492699873.00000000000D3000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E2000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492733790.00000000000E6000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000002.00000002.2492796893.00000000000E7000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_90000_bsiphbvc.jbxd

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: 4f4ad113e2c191e31a1798377b84c2328c27f0c332e73dae4bcded92174128b3
Instruction ID: 4b84ab398292ca07b35ee61a29c44831218aba7b559c54ddebbc24e2e4ba484d
Opcode Fuzzy Hash: 4f4ad113e2c191e31a1798377b84c2328c27f0c332e73dae4bcded92174128b3
Instruction Fuzzy Hash: D1F09631901605DAE7207F698801FEDA6D06F41331F2AC24DAC64AA1C3C77C8602DB51

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as `sc query` , `tasklist /svc` , `systemctl --type=service` , and `net start` .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DBROG0eWH7.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\qkcgyxexucxsiyk\emmz4mbuo0g

C:\qkcgyxexucxsiyk\bsiphbvc.exe

C:\qkcgyxexucxsiyk\ek5v3q1axkfpqwron.exe

C:\qkcgyxexucxsiyk\emmz4mbuo0g

C:\qkcgyxexucxsiyk\hjkz5m

C:\qkcgyxexucxsiyk\jqvkzish.exe

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
DBROG0eWH7.exe

Function 00D500B0 Relevance: 39.4, APIs: 19, Strings: 3, Instructions: 900
fileCOMMON

Function 00D4A590 Relevance: 9.2, APIs: 6, Instructions: 219
filesleepCOMMON

Function 00D62230 Relevance: 4.6, APIs: 3, Instructions: 88
memoryCOMMON

Function 00D70A9D Relevance: 19.6, APIs: 13, Instructions: 89
COMMON

Function 00D4FC60 Relevance: 12.2, APIs: 8, Instructions: 250
fileCOMMON

Function 00D4A970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109
processCOMMON

Function 00D4AB30 Relevance: 4.7, APIs: 3, Instructions: 211
fileCOMMON

Function 00D6D002 Relevance: 4.5, APIs: 3, Instructions: 29
COMMON

Function 00D4FB80 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58
COMMON

Function 00D6FC69 Relevance: 3.0, APIs: 2, Instructions: 7
COMMONLIBRARYCODE

Function 00D6FF22 Relevance: 1.5, APIs: 1, Instructions: 9
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre