Edit tour

Windows Analysis Report
CH2emxsgb7.msi

Overview

General Information

Sample name:	CH2emxsgb7.msi renamed because original name is a hash value
Original sample name:	911c7c676d8457767ff6d69ecefa1d79.msi
Analysis ID:	1582714
MD5:	911c7c676d8457767ff6d69ecefa1d79
SHA1:	d63ccdb60cd4db63a9ecca34b2e7120571df8a8e
SHA256:	b2332c274a55abe231d044ad4e3e64dd37bf3200314c209d5a91ff8ee800cc54
Tags:	msiuser-abuse_ch
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Performs DNS queries to domains with low reputation

Tries to resolve many domain names, but no domain seems valid

Checks for available system drives (often done to infect USB drives)

Connects to many different domains

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Executes massive DNS lookups (> 100)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w11x64_office

msiexec.exe (PID: 5548 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\CH2emxsgb7.msi" MD5: C0D3BDDE74C1EC82F75681D4D5ED44C8)

msiexec.exe (PID: 5552 cmdline: C:\Windows\system32\msiexec.exe /V MD5: C0D3BDDE74C1EC82F75681D4D5ED44C8)

msiexec.exe (PID: 2492 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 8B13F332C161E5AF2FCE42F1915DE773 MD5: FE653E9A818C22D7E744320F65A91C09)

icacls.exe (PID: 7988 cmdline: "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\." /SETINTEGRITYLEVEL (CI)(OI)HIGH MD5: DF132308B964322137C3AA6CD2705D24)

conhost.exe (PID: 7776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)

expand.exe (PID: 2880 cmdline: "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files MD5: 63860F134FE4705269CE653A673DBD88)

conhost.exe (PID: 6728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)

install.exe (PID: 1180 cmdline: "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe" /VERYSILENT /VERYSILENT MD5: 34281BDF47FBF9E5EACB560C90EF9DD3)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://uoigsiqmemcscosu.xyz:443/api/client_hello

Avira URL Cloud: Label: malware

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\374144fc37be4cfc995091726f5280c7$dpx$.tmp\fc2afe7abf0b084895c411b2655de9b1.tmp	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe (copy)	ReversingLabs: Detection: 26%

Multi AV Scanner detection for submitted file

Source: CH2emxsgb7.msi	Virustotal: Detection: 39%			Perma Link
Source: CH2emxsgb7.msi	ReversingLabs: Detection: 31%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 85.2% probability

Source:

Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: CH2emxsgb7.msi, 6c33d4.msi.4.dr, MSIAB7.tmp.4.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\	Jump to behavior

Networking

Performs DNS queries to domains with low reputation

Source:	DNS query: skyqsyyymyacyayc.xyz
Source:	DNS query: uoigsiqmemcscosu.xyz
Source:	DNS query: kuywuskkgqsigqqs.xyz
Source:	DNS query: auayomwkewcomwas.xyz
Source:	DNS query: iyaikmkkowcqemsi.xyz
Source:	DNS query: ggicikyqcaiyguee.xyz
Source:	DNS query: oqyaoykomyoygics.xyz
Source:	DNS query: eqakguiwiqacqiwg.xyz
Source:	DNS query: wgcaouuqqqwucogy.xyz
Source:	DNS query: ewacuagosgqmuocm.xyz
Source:	DNS query: wgqyouayikuyuqmk.xyz
Source:	DNS query: owaaygsacguucaye.xyz
Source:	DNS query: uwgicagyykoommga.xyz
Source:	DNS query: uiggameqqycugsqw.xyz
Source:	DNS query: goguooqkgysueime.xyz
Source:	DNS query: keosqeosukqcooco.xyz
Source:	DNS query: maoeeogmuauywsyu.xyz
Source:	DNS query: ismqaewykmoiguki.xyz
Source:	DNS query: wucwykasawokemaw.xyz
Source:	DNS query: ukmcqucewskcqygg.xyz
Source:	DNS query: qqqmeagkkosgcayo.xyz
Source:	DNS query: ysawassgkwqygmmq.xyz
Source:	DNS query: osaeyoiqoqawauga.xyz
Source:	DNS query: iagisciiyoemgwaa.xyz
Source:	DNS query: ymysimqoykwqeqiq.xyz
Source:	DNS query: ymmcwogyimsuqmcc.xyz
Source:	DNS query: osmoygyawqmmimkq.xyz
Source:	DNS query: immyecuqwkiyscys.xyz
Source:	DNS query: omsqkuiwcwoegooq.xyz
Source:	DNS query: ukaiiiyqoooycyqm.xyz
Source:	DNS query: isemauqkwwiumyky.xyz
Source:	DNS query: keguuyioweymiaws.xyz
Source:	DNS query: kwaywmaequkqccai.xyz
Source:	DNS query: yyimcoiwgckeakcm.xyz
Source:	DNS query: ekcwemuekgqsimae.xyz
Source:	DNS query: imigkomgmqgmakqk.xyz
Source:	DNS query: omasqkwqyskcagwi.xyz
Source:	DNS query: awyomscgweuqmgaw.xyz
Source:	DNS query: eyoyssauceguqwmk.xyz
Source:	DNS query: gwwcqeykmseicgaw.xyz
Source:	DNS query: qwywqgsmgaoiwsga.xyz
Source:	DNS query: ososwckwcqmmwqcy.xyz
Source:	DNS query: osaymwoggqqycmse.xyz
Source:	DNS query: oyewqwkusieeoqey.xyz
Source:	DNS query: ommwaqgaemsmcqwc.xyz
Source:	DNS query: cauewwukyywyqiei.xyz
Source:	DNS query: goeykqccmemkswom.xyz
Source:	DNS query: aksuakswwkiimamq.xyz
Source:	DNS query: isaeicumkcuwqmqq.xyz
Source:	DNS query: qiswokuokugiooky.xyz
Source:	DNS query: qiswcssocuqsaqkq.xyz
Source:	DNS query: qcyksokwumicscaa.xyz
Source:	DNS query: esiaisyasoaoqwki.xyz
Source:	DNS query: giqukkwwcwgqcisg.xyz
Source:	DNS query: ymqaaskiwomkucuy.xyz
Source:	DNS query: akueuaicusaoieiy.xyz
Source:	DNS query: sauygqecsusickcu.xyz
Source:	DNS query: kkwkgmcoawgaoiwg.xyz
Source:	DNS query: saumycuogqsqykes.xyz
Source:	DNS query: ukyokaigmmkumgoa.xyz
Source:	DNS query: eswweuycwwiiykwo.xyz
Source:	DNS query: uksgyqiqaaiaiesi.xyz
Source:	DNS query: smckcsaioceiyasu.xyz
Source:	DNS query: esimsqgcwwwmyoqc.xyz
Source:	DNS query: maiyuocqqiqiiskw.xyz
Source:	DNS query: smaaowemwiwggocu.xyz
Source:	DNS query: kwuuwgemogmuomwq.xyz
Source:	DNS query: ukicsmiwggcwksam.xyz
Source:	DNS query: gwamoggwyegsseao.xyz
Source:	DNS query: immcqsiceooqyaay.xyz
Source:	DNS query: kkcqgowgkcoyokcu.xyz
Source:	DNS query: kecgikusmakuksma.xyz
Source:	DNS query: ymuiggyusggsymoi.xyz
Source:	DNS query: uecouukwkuceyuwg.xyz
Source:	DNS query: eyoaceoookqskqmy.xyz
Source:	DNS query: awwomgcseeqwkkom.xyz
Source:	DNS query: keykoekseemyiewq.xyz
Source:	DNS query: ysiwwoeeaaskykaw.xyz
Source:	DNS query: kwmcuwccqmuecgea.xyz
Source:	DNS query: gwyooeiscmwguqms.xyz
Source:	DNS query: wuokiysmiucoucak.xyz
Source:	DNS query: wuuiumemmigyyauq.xyz
Source:	DNS query: acwomuuukiomgqkm.xyz
Source:	DNS query: muwqwgaaymomgwmi.xyz
Source:	DNS query: omgcoecwsqiuqyug.xyz
Source:	DNS query: kqmsgskwgemyueya.xyz
Source:	DNS query: eyiyueewuaqmmwcm.xyz
Source:	DNS query: gwoyamckoqoaauoq.xyz
Source:	DNS query: qwqsoyoqkymakowm.xyz
Source:	DNS query: gcmiymmqgwuquokm.xyz
Source:	DNS query: ymseciekayuweoww.xyz
Source:	DNS query: oyocwswugeiqqyoo.xyz
Source:	DNS query: omgooecquoweeomo.xyz
Source:	DNS query: imgeoyougkmmeuec.xyz
Source:	DNS query: smoswyoekkccyuga.xyz
Source:	DNS query: suwkomiqcykeyako.xyz
Source:	DNS query: smwsugycuuckemue.xyz
Source:	DNS query: qigcqiaomwieqwka.xyz
Source:	DNS query: oekcyqqggaegsesm.xyz
Source:	DNS query: qcoysaaooaiccqyu.xyz
Source:	DNS query: mismuqiygyeysaoo.xyz
Source:	DNS query: wockoyekyageakcg.xyz
Source:	DNS query: ososokqeakgguwsq.xyz
Source:	DNS query: wcgqccqcugomywua.xyz
Source:	DNS query: aqaqgemescmwsqks.xyz
Source:	DNS query: aqiwocaywcswuwsq.xyz
Source:	DNS query: aqgmgoqcoqqkguyk.xyz
Source:	DNS query: oywgqkusocouysua.xyz
Source:	DNS query: uyygagweoagcuqky.xyz
Source:	DNS query: muiccguyaeaqwweg.xyz
Source:	DNS query: qiqueqokwqqgwwci.xyz
Source:	DNS query: uygmgoymcwcgkios.xyz
Source:	DNS query: qiyggmguowygeooc.xyz
Source:	DNS query: acacoiqgoimayqwm.xyz
Source:	DNS query: smisyqewaummmwoc.xyz
Source:	DNS query: mumuqocoisaucwmq.xyz
Source:	DNS query: qqoawmqqwqcusmee.xyz
Source:	DNS query: qcygacuamqqugcck.xyz
Source:	DNS query: kkiigoymgkmoggoq.xyz
Source:	DNS query: qqmicqemgcgieoau.xyz
Source:	DNS query: sagymwuwgeucsmac.xyz
Source:	DNS query: igmqooiwioymwkcm.xyz
Source:	DNS query: osyqameakgkceeog.xyz
Source:	DNS query: sgigamoeiwksoecq.xyz
Source:	DNS query: keckssemmeoqieqe.xyz
Source:	DNS query: caysswwugsmkeksw.xyz
Source:	DNS query: cgiamwsqgcmqgqse.xyz
Source:	DNS query: uyeqwcuyimescesu.xyz
Source:	DNS query: ekiwqiyewuiqoemo.xyz
Source:	DNS query: oeakuqueisysswcg.xyz
Source:	DNS query: acemcwecgiqcukys.xyz
Source:	DNS query: qcwaiaiqiwcakawa.xyz
Source:	DNS query: esyiocqieemagwmo.xyz
Source:	DNS query: kqsakygykwusqams.xyz
Source:	DNS query: ymygkkggyigeqcqe.xyz
Source:	DNS query: qqqkagyoymmosuyo.xyz
Source:	DNS query: moiimkscmiswaesw.xyz
Source:	DNS query: igkiociagqsacmwa.xyz
Source:	DNS query: ymugwyokyyccykmw.xyz
Source:	DNS query: gieksqwccmmqkemm.xyz
Source:	DNS query: iaueigwgocakgsku.xyz
Source:	DNS query: sgsasqgwayeckgoy.xyz
Source:	DNS query: kwogawueykiiumao.xyz
Source:	DNS query: iagmkeayqmuowswy.xyz
Source:	DNS query: yyyagyakeciucagk.xyz
Source:	DNS query: isukyiwyscosaaqc.xyz
Source:	DNS query: goicqsmskkygkkka.xyz
Source:	DNS query: awacwkqgsoomimye.xyz
Source:	DNS query: iaawaweqwceogamg.xyz
Source:	DNS query: kqueagsoikuyocca.xyz
Source:	DNS query: momoqikcaksewaua.xyz
Source:	DNS query: suagiqkqmkgysmiw.xyz
Source:	DNS query: gcwequgwyimwymsa.xyz
Source:	DNS query: igywsgwooemqiuss.xyz
Source:	DNS query: wikiagqsmeeaeegy.xyz
Source:	DNS query: eeoeukoqgiwsumsu.xyz
Source:	DNS query: ygooiessycewaocg.xyz
Source:	DNS query: qcqgssmagywqcgws.xyz
Source:	DNS query: goiikukwyyauemqc.xyz
Source:	DNS query: comuwmkimocayeeu.xyz
Source:	DNS query: isgasoomksiwqcmg.xyz
Source:	DNS query: qigismmgwsiseyuu.xyz
Source:	DNS query: wuqggcwmoscwykwg.xyz
Source:	DNS query: qceawaaswmsuekmu.xyz
Source:	DNS query: ygucsucmagwqsqcu.xyz
Source:	DNS query: giuccqyqokookyue.xyz
Source:	DNS query: gceesusqmuockkgw.xyz
Source:	DNS query: ygesoycecmkuwayg.xyz
Source:	DNS query: sasqgsyksiccuuws.xyz
Source:	DNS query: qwggykgwkqoceiuo.xyz
Source:	DNS query: wiguisuayimaukgu.xyz
Source:	DNS query: qcwcgegyyieaoqca.xyz
Source:	DNS query: gwcyyawigmwceaqi.xyz
Source:	DNS query: mueuwcqsioowsmce.xyz
Source:	DNS query: qiewcykmuuacuoyk.xyz
Source:	DNS query: coayaokeissieqcc.xyz
Source:	DNS query: oeooiqokqsqcsaig.xyz
Source:	DNS query: masegmsiqgamiugm.xyz
Source:	DNS query: smwywssyyaciqkae.xyz
Source:	DNS query: aweqoooqomueeiwi.xyz
Source:	DNS query: akasikewaomyiwqk.xyz
Source:	DNS query: oyyamqygcecqocmq.xyz
Source:	DNS query: qwikoqqgiayyuakq.xyz
Source:	DNS query: miqcugomwgmygyoq.xyz
Source:	DNS query: wiccyamsgmuqoeoy.xyz
Source:	DNS query: ymeiqyyqqyaaygie.xyz
Source:	DNS query: wiomcwmascsigags.xyz
Source:	DNS query: awgyuqqswicwkqcs.xyz
Source:	DNS query: iacisiamimiiqyeo.xyz
Source:	DNS query: wogawoqysgiockwa.xyz
Source:	DNS query: mayykkuyeuiggyws.xyz
Source:	DNS query: cosaygigqegeyewi.xyz
Source:	DNS query: ekqyosgcumkcecmo.xyz
Source:	DNS query: qimmkmaumumswocw.xyz
Source:	DNS query: acqaagqgmsmeouce.xyz
Source:	DNS query: awasockiaymagmci.xyz
Source:	DNS query: akuyqkmomwqyiyow.xyz
Source:	DNS query: caceukeeygaaqaec.xyz
Source:	DNS query: qwcaikouwwekssco.xyz
Source:	DNS query: qqioykeogcwkowgq.xyz
Source:	DNS query: igeqissugeuswaus.xyz
Source:	DNS query: osoawyeyassgycgy.xyz
Source:	DNS query: cuaumuqcoeegomsq.xyz
Source:	DNS query: oyogquqkmyqwwkuq.xyz
Source:	DNS query: gwyougsgeaaoiumg.xyz
Source:	DNS query: ukeoemaaimqyuais.xyz
Source:	DNS query: oewuwcsmaacckewa.xyz
Source:	DNS query: esykokiigsgwcwsa.xyz
Source:	DNS query: ekgqymkkqiwogqsy.xyz
Source:	DNS query: wueossewygqoakoq.xyz
Source:	DNS query: isceiesauogasmoo.xyz
Source:	DNS query: giscmywoiaqmqcmw.xyz
Source:	DNS query: uyqweoyukcewugsu.xyz
Source:	DNS query: imuscegymggagewg.xyz
Source:	DNS query: wgesgakysuqaewik.xyz
Source:	DNS query: uwoyyqgiwowysqou.xyz
Source:	DNS query: syaouwwyoaemeekm.xyz
Source:	DNS query: aoscugususamokuy.xyz
Source:	DNS query: qucyaygweeasqeoy.xyz
Source:	DNS query: uiwwamyuymycooey.xyz
Source:	DNS query: iygukwyuqwiuoqmi.xyz
Source:	DNS query: koaeaguekwcaousw.xyz
Source:	DNS query: skssioqkemoiieaa.xyz
Source:	DNS query: yewomygmueegmoqi.xyz
Source:	DNS query: kuyoukwwacqkcoyo.xyz
Source:	DNS query: gmcqgmkyguwkskyg.xyz
Source:	DNS query: mygiqcqokowwmgqq.xyz
Source:	DNS query: cymogqmasaiiwmww.xyz
Source:	DNS query: iykumkamcykgicyi.xyz
Source:	DNS query: cyemcqwkasuimkgs.xyz
Source:	DNS query: ieqeeiggkuqcomyo.xyz
Source:	DNS query: ssmkyomikukusksu.xyz
Source:	DNS query: kimakioiwmawksiw.xyz
Source:	DNS query: qumssmeysccykkyo.xyz
Source:	DNS query: ykuoaucocogcwoky.xyz
Source:	DNS query: semyssioekmosauo.xyz
Source:	DNS query: aiiqyyikowqaygwy.xyz
Source:	DNS query: kouumoyqiuckkcau.xyz
Source:	DNS query: qgwkkkyicoqmooqu.xyz
Source:	DNS query: uwwcocucusmeguaw.xyz
Source:	DNS query: cekggiciueyeyoku.xyz
Source:	DNS query: iqqeoamqwiuiyuua.xyz
Source:	DNS query: uokqmokseqqakiui.xyz
Source:	DNS query: cyqqgacqkowwkqqe.xyz
Source:	DNS query: cmqqeimyycgqwsgg.xyz
Source:	DNS query: wmgeoqqiwqcmimwu.xyz
Source:	DNS query: quyckaioggawuois.xyz
Source:	DNS query: eqciawooemoueyqu.xyz
Source:	DNS query: oqoaumkywacmuwwm.xyz
Source:	DNS query: ewueyekksqksycww.xyz
Source:	DNS query: csmasucykosuwouy.xyz
Source:	DNS query: seeogeqwsqmsoaqe.xyz
Source:	DNS query: gusmkkaiomeeqaiy.xyz
Source:	DNS query: msyecoiqeyqeiquy.xyz
Source:	DNS query: skawoueawceoywsy.xyz
Source:	DNS query: iyuaqococuqcsgii.xyz
Source:	DNS query: kuyaasckcgacyesi.xyz
Source:	DNS query: aaeqiiecqqumcgky.xyz
Source:	DNS query: aawiysageawcoyok.xyz
Source:	DNS query: yqysoaosqewciiww.xyz
Source:	DNS query: yessywkwcwmyewqe.xyz
Source:	DNS query: aueiqscgeicewaoo.xyz
Source:	DNS query: uccsgcekiwcyucou.xyz
Source:	DNS query: aiumyocycyyikiwc.xyz
Source:	DNS query: aoqayemwgmsyuimi.xyz
Source:	DNS query: mmiowgeswucumqae.xyz
Source:	DNS query: mmiugosumuqmuqoc.xyz
Source:	DNS query: ecqisawmymscauow.xyz
Source:	DNS query: iyoqqeicqoquiqka.xyz
Source:	DNS query: ecoqwiswmwqokmay.xyz
Source:	DNS query: ceckmwoyqkwgeoqg.xyz
Source:	DNS query: kcoiygiwuyqyaoku.xyz
Source:	DNS query: aaeyckqsgmiqsgew.xyz
Source:	DNS query: qgaiosyouwwkgsmm.xyz
Source:	DNS query: ocqseueommkkqcgs.xyz
Source:	DNS query: owmesaosmycoeceq.xyz
Source:	DNS query: qokauaicweuwscac.xyz
Source:	DNS query: sewmmwqeyauowwwo.xyz
Source:	DNS query: mmgowiccqoeomagq.xyz
Source:	DNS query: kcwiywyygywkkysk.xyz
Source:	DNS query: syiysgiqgqggqkoc.xyz
Source:	DNS query: ykuasckuceswseig.xyz
Source:	DNS query: quugmiumsieaiyys.xyz
Source:	DNS query: ikqywgcqaggogqsa.xyz
Source:	DNS query: eqyamamqwsseyoig.xyz
Source:	DNS query: seqkawokggwucsui.xyz
Source:	DNS query: gmqeqkcqackwkgao.xyz
Source:	DNS query: guowewgekuoqacyy.xyz
Source:	DNS query: aaokyscqeecowaci.xyz
Source:	DNS query: ywywwwgwekicgico.xyz
Source:	DNS query: wsisaoaauqwmuomg.xyz
Source:	DNS query: koouumcuucaeakye.xyz
Source:	DNS query: okccisioeycusekg.xyz
Source:	DNS query: cymymsciyaiacwgw.xyz
Source:	DNS query: aoyeoimcuuqakckw.xyz
Source:	DNS query: qoaweokuqggaymks.xyz
Source:	DNS query: ewuyacewswkoueqw.xyz
Source:	DNS query: kiuymkmaomciimcc.xyz
Source:	DNS query: oqaiyaoqwyeswaiy.xyz
Source:	DNS query: koyokggaqsagggym.xyz
Source:	DNS query: cmsuagygagqceocm.xyz
Source:	DNS query: uisgoqaoksgqsqyg.xyz
Source:	DNS query: ocgcqsagaakgkcma.xyz
Source:	DNS query: okgigkmiieweagia.xyz
Source:	DNS query: skiwkmaaeeiqqgee.xyz
Source:	DNS query: aagokgyaswscyaeu.xyz
Source:	DNS query: gmciuwiycsqycggy.xyz

Tries to resolve many domain names, but no domain seems valid

Source: unknown	DNS traffic detected: query: kwaywmaequkqccai.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyuaqococuqcsgii.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yqysoaosqewciiww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecoqwiswmwqokmay.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwwcqeykmseicgaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iaawaweqwceogamg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuyaasckcgacyesi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqmsgskwgemyueya.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qumssmeysccykkyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esykokiigsgwcwsa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aueiqscgeicewaoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwamoggwyegsseao.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: quyckaioggawuois.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: miqcugomwgmygyoq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cgiamwsqgcmqgqse.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aagokgyaswscyaeu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymysimqoykwqeqiq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmiugosumuqmuqoc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gmqeqkcqackwkgao.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sewmmwqeyauowwwo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymseciekayuweoww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwywqgsmgaoiwsga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ikqywgcqaggogqsa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acwomuuukiomgqkm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoyeoimcuuqakckw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gieksqwccmmqkemm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kqsakygykwusqams.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keckssemmeoqieqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyewqwkusieeoqey.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiswokuokugiooky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyqweoyukcewugsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gusmkkaiomeeqaiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwggykgwkqoceiuo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: owmesaosmycoeceq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykuasckuceswseig.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ismqaewykmoiguki.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqaiyaoqwyeswaiy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esyiocqieemagwmo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymugwyokyyccykmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ewuyacewswkoueqw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keosqeosukqcooco.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isemauqkwwiumyky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uygmgoymcwcgkios.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: muiccguyaeaqwweg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoqayemwgmsyuimi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgcaouuqqqwucogy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuqggcwmoscwykwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ocgcqsagaakgkcma.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uyygagweoagcuqky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: imuscegymggagewg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aiiqyyikowqaygwy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igywsgwooemqiuss.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyqqgacqkowwkqqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aoscugususamokuy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qoaweokuqggaymks.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: giscmywoiaqmqcmw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mumuqocoisaucwmq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eyoyssauceguqwmk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mayykkuyeuiggyws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: momoqikcaksewaua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mmgowiccqoeomagq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wiguisuayimaukgu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ososwckwcqmmwqcy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwogawueykiiumao.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aksuakswwkiimamq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mygiqcqokowwmgqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skssioqkemoiieaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sagymwuwgeucsmac.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwikoqqgiayyuakq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wmgeoqqiwqcmimwu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goicqsmskkygkkka.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cmqqeimyycgqwsgg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymygkkggyigeqcqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koaeaguekwcaousw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiswcssocuqsaqkq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: csmasucykosuwouy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esiaisyasoaoqwki.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyogquqkmyqwwkuq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: giuccqyqokookyue.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: esimsqgcwwwmyoqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: skyqsyyymyacyayc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qceawaaswmsuekmu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uisgoqaoksgqsqyg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kkcqgowgkcoyokcu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uwwcocucusmeguaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ieqeeiggkuqcomyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: comuwmkimocayeeu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ukicsmiwggcwksam.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awwomgcseeqwkkom.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osaymwoggqqycmse.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aqgmgoqcoqqkguyk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cymogqmasaiiwmww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: keguuyioweymiaws.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omgooecquoweeomo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qigismmgwsiseyuu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qucyaygweeasqeoy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcwaiaiqiwcakawa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gceesusqmuockkgw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: seqkawokggwucsui.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuywuskkgqsigqqs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iacisiamimiiqyeo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oywgqkusocouysua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: awasockiaymagmci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ekcwemuekgqsimae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: msyecoiqeyqeiquy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ygesoycecmkuwayg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aaeyckqsgmiqsgew.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: guowewgekuoqacyy.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: omgcoecwsqiuqyug.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ggicikyqcaiyguee.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oqoaumkywacmuwwm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iyaikmkkowcqemsi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcygacuamqqugcck.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wgqyouayikuyuqmk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: yessywkwcwmyewqe.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ewueyekksqksycww.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oyyamqygcecqocmq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oeakuqueisysswcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wogawoqysgiockwa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqioykeogcwkowgq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smoswyoekkccyuga.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aaokyscqeecowaci.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: giqukkwwcwgqcisg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: masegmsiqgamiugm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qgwkkkyicoqmooqu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iygukwyuqwiuoqmi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ecqisawmymscauow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isaeicumkcuwqmqq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ysiwwoeeaaskykaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iaueigwgocakgsku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymeiqyyqqyaaygie.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eqakguiwiqacqiwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mismuqiygyeysaoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wockoyekyageakcg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isceiesauogasmoo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osmoygyawqmmimkq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gcwequgwyimwymsa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kiuymkmaomciimcc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: akuyqkmomwqyiyow.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qiewcykmuuacuoyk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iagisciiyoemgwaa.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sauygqecsusickcu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: osyqameakgkceeog.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: maiyuocqqiqiiskw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wucwykasawokemaw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: suagiqkqmkgysmiw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kuyoukwwacqkcoyo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: oekcyqqggaegsesm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qwqsoyoqkymakowm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smwsugycuuckemue.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: coayaokeissieqcc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qimmkmaumumswocw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: maoeeogmuauywsyu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: mueuwcqsioowsmce.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: smwywssyyaciqkae.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqoawmqqwqcusmee.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: imigkomgmqgmakqk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cauewwukyywyqiei.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cyemcqwkasuimkgs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kwmcuwccqmuecgea.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ysawassgkwqygmmq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ewacuagosgqmuocm.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acqaagqgmsmeouce.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ymmcwogyimsuqmcc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eeoeukoqgiwsumsu.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: goiikukwyyauemqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: aiumyocycyyikiwc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sgigamoeiwksoecq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: acemcwecgiqcukys.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ocqseueommkkqcgs.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qcwcgegyyieaoqca.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kcwiywyygywkkysk.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: qqmicqemgcgieoau.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: koouumcuucaeakye.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wcgqccqcugomywua.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wsisaoaauqwmuomg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: isukyiwyscosaaqc.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ykuoaucocogcwoky.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cuaumuqcoeegomsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: eswweuycwwiiykwo.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: gwyougsgeaaoiumg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: iykumkamcykgicyi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: okgigkmiieweagia.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uecouukwkuceyuwg.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: kecgikusmakuksma.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: cekggiciueyeyoku.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uksgyqiqaaiaiesi.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uiggameqqycugsqw.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: immcqsiceooqyaay.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: ososokqeakgguwsq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: igeqissugeuswaus.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: wuuiumemmigyyauq.xyz replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: uiwwamyuymycooey.xyz replaycode: Name error (3)

Source: unknown

Network traffic detected: DNS query count 307

Source: global traffic

DNS traffic detected: number of DNS queries: 307

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /api/client_hello HTTP/1.1Accept: */*Connection: closeHost: uoigsiqmemcscosu.xyz:443User-Agent: cpp-httplib/0.12.1

Source: global traffic	DNS traffic detected: DNS query: skyqsyyymyacyayc.xyz
Source: global traffic	DNS traffic detected: DNS query: uoigsiqmemcscosu.xyz
Source: global traffic	DNS traffic detected: DNS query: kuywuskkgqsigqqs.xyz
Source: global traffic	DNS traffic detected: DNS query: auayomwkewcomwas.xyz
Source: global traffic	DNS traffic detected: DNS query: iyaikmkkowcqemsi.xyz
Source: global traffic	DNS traffic detected: DNS query: ggicikyqcaiyguee.xyz
Source: global traffic	DNS traffic detected: DNS query: oqyaoykomyoygics.xyz
Source: global traffic	DNS traffic detected: DNS query: eqakguiwiqacqiwg.xyz
Source: global traffic	DNS traffic detected: DNS query: wgcaouuqqqwucogy.xyz
Source: global traffic	DNS traffic detected: DNS query: ewacuagosgqmuocm.xyz
Source: global traffic	DNS traffic detected: DNS query: wgqyouayikuyuqmk.xyz
Source: global traffic	DNS traffic detected: DNS query: owaaygsacguucaye.xyz
Source: global traffic	DNS traffic detected: DNS query: uwgicagyykoommga.xyz
Source: global traffic	DNS traffic detected: DNS query: uiggameqqycugsqw.xyz
Source: global traffic	DNS traffic detected: DNS query: goguooqkgysueime.xyz
Source: global traffic	DNS traffic detected: DNS query: keosqeosukqcooco.xyz
Source: global traffic	DNS traffic detected: DNS query: maoeeogmuauywsyu.xyz
Source: global traffic	DNS traffic detected: DNS query: ismqaewykmoiguki.xyz
Source: global traffic	DNS traffic detected: DNS query: wucwykasawokemaw.xyz
Source: global traffic	DNS traffic detected: DNS query: ukmcqucewskcqygg.xyz
Source: global traffic	DNS traffic detected: DNS query: qqqmeagkkosgcayo.xyz
Source: global traffic	DNS traffic detected: DNS query: ysawassgkwqygmmq.xyz
Source: global traffic	DNS traffic detected: DNS query: osaeyoiqoqawauga.xyz
Source: global traffic	DNS traffic detected: DNS query: iagisciiyoemgwaa.xyz
Source: global traffic	DNS traffic detected: DNS query: ymysimqoykwqeqiq.xyz
Source: global traffic	DNS traffic detected: DNS query: ymmcwogyimsuqmcc.xyz
Source: global traffic	DNS traffic detected: DNS query: osmoygyawqmmimkq.xyz
Source: global traffic	DNS traffic detected: DNS query: immyecuqwkiyscys.xyz
Source: global traffic	DNS traffic detected: DNS query: omsqkuiwcwoegooq.xyz
Source: global traffic	DNS traffic detected: DNS query: ukaiiiyqoooycyqm.xyz
Source: global traffic	DNS traffic detected: DNS query: isemauqkwwiumyky.xyz
Source: global traffic	DNS traffic detected: DNS query: keguuyioweymiaws.xyz
Source: global traffic	DNS traffic detected: DNS query: kwaywmaequkqccai.xyz
Source: global traffic	DNS traffic detected: DNS query: yyimcoiwgckeakcm.xyz
Source: global traffic	DNS traffic detected: DNS query: ekcwemuekgqsimae.xyz
Source: global traffic	DNS traffic detected: DNS query: imigkomgmqgmakqk.xyz
Source: global traffic	DNS traffic detected: DNS query: omasqkwqyskcagwi.xyz
Source: global traffic	DNS traffic detected: DNS query: awyomscgweuqmgaw.xyz
Source: global traffic	DNS traffic detected: DNS query: eyoyssauceguqwmk.xyz
Source: global traffic	DNS traffic detected: DNS query: gwwcqeykmseicgaw.xyz
Source: global traffic	DNS traffic detected: DNS query: qwywqgsmgaoiwsga.xyz
Source: global traffic	DNS traffic detected: DNS query: ososwckwcqmmwqcy.xyz
Source: global traffic	DNS traffic detected: DNS query: osaymwoggqqycmse.xyz
Source: global traffic	DNS traffic detected: DNS query: oyewqwkusieeoqey.xyz
Source: global traffic	DNS traffic detected: DNS query: ommwaqgaemsmcqwc.xyz
Source: global traffic	DNS traffic detected: DNS query: cauewwukyywyqiei.xyz
Source: global traffic	DNS traffic detected: DNS query: goeykqccmemkswom.xyz
Source: global traffic	DNS traffic detected: DNS query: aksuakswwkiimamq.xyz
Source: global traffic	DNS traffic detected: DNS query: isaeicumkcuwqmqq.xyz
Source: global traffic	DNS traffic detected: DNS query: qiswokuokugiooky.xyz
Source: global traffic	DNS traffic detected: DNS query: qiswcssocuqsaqkq.xyz
Source: global traffic	DNS traffic detected: DNS query: qcyksokwumicscaa.xyz
Source: global traffic	DNS traffic detected: DNS query: esiaisyasoaoqwki.xyz
Source: global traffic	DNS traffic detected: DNS query: giqukkwwcwgqcisg.xyz
Source: global traffic	DNS traffic detected: DNS query: ymqaaskiwomkucuy.xyz
Source: global traffic	DNS traffic detected: DNS query: akueuaicusaoieiy.xyz
Source: global traffic	DNS traffic detected: DNS query: sauygqecsusickcu.xyz
Source: global traffic	DNS traffic detected: DNS query: kkwkgmcoawgaoiwg.xyz
Source: global traffic	DNS traffic detected: DNS query: saumycuogqsqykes.xyz
Source: global traffic	DNS traffic detected: DNS query: ukyokaigmmkumgoa.xyz
Source: global traffic	DNS traffic detected: DNS query: eswweuycwwiiykwo.xyz
Source: global traffic	DNS traffic detected: DNS query: uksgyqiqaaiaiesi.xyz
Source: global traffic	DNS traffic detected: DNS query: smckcsaioceiyasu.xyz
Source: global traffic	DNS traffic detected: DNS query: esimsqgcwwwmyoqc.xyz
Source: global traffic	DNS traffic detected: DNS query: maiyuocqqiqiiskw.xyz
Source: global traffic	DNS traffic detected: DNS query: smaaowemwiwggocu.xyz
Source: global traffic	DNS traffic detected: DNS query: kwuuwgemogmuomwq.xyz
Source: global traffic	DNS traffic detected: DNS query: ukicsmiwggcwksam.xyz
Source: global traffic	DNS traffic detected: DNS query: gwamoggwyegsseao.xyz
Source: global traffic	DNS traffic detected: DNS query: immcqsiceooqyaay.xyz
Source: global traffic	DNS traffic detected: DNS query: kkcqgowgkcoyokcu.xyz
Source: global traffic	DNS traffic detected: DNS query: kecgikusmakuksma.xyz
Source: global traffic	DNS traffic detected: DNS query: ymuiggyusggsymoi.xyz
Source: global traffic	DNS traffic detected: DNS query: uecouukwkuceyuwg.xyz
Source: global traffic	DNS traffic detected: DNS query: eyoaceoookqskqmy.xyz
Source: global traffic	DNS traffic detected: DNS query: awwomgcseeqwkkom.xyz
Source: global traffic	DNS traffic detected: DNS query: keykoekseemyiewq.xyz
Source: global traffic	DNS traffic detected: DNS query: ysiwwoeeaaskykaw.xyz
Source: global traffic	DNS traffic detected: DNS query: kwmcuwccqmuecgea.xyz
Source: global traffic	DNS traffic detected: DNS query: gwyooeiscmwguqms.xyz
Source: global traffic	DNS traffic detected: DNS query: wuokiysmiucoucak.xyz
Source: global traffic	DNS traffic detected: DNS query: wuuiumemmigyyauq.xyz
Source: global traffic	DNS traffic detected: DNS query: acwomuuukiomgqkm.xyz
Source: global traffic	DNS traffic detected: DNS query: muwqwgaaymomgwmi.xyz
Source: global traffic	DNS traffic detected: DNS query: omgcoecwsqiuqyug.xyz
Source: global traffic	DNS traffic detected: DNS query: kqmsgskwgemyueya.xyz
Source: global traffic	DNS traffic detected: DNS query: eyiyueewuaqmmwcm.xyz
Source: global traffic	DNS traffic detected: DNS query: gwoyamckoqoaauoq.xyz
Source: global traffic	DNS traffic detected: DNS query: qwqsoyoqkymakowm.xyz
Source: global traffic	DNS traffic detected: DNS query: gcmiymmqgwuquokm.xyz
Source: global traffic	DNS traffic detected: DNS query: ymseciekayuweoww.xyz
Source: global traffic	DNS traffic detected: DNS query: oyocwswugeiqqyoo.xyz
Source: global traffic	DNS traffic detected: DNS query: omgooecquoweeomo.xyz
Source: global traffic	DNS traffic detected: DNS query: imgeoyougkmmeuec.xyz
Source: global traffic	DNS traffic detected: DNS query: smoswyoekkccyuga.xyz
Source: global traffic	DNS traffic detected: DNS query: suwkomiqcykeyako.xyz
Source: global traffic	DNS traffic detected: DNS query: smwsugycuuckemue.xyz
Source: global traffic	DNS traffic detected: DNS query: qigcqiaomwieqwka.xyz
Source: global traffic	DNS traffic detected: DNS query: oekcyqqggaegsesm.xyz
Source: global traffic	DNS traffic detected: DNS query: qcoysaaooaiccqyu.xyz

Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6c33d4.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{EC0B7729-7E31-4A40-84C7-A7BC5EBB8C41}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SystemTemp\~DF6D82FCD56D3FCB17.TMP	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SystemTemp\~DF180919B16B293FC2.TMP	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB7.tmp	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006CB430	12_2_006CB430
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006C1000	12_2_006C1000
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D1C00	12_2_006D1C00
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006CA960	12_2_006CA960
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006E0945	12_2_006E0945
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006C5510	12_2_006C5510
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006CD9C0	12_2_006CD9C0
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006C85D0	12_2_006C85D0
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D2DD0	12_2_006D2DD0
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006C6E40	12_2_006C6E40
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006C1E50	12_2_006C1E50
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006C22F0	12_2_006C22F0
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006C9E90	12_2_006C9E90
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006C7710	12_2_006C7710
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006CA310	12_2_006CA310
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D1710	12_2_006D1710
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D0F90	12_2_006D0F90

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\374144fc37be4cfc995091726f5280c7$dpx$.tmp\fc2afe7abf0b084895c411b2655de9b1.tmp 6D2C0DAB5D6A082828908A2B7063726BD2FE5E818BC6D4E9D028E23BBA85923E
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe (copy) 6D2C0DAB5D6A082828908A2B7063726BD2FE5E818BC6D4E9D028E23BBA85923E
Source: Joe Sandbox View	Dropped File: C:\Windows\Installer\MSIAB7.tmp FD622CF73EA951A6DE631063ABA856487D77745DD1500ADCA61902B8DDE56FE1

Source: classification engine

Classification label: mal76.troj.winMSI@12/12@307/1

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6728:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7776:120:WilError_03

Source: C:\Windows\SysWOW64\msiexec.exe

File created: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File read: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\msiwrapper.ini

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: CH2emxsgb7.msi	Virustotal: Detection: 39%
Source: CH2emxsgb7.msi	ReversingLabs: Detection: 31%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\CH2emxsgb7.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8B13F332C161E5AF2FCE42F1915DE773
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
Source: C:\Windows\SysWOW64\expand.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe" /VERYSILENT /VERYSILENT
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8B13F332C161E5AF2FCE42F1915DE773	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\." /SETINTEGRITYLEVEL (CI)(OI)HIGH	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe" /VERYSILENT /VERYSILENT	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wscapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: appidapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wscapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: appidapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_1_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cfgmgr32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: virtdisk.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: smartscreenps.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: servicingcommon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\icacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: dpx.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: wdscore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

File written: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\msiwrapper.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: CH2emxsgb7.msi

Static file information: File size 2043904 > 1048576

Source:

Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: CH2emxsgb7.msi, 6c33d4.msi.4.dr, MSIAB7.tmp.4.dr

Source: fc2afe7abf0b084895c411b2655de9b1.tmp.8.dr	Static PE information: section name: .00cfg
Source: fc2afe7abf0b084895c411b2655de9b1.tmp.8.dr	Static PE information: section name: .voltbl

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D887B push esi; retf	12_2_006D887C
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006C6438 push eax; mov dword ptr [esp], 00000001h	12_2_006C643C
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006DA4FE push edi; retf	12_2_006DA4FF
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D94F9 push 8BAE42B8h; ret	12_2_006D94FE
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006DA0DE push edi; retf	12_2_006DA0DF
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_0084B04E push ecx; ret	12_2_0084B04D
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D48BE push 4D0F77B3h; iretd	12_2_006D48C4
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D512D push eax; mov dword ptr [esp], ecx	12_2_006D5133
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D3A60 push eax; mov dword ptr [esp], ecx	12_2_006D3A63
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D9E1E push edi; retf	12_2_006D9E1F
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006CEEE8 push 4D0F77B3h; ret	12_2_006CEEEE
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D0322 push 4D0F77B3h; iretd	12_2_006D0328
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006DA338 push edi; retf	12_2_006DA339
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D9FC0 push 014044B8h; ret	12_2_006D9FC5
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D9FA0 pushfd ; ret	12_2_006D9FA1
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_006D9B9E push edi; retf	12_2_006D9B9F

Source: fc2afe7abf0b084895c411b2655de9b1.tmp.8.dr

Static PE information: section name: .text entropy: 6.989454422628006

Source: C:\Windows\SysWOW64\expand.exe	File created: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\374144fc37be4cfc995091726f5280c7$dpx$.tmp\fc2afe7abf0b084895c411b2655de9b1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAB7.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\expand.exe	File created: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe (copy)	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\MSIAB7.tmp

Jump to dropped file

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\." /SETINTEGRITYLEVEL (CI)(OI)HIGH

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Thread delayed: delay time: 600000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Thread delayed: delay time: 600000			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Window / User API: threadDelayed 549	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Window / User API: threadDelayed 495	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Window / User API: threadDelayed 2255	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Dropped PE file which has not been started: C:\Windows\Installer\MSIAB7.tmp

Jump to dropped file

Source: C:\Windows\System32\msiexec.exe TID: 5568	Thread sleep time: -51200s >= -30000s	Jump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 7556	Thread sleep time: -51200s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe TID: 1216	Thread sleep count: 549 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe TID: 1216	Thread sleep time: -329400000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe TID: 1216	Thread sleep count: 495 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe TID: 1216	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe TID: 1216	Thread sleep count: 2255 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe TID: 1216	Thread sleep time: -600000s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\expand.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Thread delayed: delay time: 600000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Thread delayed: delay time: 600000			Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File opened: C:\Users\user\AppData\	Jump to behavior

Source: install.exe, 0000000C.00000002.2612471188.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=x86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoI

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe

Code function: 12_2_00852A8A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

12_2_00852A8A

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_0085E866 mov eax, dword ptr fs:[00000030h]	12_2_0085E866
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_0085E835 mov eax, dword ptr fs:[00000030h]	12_2_0085E835
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_00850278 mov eax, dword ptr fs:[00000030h]	12_2_00850278

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_00852A8A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		12_2_00852A8A
Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe	Code function: 12_2_0084AA6B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		12_2_0084AA6B

Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\." /SETINTEGRITYLEVEL (CI)(OI)HIGH	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe" /VERYSILENT /VERYSILENT	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe

Code function: 12_2_0084B96A GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

12_2_0084B96A

Source: C:\Windows\SysWOW64\expand.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	Windows Management Instrumentation	1 Services File Permissions Weakness	11 Process Injection	2 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Services File Permissions Weakness	21 Virtualization/Sandbox Evasion	LSASS Memory	111 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	11 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	21 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Services File Permissions Weakness	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	11 Peripheral Device Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	14 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
CH2emxsgb7.msi	39%	Virustotal		Browse
CH2emxsgb7.msi	32%	ReversingLabs	Win32.Trojan.Generic

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\374144fc37be4cfc995091726f5280c7$dpx$.tmp\fc2afe7abf0b084895c411b2655de9b1.tmp	26%	ReversingLabs
C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe (copy)	26%	ReversingLabs
C:\Windows\Installer\MSIAB7.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://uoigsiqmemcscosu.xyz:443/api/client_hello	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
uoigsiqmemcscosu.xyz	193.32.177.34	true	false	high
oqoaumkywacmuwwm.xyz	unknown	unknown	false	high
uwgicagyykoommga.xyz	unknown	unknown	false	high
maoeeogmuauywsyu.xyz	unknown	unknown	false	high
miqcugomwgmygyoq.xyz	unknown	unknown	false	high
aqaqgemescmwsqks.xyz	unknown	unknown	false	high
skssioqkemoiieaa.xyz	unknown	unknown	false	high
wuokiysmiucoucak.xyz	unknown	unknown	false	high
omasqkwqyskcagwi.xyz	unknown	unknown	false	high
oqaiyaoqwyeswaiy.xyz	unknown	unknown	false	high
kuyaasckcgacyesi.xyz	unknown	unknown	false	high
iqqeoamqwiuiyuua.xyz	unknown	unknown	false	high
gmciuwiycsqycggy.xyz	unknown	unknown	false	high
ymqaaskiwomkucuy.xyz	unknown	unknown	false	high
coayaokeissieqcc.xyz	unknown	unknown	false	high
qcygacuamqqugcck.xyz	unknown	unknown	false	high
qiyggmguowygeooc.xyz	unknown	unknown	false	high
akueuaicusaoieiy.xyz	unknown	unknown	false	high
caysswwugsmkeksw.xyz	unknown	unknown	false	high
yyimcoiwgckeakcm.xyz	unknown	unknown	false	high
oyogquqkmyqwwkuq.xyz	unknown	unknown	false	high
uyeqwcuyimescesu.xyz	unknown	unknown	false	high
sauygqecsusickcu.xyz	unknown	unknown	false	high
qumssmeysccykkyo.xyz	unknown	unknown	false	high
gceesusqmuockkgw.xyz	unknown	unknown	false	high
kimakioiwmawksiw.xyz	unknown	unknown	false	high
ekqyosgcumkcecmo.xyz	unknown	unknown	false	high
osaeyoiqoqawauga.xyz	unknown	unknown	false	high
kqmsgskwgemyueya.xyz	unknown	unknown	false	high
osoawyeyassgycgy.xyz	unknown	unknown	false	high
gieksqwccmmqkemm.xyz	unknown	unknown	false	high
goicqsmskkygkkka.xyz	unknown	unknown	false	high
aoqayemwgmsyuimi.xyz	unknown	unknown	false	high
kcwiywyygywkkysk.xyz	unknown	unknown	false	high
aaokyscqeecowaci.xyz	unknown	unknown	false	high
ismqaewykmoiguki.xyz	unknown	unknown	false	high
ekcwemuekgqsimae.xyz	unknown	unknown	false	high
owmesaosmycoeceq.xyz	unknown	unknown	false	high
iyaikmkkowcqemsi.xyz	unknown	unknown	false	high
keykoekseemyiewq.xyz	unknown	unknown	false	high
aaeqiiecqqumcgky.xyz	unknown	unknown	false	high
aoyeoimcuuqakckw.xyz	unknown	unknown	false	high
kiuymkmaomciimcc.xyz	unknown	unknown	false	high
smckcsaioceiyasu.xyz	unknown	unknown	false	high
ymysimqoykwqeqiq.xyz	unknown	unknown	false	high
qimmkmaumumswocw.xyz	unknown	unknown	false	high
gmqeqkcqackwkgao.xyz	unknown	unknown	false	high
skiwkmaaeeiqqgee.xyz	unknown	unknown	false	high
giscmywoiaqmqcmw.xyz	unknown	unknown	false	high
cyqqgacqkowwkqqe.xyz	unknown	unknown	false	high
qigcqiaomwieqwka.xyz	unknown	unknown	false	high
oywgqkusocouysua.xyz	unknown	unknown	false	high
isaeicumkcuwqmqq.xyz	unknown	unknown	false	high
ukmcqucewskcqygg.xyz	unknown	unknown	false	high
wgcaouuqqqwucogy.xyz	unknown	unknown	false	high
moiimkscmiswaesw.xyz	unknown	unknown	false	high
cyemcqwkasuimkgs.xyz	unknown	unknown	false	high
qcwcgegyyieaoqca.xyz	unknown	unknown	false	high
ieqeeiggkuqcomyo.xyz	unknown	unknown	false	high
iagisciiyoemgwaa.xyz	unknown	unknown	false	high
ygucsucmagwqsqcu.xyz	unknown	unknown	false	high
aiiqyyikowqaygwy.xyz	unknown	unknown	false	high
gwwcqeykmseicgaw.xyz	unknown	unknown	false	high
skawoueawceoywsy.xyz	unknown	unknown	false	high
quyckaioggawuois.xyz	unknown	unknown	false	high
mueuwcqsioowsmce.xyz	unknown	unknown	false	high
ssmkyomikukusksu.xyz	unknown	unknown	false	high
gwyougsgeaaoiumg.xyz	unknown	unknown	false	high
qcwaiaiqiwcakawa.xyz	unknown	unknown	false	high
suwkomiqcykeyako.xyz	unknown	unknown	false	high
ysiwwoeeaaskykaw.xyz	unknown	unknown	false	high
ggicikyqcaiyguee.xyz	unknown	unknown	false	high
cuaumuqcoeegomsq.xyz	unknown	unknown	false	high
kqueagsoikuyocca.xyz	unknown	unknown	false	high
acemcwecgiqcukys.xyz	unknown	unknown	false	high
gwoyamckoqoaauoq.xyz	unknown	unknown	false	high
keosqeosukqcooco.xyz	unknown	unknown	false	high
oyewqwkusieeoqey.xyz	unknown	unknown	false	high
giuccqyqokookyue.xyz	unknown	unknown	false	high
kwogawueykiiumao.xyz	unknown	unknown	false	high
qiqueqokwqqgwwci.xyz	unknown	unknown	false	high
mmiugosumuqmuqoc.xyz	unknown	unknown	false	high
keguuyioweymiaws.xyz	unknown	unknown	false	high
goeykqccmemkswom.xyz	unknown	unknown	false	high
comuwmkimocayeeu.xyz	unknown	unknown	false	high
guowewgekuoqacyy.xyz	unknown	unknown	false	high
esyiocqieemagwmo.xyz	unknown	unknown	false	high
aiumyocycyyikiwc.xyz	unknown	unknown	false	high
qiswokuokugiooky.xyz	unknown	unknown	false	high
isgasoomksiwqcmg.xyz	unknown	unknown	false	high
caceukeeygaaqaec.xyz	unknown	unknown	false	high
aoscugususamokuy.xyz	unknown	unknown	false	high
oyyamqygcecqocmq.xyz	unknown	unknown	false	high
uecouukwkuceyuwg.xyz	unknown	unknown	false	high
igywsgwooemqiuss.xyz	unknown	unknown	false	high
ikqywgcqaggogqsa.xyz	unknown	unknown	false	high
keckssemmeoqieqe.xyz	unknown	unknown	false	high
eqakguiwiqacqiwg.xyz	unknown	unknown	false	high
kcoiygiwuyqyaoku.xyz	unknown	unknown	false	high
qwcaikouwwekssco.xyz	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://uoigsiqmemcscosu.xyz:443/api/client_hello	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
193.32.177.34	uoigsiqmemcscosu.xyz	Russian Federation		40676	AS40676US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582714
Start date and time:	2024-12-31 10:46:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Run name:	Potential for more IOCs and behavior
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	CH2emxsgb7.msi renamed because original name is a hash value
Original Sample Name:	911c7c676d8457767ff6d69ecefa1d79.msi
Detection:	MAL
Classification:	mal76.troj.winMSI@12/12@307/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .msi Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SecurityHealthHost.exe, dllhost.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 40.113.110.67, 184.28.90.27, 4.175.87.197, 40.126.24.83
Excluded domains from analysis (whitelisted): client.wns.windows.com, wns.notify.trafficmanager.net, fs.microsoft.com, slscr.update.microsoft.com, otelrules.svc.static.microsoft, login.live.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
04:47:38	API Interceptor	16x Sleep call for process: msiexec.exe modified
04:48:32	API Interceptor	3449x Sleep call for process: install.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
193.32.177.34	Bp4LoSXw83.lnk	Get hash	malicious	Unknown	Browse	uoigsiqmemcscosu.xyz:443/api/client_hello

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
uoigsiqmemcscosu.xyz	MJhe4xWsnR.msi	Get hash	malicious	Unknown	Browse	193.32.177.34
uoigsiqmemcscosu.xyz	Bp4LoSXw83.lnk	Get hash	malicious	Unknown	Browse	193.32.177.34

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS40676US	MJhe4xWsnR.msi	Get hash	malicious	Unknown	Browse	193.32.177.34
	Bp4LoSXw83.lnk	Get hash	malicious	Unknown	Browse	193.32.177.34
	download.ps1	Get hash	malicious	Unknown	Browse	45.61.136.138
	download.ps1	Get hash	malicious	Unknown	Browse	45.61.136.138
	download.ps1	Get hash	malicious	Unknown	Browse	45.61.136.138
	download.ps1	Get hash	malicious	Unknown	Browse	45.61.136.138
	loligang.arm.elf	Get hash	malicious	Mirai	Browse	107.176.168.227
	download.ps1	Get hash	malicious	Unknown	Browse	45.61.136.138
	download.ps1	Get hash	malicious	Unknown	Browse	45.61.136.138

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Windows\Installer\MSIAB7.tmp	MJhe4xWsnR.msi	Get hash	malicious	Unknown	Browse
	Bp4LoSXw83.lnk	Get hash	malicious	Unknown	Browse
	510286.msi	Get hash	malicious	Unknown	Browse
	33abb.msi	Get hash	malicious	Unknown	Browse
	56ff7c.msi	Get hash	malicious	Unknown	Browse
	510286.msi	Get hash	malicious	Unknown	Browse
	5c322c.msi	Get hash	malicious	Unknown	Browse
	33abb.msi	Get hash	malicious	Unknown	Browse
	57ff67.msi	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\374144fc37be4cfc995091726f5280c7$dpx$.tmp\fc2afe7abf0b084895c411b2655de9b1.tmp	Bp4LoSXw83.lnk	Get hash	malicious	Unknown	Browse
C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe (copy)	Bp4LoSXw83.lnk	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files.cab

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 1719614 bytes, 1 file, at 0x2c +A "install.exe", ID 26334, number 1, 21072 datablocks, 0x1503 compression
Category:	dropped
Size (bytes):	1719614
Entropy (8bit):	5.5426003973888225
Encrypted:	false
SSDEEP:	12288:aZ5Sa6VWXmYgkxgL8E5f0vYpoQVQgpyETvJwO+UD/bjkD6mj0sircCOz0HSJ:aPmqtgPOvmoQVFVwhajkD6lbTOz0H4
MD5:	99E7D8D9B0E89B408E27E49C80DE5923
SHA1:	180428134B266951FB0EAA9D359C886132707D8B
SHA-256:	A41A2A085B81F2B39D739B3FF75D5CCBB7B8FF4C21B03CAEC3CA8A721FD158F7
SHA-512:	895FB9F72055A36BC85DFDA6911F9B0AE27EF480AED1E24A7EE7CEEB27DF887BB7B8C750796F1E18C2B0A5BEBB3BCD400546CC5355450FB8D5D88F3A839C3A17
Malicious:	false
Reputation:	low
Preview:	MSCF....>=......,................f..H...PR....').......Y.9 .install.exe.?.0."A..[...6 6Fq.....4..P..._U....0,..R..Q.OS..$../C.n...B5..B....vowo...J.,.....Z........;...}\|OBR.....-Os..I...f...1[.q....s.....p.f<.8.y.O.0e.L<(t..f.XT..9.cQ"x..L....F....@..8n......H..$%....1K...Z...... 4.UE`Uw....{.....5{..{k...Ur\]S.TR.ER.$.X.......(....`.....8....x.0..-QF...."Mw/@s.5...7..y..1.....<pWJ".......o%........D.3.JN~..R.N.~....O..N..[...x..H.H.T/i...5.......K_.L/.....l.<..y.M...L.....k. .V...e..M..M.....o....z..U.....I..Q..m.."....pI.'.i?...m.-2{...P.P.D.\.b..gX.L...?.y^kp....+.)m.....5..g&......,....d_1.".............._....Aw...lY5^E..kx..w...[.. ....}..+^..jJ...!...x..ph..1k..K\|b.=...X...X.Q^GX.N...O..hP..:.......(.^X..A..1x....3NG..p...R..,. .}....~...I.v/h.h..-..3H.........M..+..x.\8#..;W]L...Ru.j.@.1....@.9..a.R..w...\|'LM...F...."....B......}.V5".K....-..-m..e....Q..9.zNa3.G<..-.S.......[.L.5.y...*.5I$...L......QNM.f..8.J...../7.....

C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\374144fc37be4cfc995091726f5280c7$dpx$.tmp\fc2afe7abf0b084895c411b2655de9b1.tmp

Download File

Process:	C:\Windows\SysWOW64\expand.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	690480128
Entropy (8bit):	0.05135802905365817
Encrypted:	false
SSDEEP:
MD5:	34281BDF47FBF9E5EACB560C90EF9DD3
SHA1:	2392522064A765DE3DCF4153AC52442C5B9C364D
SHA-256:	6D2C0DAB5D6A082828908A2B7063726BD2FE5E818BC6D4E9D028E23BBA85923E
SHA-512:	523639A8B2970A05B988A7C488985829590701D1D60C303B46FBE1418CECE9A3D2F8CFF22CF50EC8A04CC5085F2207D9AAAF32ECB8EFA17BA0BD283339BF8A8F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 26%
Joe Sandbox View:	Filename: Bp4LoSXw83.lnk, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....ng..................... ....................@...........................%...........@..................................r..x.............................$.8....................................................t...............................text.............................. ..`.rdata...!......."..................@..@.data............>..................@....00cfg..............................@..@.tls................................@....voltbl.,................................rsrc...............................@..@.reloc..8.....$.......#.............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe (copy)

Download File

Process:	C:\Windows\SysWOW64\expand.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	690480128
Entropy (8bit):	0.05135802905365817
Encrypted:	false
SSDEEP:
MD5:	34281BDF47FBF9E5EACB560C90EF9DD3
SHA1:	2392522064A765DE3DCF4153AC52442C5B9C364D
SHA-256:	6D2C0DAB5D6A082828908A2B7063726BD2FE5E818BC6D4E9D028E23BBA85923E
SHA-512:	523639A8B2970A05B988A7C488985829590701D1D60C303B46FBE1418CECE9A3D2F8CFF22CF50EC8A04CC5085F2207D9AAAF32ECB8EFA17BA0BD283339BF8A8F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 26%
Joe Sandbox View:	Filename: Bp4LoSXw83.lnk, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....ng..................... ....................@...........................%...........@..................................r..x.............................$.8....................................................t...............................text.............................. ..`.rdata...!......."..................@..@.data............>..................@....00cfg..............................@..@.tls................................@....voltbl.,................................rsrc...............................@..@.reloc..8.....$.......#.............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\msiwrapper.ini

Download File

Process:	C:\Windows\SysWOW64\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1486
Entropy (8bit):	3.6962005460888276
Encrypted:	false
SSDEEP:	24:+dv8DW8XjsjZW1RD6/SpZESrFYX7yuRX7yuBynX7yuRKl95sBn:+AgVwI/SpZJFYryWryUSryv9qn
MD5:	72BE062CC5EB2F11E739007788FE81BB
SHA1:	D96873BE29605C5ACD019A5CF6D77D4FA53C7737
SHA-256:	07F51F9A59EA13C4BEC326088A5BB250E199990E339492DA5CDD8B9944A3CB0A
SHA-512:	67EDA0B5B70EB48E226430ADFDA34CAB5A147C26C7FF811F210F8E841D00E902D9773F27E97D694B8808EE11CF78D51DB73937B9940DDB6672F15985B15E89C8
Malicious:	false
Preview:	W.r.a.p.p.e.d.A.p.p.l.i.c.a.t.i.o.n.I.d.=.M.i.c.r.o.s.o.f.t. .E.d.g.e...W.r.a.p.p.e.d.R.e.g.i.s.t.r.a.t.i.o.n.=.N.o.n.e...I.n.s.t.a.l.l.S.u.c.c.e.s.s.C.o.d.e.s.=.0...E.l.e.v.a.t.i.o.n.M.o.d.e.=.n.e.v.e.r...B.a.s.e.N.a.m.e.=.i.n.s.t.a.l.l...e.x.e...C.a.b.H.a.s.h.=.a.4.1.a.2.a.0.8.5.b.8.1.f.2.b.3.9.d.7.3.9.b.3.f.f.7.5.d.5.c.c.b.b.7.b.8.f.f.4.c.2.1.b.0.3.c.a.e.c.3.c.a.8.a.7.2.1.f.d.1.5.8.f.7...S.e.t.u.p.P.a.r.a.m.e.t.e.r.s.=./.V.E.R.Y.S.I.L.E.N.T. . ./.V.E.R.Y.S.I.L.E.N.T. ...W.o.r.k.i.n.g.D.i.r.=...C.u.r.r.e.n.t.D.i.r.=..S.O.U.R.C.E.D.I.R....U.I.L.e.v.e.l.=.5...F.o.c.u.s.=.y.e.s...S.e.s.s.i.o.n.D.i.r.=.C.:.\.U.s.e.r.s.\.M.e.r.c.y.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.4.9.3.a.2.f.6.a.-.b.2.a.c.-.4.6.6.8.-.b.9.3.8.-.9.3.1.7.c.4.3.e.1.e.9.7.\...F.i.l.e.s.D.i.r.=.C.:.\.U.s.e.r.s.\.M.e.r.c.y.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.4.9.3.a.2.f.6.a.-.b.2.a.c.-.4.6.6.8.-.b.9.3.8.-.9.3.1.7.c.4.3.e.1.e.9.7.\.f.i.l.e.s.\...R.u.n.B.e.f.o.r.e.I.n.s.t.a.l.l.F.i.l.e.=...R.u.n.B.e.f.o.r.

C:\Windows\Installer\6c33d4.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Microsoft Edge 131.0.2903.112, Subject: Microsoft Edge, Author: Microsoft Corporation, Keywords: Installer, Template: Intel;1033, Revision Number: {A3E5BD32-5D25-43E0-A9F0-60F729B1751C}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
Category:	dropped
Size (bytes):	2043904
Entropy (8bit):	5.797670687332357
Encrypted:	false
SSDEEP:	24576:1t9cpVDh46APmqtgPOvmoQVFVwhajkD6lbTOz0H:KpRhV9qtgGBQD28AOTGK
MD5:	911C7C676D8457767FF6D69ECEFA1D79
SHA1:	D63CCDB60CD4DB63A9ECCA34B2E7120571DF8A8E
SHA-256:	B2332C274A55ABE231D044AD4E3E64DD37BF3200314C209D5A91FF8EE800CC54
SHA-512:	503B854AB1F40CB8790393650D9AE32A2E1C3785E0C0AA68D35CA9CA2FCDF52815F1465029F7888B967D5C2D08060ECDCE069C1CABAEF013F17E1988FFBB9742
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIAB7.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	212992
Entropy (8bit):	6.513409725320959
Encrypted:	false
SSDEEP:	3072:xspAtOdmXwCGjtYNKbYO2gjpcm8rRuqpjCL42loHUvU0yGxr5GqM2a8:jtOdiRQYpgjpjew5DHyGxcqo8
MD5:	0C8921BBCC37C6EFD34FAF44CF3B0CB5
SHA1:	DCFA71246157EDCD09EECAF9D4C5E360B24B3E49
SHA-256:	FD622CF73EA951A6DE631063ABA856487D77745DD1500ADCA61902B8DDE56FE1
SHA-512:	ED55443E20D40CCA90596F0A0542FA5AB83FE0270399ADFAAFD172987FB813DFD44EC0DA0A58C096AF3641003F830341FE259AD5BCE9823F238AE63B7E11E108
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: MJhe4xWsnR.msi, Detection: malicious, Browse Filename: Bp4LoSXw83.lnk, Detection: malicious, Browse Filename: 510286.msi, Detection: malicious, Browse Filename: 33abb.msi, Detection: malicious, Browse Filename: 56ff7c.msi, Detection: malicious, Browse Filename: 510286.msi, Detection: malicious, Browse Filename: 5c322c.msi, Detection: malicious, Browse Filename: 33abb.msi, Detection: malicious, Browse Filename: 57ff67.msi, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p...p...p.......p.....p..../.p.......p...q.%.p.......p.....p.....p.Rich..p.........................PE..L...Y..e...........!.....h..........K................................................]....@.........................P...]............P.......................`.....................................p...@...............t............................text....f.......h.................. ..`.rdata...............l..............@..@.data....5..........................@....rsrc........P......................@..@.reloc...)...`...*..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\SourceHash{EC0B7729-7E31-4A40-84C7-A7BC5EBB8C41}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7687912513405997
Encrypted:	false
SSDEEP:	12:JSbX72FjNAGiLIlHVRpZh/7777777777777777777777777vDHFu0AJit/l0i8Q:JHQI5t9jiF
MD5:	06E07AAF909B3C10090B125F42AA2B85
SHA1:	B7BDD9D20E502330C265DCBDAB120A3C3809D195
SHA-256:	5B6B7C4222F5D0F5E96DF98C3E7BB8895E3AFF209D0CC71E77748090EEC8985B
SHA-512:	891F8EEBFCC6822A960F4E5322F06D7DB028B9CCE96F7EFEBF1FA6CFED2F9D7A6BEE87E2710997C7BA4D000471C64811307C37287D1367723B671C7F51A27E40
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2101265089237039
Encrypted:	false
SSDEEP:	48:QMmQuqPveFXJPT5081gddS+uBrqddSBfrB:WQa3T71mTfq9
MD5:	D5ECB62166659C871EEA84CCD0FBE315
SHA1:	0CF2690F8D3B2262274E2618F080BC64716C199F
SHA-256:	2A7827B3D069A0090FE75F8B95F605B8AE9B477F2C342E6A9CD1DBFB1149F850
SHA-512:	C43F5135782E0F9A9935082DB0BADE6192B6051EBD6D1A95BAF0C95E856C1D887494102A113E3D7C5DEEE77ADEC7306D05FD81B17FF04FD01FCF396095D21E5D
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	322696
Entropy (8bit):	5.356013229012672
Encrypted:	false
SSDEEP:	1536:20IrcGd8a0CSyYtuuWOuklGXgiejy3QLYqc0Aj2CYWtTDnGWaW8LHHLORWK20iKM:CpI1crNruzmTgMAYeNx
MD5:	DD56C8CFA5700CBA8354F476FB0405D9
SHA1:	9364ABC76FDFC3B8FBAC26C55A2677FFB2A711EE
SHA-256:	46EA80CFDEA0EE50C87F3B354E07933690FDBE6F1FCD389DAD339754197A29FB
SHA-512:	A3F1A648FE7E8BBE75B534EDAB5B4F144F655F87E48E905ECAED71512C1DA07DDAA9C83CD667F2B0731247215AC4E995E3648F59B60FE85C8BB6A3C933EAE994
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..05/07/2022 07:40:26.485 [3724]: Command line: D:\wd\compilerTemp\BMT.ijbjbjy2.cay\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..05/07/2022 07:40:26.516 [3724]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..05/07/2022 07:40:26.547 [3724]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..05/07/2022 07:40:26.547 [3724]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..05/07/2022 07:40:26.547 [

C:\Windows\SystemTemp\~DF180919B16B293FC2.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	81920
Entropy (8bit):	0.10381339883196739
Encrypted:	false
SSDEEP:	24:21YYEJfAebfddipV79ddipVguVTwGdlrkg9SX8+h8g:QErfddSB9ddS+uBr9U8
MD5:	16586AA4580ACFF16BC8835DCACAA591
SHA1:	89E2B067D012610E849DC09C1E18904904C88938
SHA-256:	5117C0C5839FD3F8885643085207D399B9EFDD06CBA25257CAEBE37768FC4EC1
SHA-512:	BD14D1A711BD8436712C6BC64908B9E01BD7B36B7A611715384E30EBAD56046A1824A2CACFE9F2EC76E46632CED38502ADE94F14BCD89845921CFC79DC5AB60B
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\SystemTemp\~DF6D82FCD56D3FCB17.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07118455831549587
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOITUKaUAAsgVky6lit/:2F0i8n0itFzDHFu0AWit/
MD5:	ABC97F1CD13400A34F56A8C6814F1D8F
SHA1:	4272DB5CBE3EDE50DBFC33A2D0EB6685FAE4961B
SHA-256:	1ECF399E4F62A61A5E91C6A45C88E8F104C9B74FDE1A902524DD54A0886420C5
SHA-512:	6676A9A83AB1E2EB5DCA8678BE36E9D1D18D96688E95768087F827D2A5C5078543085552EB2EE55F965244099657CF08A38DBA1983E68B6D08BA6B76C1CCBECF
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\expand.exe
File Type:	ASCII text, with very long lines (962), with CRLF, CR, LF line terminators, with overstriking
Category:	dropped
Size (bytes):	1163
Entropy (8bit):	3.5347930687101115
Encrypted:	false
SSDEEP:	24:zKcNDlQDdXXXXXXXXXXXXXXXXXXeDYJQn:zKaD+5XXXXXXXXXXXXXXXXXXe9
MD5:	25B57F2A06CAE15E15A4B36972F55AA3
SHA1:	12A02B8CDA69E7343B9C65096727F63F2EEB84C6
SHA-256:	5F490F39A554496BC7699BD2221CEF2CA96C414AAAA8CDD09DBD9DD70B8478F4
SHA-512:	29AE99F9EB5118F7420476E4C1A272D1277933A5A63610EFCEB8111B0467B52CE8EA7E8A1AB68936E8DC41B475AEB58C9687EF0B8C6C17FC3C2A040097771DBA
Malicious:	false
Preview:	Microsoft (R) File Expansion Utility..Copyright (c) Microsoft Corporation. All rights reserved.....Adding files\install.exe to Extraction Queue....Expanding Files ......Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files..........................Progress: 0 out of 1 files.........................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Microsoft Edge 131.0.2903.112, Subject: Microsoft Edge, Author: Microsoft Corporation, Keywords: Installer, Template: Intel;1033, Revision Number: {A3E5BD32-5D25-43E0-A9F0-60F729B1751C}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
Entropy (8bit):	5.797670687332357
TrID:	Generic OLE2 / Multistream Compound File (8008/1) 100.00%
File name:	CH2emxsgb7.msi
File size:	2'043'904 bytes
MD5:	911c7c676d8457767ff6d69ecefa1d79
SHA1:	d63ccdb60cd4db63a9ecca34b2e7120571df8a8e
SHA256:	b2332c274a55abe231d044ad4e3e64dd37bf3200314c209d5a91ff8ee800cc54
SHA512:	503b854ab1f40cb8790393650d9ae32a2e1c3785e0c0aa68d35ca9ca2fcdf52815f1465029f7888b967d5c2d08060ecdce069c1cabaef013f17e1988ffbb9742
SSDEEP:	24576:1t9cpVDh46APmqtgPOvmoQVFVwhajkD6lbTOz0H:KpRhV9qtgGBQD28AOTGK
TLSH:	929578C03784C027E85709354E67C7ADA76DFD90AA30B08B3760BB6E5B3A9D39E25741
File Content Preview:	........................>......................................................................................................................................................................................................................................

File Icon


Icon Hash:	bdb5fdd8b3b39b1f

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 10:48:39.513492107 CET	49728	443	192.168.2.25	193.32.177.34
Dec 31, 2024 10:48:39.513535023 CET	443	49728	193.32.177.34	192.168.2.25
Dec 31, 2024 10:48:39.513611078 CET	49728	443	192.168.2.25	193.32.177.34
Dec 31, 2024 10:48:39.513829947 CET	49728	443	192.168.2.25	193.32.177.34
Dec 31, 2024 10:48:39.513839960 CET	443	49728	193.32.177.34	192.168.2.25
Dec 31, 2024 10:48:39.513892889 CET	443	49728	193.32.177.34	192.168.2.25

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 10:48:38.818928003 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:39.499711037 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:39.500602961 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:39.509066105 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:39.514903069 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:39.523838043 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:39.524694920 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:39.532485008 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:39.987019062 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:39.995750904 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:39.996417999 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:40.005398035 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:40.006104946 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:40.012583017 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:40.823968887 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:40.845437050 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:40.846301079 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:40.855361938 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:40.855916023 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:40.881439924 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:40.882035017 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:40.898183107 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:40.899018049 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:40.905678034 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:41.355786085 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:41.362926960 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:41.846908092 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:41.862340927 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:41.862894058 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:41.869415045 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:42.403017998 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:42.411463022 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:42.415641069 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:42.424527884 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:42.434339046 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:42.442982912 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:42.450031042 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:42.478051901 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:42.492161036 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:42.498977900 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:42.958941936 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:42.965421915 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:43.419425964 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:43.437088013 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:43.437865973 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:43.444545984 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:43.898583889 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:43.907752037 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:43.908828974 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:43.917320013 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:43.917891979 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:43.926779985 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:43.927331924 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:43.943850994 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:43.944696903 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:43.951267004 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:44.410131931 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:44.416776896 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:44.873608112 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:44.880186081 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:45.354990959 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:45.373358011 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:45.400578976 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:45.422020912 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:45.429570913 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:45.442380905 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:45.443734884 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:45.450340033 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:45.907856941 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:45.925098896 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:45.925920010 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:45.937573910 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:45.938268900 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:45.945082903 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:46.406230927 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:46.412997007 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:46.894352913 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:46.920356035 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:46.921236038 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:46.930006981 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:46.930792093 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:46.939661980 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:46.940582037 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:46.949173927 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:46.949892998 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:46.968614101 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:46.969302893 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:46.978053093 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:46.978871107 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:46.985722065 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:47.553057909 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:47.575042009 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:47.576725960 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:47.583502054 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:48.085042953 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:48.112277985 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:48.121006966 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:48.132031918 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:48.154097080 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:48.162832022 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:48.187741041 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:48.197954893 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:48.222307920 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:48.229353905 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:48.706020117 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:48.715275049 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:48.716100931 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:48.724792004 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:48.726444960 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:48.733575106 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:49.215548038 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:49.222769976 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:49.677426100 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:49.686980009 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:49.687751055 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:49.694735050 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:50.173773050 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:50.180496931 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:50.655816078 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:50.662491083 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:51.117019892 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:51.126133919 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:51.126898050 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:51.135782003 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:51.136929989 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:51.143654108 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:51.606379986 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:51.622251987 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:51.623076916 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:51.634681940 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:51.635462046 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:51.642168999 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:52.107466936 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:52.114361048 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:52.610630989 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:52.622525930 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:52.623228073 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:52.632410049 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:52.633191109 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:52.660650969 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:52.661283016 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:52.680291891 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:52.681387901 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:52.701386929 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:52.712234974 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:52.718692064 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:53.198755980 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:53.215816975 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:53.216808081 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:53.223671913 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:53.728027105 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:53.751163006 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:53.764839888 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:53.771929026 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:54.234972954 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:54.259394884 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:54.260205030 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:54.281328917 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:54.282120943 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:54.288930893 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:54.747514963 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:54.754250050 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:55.215867996 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:55.240479946 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:55.241461992 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:55.255656004 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:55.257781982 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:55.265044928 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:55.718117952 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:55.728554010 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:55.729227066 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:55.737946033 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:55.738733053 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:55.745529890 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:56.234822989 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:56.241472960 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:56.696077108 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:56.707087040 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:56.707775116 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:56.714520931 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:57.178452969 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:57.187067986 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:57.187741041 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:57.194350004 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:57.773452044 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:57.791910887 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:57.792572021 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:57.799114943 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:58.250876904 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:58.266202927 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:58.267195940 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:58.273964882 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:58.728084087 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:58.737265110 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:58.737899065 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:58.744874001 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:59.204335928 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:59.223778009 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:59.224514008 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:59.231383085 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:59.741357088 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:59.750823021 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:59.751538038 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:59.761094093 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:59.761859894 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:59.776074886 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:59.776773930 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:59.787061930 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:48:59.787725925 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:48:59.794229984 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:00.247865915 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:00.254738092 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:00.814466953 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:00.834060907 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:00.836570024 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:00.845748901 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:00.846642971 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:00.857527018 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:00.858335972 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:00.868942022 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:00.869786978 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:00.876950026 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:01.348926067 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:01.369366884 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:01.370101929 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:01.376971006 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:01.831309080 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:01.838021994 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:02.300136089 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:02.306710005 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:02.765747070 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:02.775005102 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:02.775672913 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:02.784842968 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:02.785460949 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:02.807709932 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:02.808772087 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:02.815318108 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:03.318665981 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:03.329689980 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:03.330292940 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:03.347115040 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:03.347778082 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:03.354674101 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:03.853157997 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:03.862241983 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:03.862905979 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:03.872878075 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:03.873523951 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:03.882529020 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:03.883097887 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:03.889652967 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:04.461028099 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:04.475536108 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:04.484024048 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:04.490613937 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:04.956142902 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:04.963037968 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:05.445194006 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:05.458719015 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:05.459749937 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:05.479623079 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:05.480520964 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:05.499818087 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:05.500659943 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:05.523947954 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:05.524597883 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:05.533401966 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:05.533998966 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:05.543823004 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:05.544312954 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:05.551156998 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:06.013573885 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:06.020102978 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:06.473387003 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:06.480066061 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:06.937860012 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:06.948000908 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:06.948519945 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:06.957411051 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:06.957828045 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:06.967109919 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:06.967761040 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:06.974458933 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:07.458441973 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:07.467431068 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:07.467906952 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:07.474428892 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:07.929809093 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:07.936424017 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:08.391408920 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:08.407004118 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:08.407486916 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:08.421402931 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:08.421977043 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:08.428709030 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:08.901566982 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:08.923728943 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:08.924355984 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:08.931324005 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:09.413569927 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:09.422389030 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:09.423666954 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:09.444344044 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:09.445576906 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:09.469796896 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:09.470941067 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:09.494803905 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:09.626487017 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:09.633232117 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:10.127194881 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:10.154731035 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:10.155452967 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:10.162199020 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:10.615256071 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:10.621866941 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:11.073590040 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:11.083925962 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:11.084661007 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:11.104305983 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:11.105017900 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:11.111742973 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:11.576574087 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:11.588169098 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:11.588897943 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:11.608743906 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:11.609577894 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:11.625241041 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:11.625986099 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:11.632577896 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:12.096265078 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:12.118424892 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:12.140290976 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:12.149076939 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:12.150914907 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:12.160126925 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:12.160746098 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:12.168288946 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:12.675293922 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:12.693825006 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:12.694443941 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:12.713844061 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:12.714526892 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:12.735336065 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:12.746489048 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:12.753165960 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:13.226176977 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:13.247159004 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:13.247687101 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:13.256625891 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:13.257244110 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:13.282674074 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:13.283457041 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:13.290167093 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:13.940094948 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:13.953931093 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:13.954467058 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:13.972595930 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:13.973074913 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:13.979789972 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:14.533673048 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:14.540247917 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:15.059135914 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:15.068381071 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:15.068826914 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:15.079721928 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:15.080238104 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:15.100428104 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:15.100940943 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:15.107440948 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:15.594861984 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:15.610605001 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:15.612150908 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:15.618613958 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:16.098659992 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:16.105149984 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:16.564068079 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:16.573539019 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:16.574073076 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:16.584266901 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:16.585449934 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:16.605017900 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:16.605741978 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:16.612232924 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:17.115159035 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:17.121746063 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:17.579125881 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:17.589116096 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:17.603133917 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:17.619155884 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:17.619899988 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:17.639513016 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:17.640113115 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:17.660573959 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:17.661252975 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:17.667853117 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:18.169447899 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:18.176609993 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:18.672658920 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:18.684062004 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:18.684658051 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:18.693582058 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:18.694113016 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:18.700892925 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:19.181085110 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:19.209589958 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:19.210295916 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:19.219185114 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:19.219737053 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:19.228265047 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:19.228775978 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:19.235285997 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:19.689579010 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:19.696430922 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:20.169876099 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:20.187843084 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:20.188801050 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:20.195461035 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:20.649780989 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:20.659286976 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:21.140238047 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:21.149569035 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:21.150311947 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:21.172117949 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:21.172852039 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:21.181759119 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:21.182447910 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:21.200997114 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:21.201678038 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:21.208347082 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:21.676177025 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:21.682909966 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:22.145397902 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:22.152030945 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:22.605144024 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:22.627778053 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:22.628765106 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:22.646388054 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:22.647497892 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:22.668066025 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:22.668869972 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:22.687305927 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:22.688213110 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:22.699538946 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:22.700277090 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:22.712450027 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:22.713063002 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:22.719659090 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:23.228096962 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:23.237663984 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:23.238430977 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:23.245265007 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:23.753226995 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:23.779238939 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:23.783123016 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:23.792675972 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:23.820180893 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:23.835037947 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:23.836344957 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:23.848718882 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:23.849541903 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:23.858369112 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:23.859659910 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:23.866156101 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:24.359656096 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:24.366327047 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:24.847117901 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:24.855551004 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:24.856195927 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:24.879683018 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:24.880295992 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:24.886915922 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:25.362581968 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:25.371809959 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:25.372354984 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:25.379085064 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:25.833254099 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:25.842437029 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:25.843111038 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:25.864475012 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:25.865103960 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:25.879257917 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:25.883748055 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:25.890450954 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:26.354767084 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:26.361323118 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:26.853183031 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:26.879133940 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:26.879833937 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:26.888592005 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:26.889385939 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:26.907834053 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:26.910988092 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:26.920284033 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:26.920825958 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:26.927679062 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:27.384074926 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:27.393016100 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:27.393728971 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:27.402688980 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:27.403215885 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:27.412319899 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:27.412825108 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:27.420073032 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:27.928462982 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:27.944467068 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:27.962718010 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:27.971934080 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:27.997404099 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:28.004656076 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:28.463659048 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:28.475383997 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:28.476036072 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:28.488914013 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:28.489689112 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:28.496262074 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:28.963917971 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:28.970760107 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:29.624044895 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:29.652785063 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:29.739098072 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:29.753029108 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:29.755100012 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:29.771337032 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:29.773077011 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:29.779664040 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:30.241533041 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:30.263164997 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:30.264930010 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:30.284112930 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:30.284924984 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:30.291646004 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:30.773312092 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:30.782598972 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:30.783163071 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:30.799489021 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:30.800040960 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:30.806721926 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:31.380435944 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:31.389961958 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:31.390683889 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:31.397260904 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:31.895950079 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:31.902669907 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:32.369046926 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:32.382692099 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:32.401468992 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:32.408087015 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:32.887537003 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:32.897634983 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:32.898433924 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:32.915704012 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:32.919496059 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:32.926280975 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:33.401985884 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:33.411214113 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:33.412174940 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:33.423644066 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:33.424161911 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:33.433289051 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:33.433795929 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:33.440535069 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:33.908251047 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:33.921447992 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:33.922616005 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:33.929332972 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:34.404953003 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:34.412379980 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:34.412868023 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:34.419559002 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:35.039408922 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:35.047079086 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:35.067667961 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:35.076823950 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:35.077465057 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:35.103796005 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:35.106921911 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:35.115420103 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:35.120034933 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:35.126642942 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:35.587372065 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:35.596153975 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:35.596689939 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:35.605516911 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:35.606057882 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:35.612683058 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:36.096088886 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:36.102804899 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:36.594146013 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:36.621120930 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:36.621835947 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:36.630994081 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:36.631676912 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:36.642637014 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:36.643141985 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:36.667201996 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:36.667798996 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:36.683386087 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:36.684043884 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:36.690695047 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:37.162106037 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:37.168730974 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:37.704206944 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:37.716798067 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:37.721868038 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:37.736483097 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:37.744195938 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:37.766561985 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:37.779659986 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:37.786853075 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:38.251837969 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:38.263108015 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:38.263748884 CET	58747	53	192.168.2.25	1.1.1.1
Dec 31, 2024 10:49:38.270519018 CET	53	58747	1.1.1.1	192.168.2.25
Dec 31, 2024 10:49:38.609494925 CET	53	58747	1.1.1.1	192.168.2.25

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 31, 2024 10:48:38.818928003 CET	192.168.2.25	1.1.1.1	0xc3b	Standard query (0)	skyqsyyymyacyayc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:39.500602961 CET	192.168.2.25	1.1.1.1	0xf8e8	Standard query (0)	uoigsiqmemcscosu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:39.514903069 CET	192.168.2.25	1.1.1.1	0xc0ab	Standard query (0)	kuywuskkgqsigqqs.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:39.524694920 CET	192.168.2.25	1.1.1.1	0xd82f	Standard query (0)	auayomwkewcomwas.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:39.987019062 CET	192.168.2.25	1.1.1.1	0xf54	Standard query (0)	iyaikmkkowcqemsi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:39.996417999 CET	192.168.2.25	1.1.1.1	0xa43e	Standard query (0)	ggicikyqcaiyguee.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.006104946 CET	192.168.2.25	1.1.1.1	0xb332	Standard query (0)	oqyaoykomyoygics.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.823968887 CET	192.168.2.25	1.1.1.1	0xcdb1	Standard query (0)	eqakguiwiqacqiwg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.846301079 CET	192.168.2.25	1.1.1.1	0x3d6a	Standard query (0)	wgcaouuqqqwucogy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.855916023 CET	192.168.2.25	1.1.1.1	0x849	Standard query (0)	ewacuagosgqmuocm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.882035017 CET	192.168.2.25	1.1.1.1	0x726e	Standard query (0)	wgqyouayikuyuqmk.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.899018049 CET	192.168.2.25	1.1.1.1	0x1743	Standard query (0)	owaaygsacguucaye.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:41.355786085 CET	192.168.2.25	1.1.1.1	0xa870	Standard query (0)	uwgicagyykoommga.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:41.846908092 CET	192.168.2.25	1.1.1.1	0x5d0b	Standard query (0)	uiggameqqycugsqw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:41.862894058 CET	192.168.2.25	1.1.1.1	0xbcbe	Standard query (0)	goguooqkgysueime.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.403017998 CET	192.168.2.25	1.1.1.1	0x9ed4	Standard query (0)	keosqeosukqcooco.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.415641069 CET	192.168.2.25	1.1.1.1	0x9356	Standard query (0)	maoeeogmuauywsyu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.434339046 CET	192.168.2.25	1.1.1.1	0x8977	Standard query (0)	ismqaewykmoiguki.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.450031042 CET	192.168.2.25	1.1.1.1	0x813	Standard query (0)	wucwykasawokemaw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.492161036 CET	192.168.2.25	1.1.1.1	0xc258	Standard query (0)	ukmcqucewskcqygg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.958941936 CET	192.168.2.25	1.1.1.1	0xbf9c	Standard query (0)	qqqmeagkkosgcayo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.419425964 CET	192.168.2.25	1.1.1.1	0x79c5	Standard query (0)	ysawassgkwqygmmq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.437865973 CET	192.168.2.25	1.1.1.1	0xe41b	Standard query (0)	osaeyoiqoqawauga.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.898583889 CET	192.168.2.25	1.1.1.1	0x4d34	Standard query (0)	iagisciiyoemgwaa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.908828974 CET	192.168.2.25	1.1.1.1	0xaf1e	Standard query (0)	ymysimqoykwqeqiq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.917891979 CET	192.168.2.25	1.1.1.1	0xabf9	Standard query (0)	ymmcwogyimsuqmcc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.927331924 CET	192.168.2.25	1.1.1.1	0x485b	Standard query (0)	osmoygyawqmmimkq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.944696903 CET	192.168.2.25	1.1.1.1	0x3132	Standard query (0)	immyecuqwkiyscys.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:44.410131931 CET	192.168.2.25	1.1.1.1	0x8eb	Standard query (0)	omsqkuiwcwoegooq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:44.873608112 CET	192.168.2.25	1.1.1.1	0xecd0	Standard query (0)	ukaiiiyqoooycyqm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.354990959 CET	192.168.2.25	1.1.1.1	0x54c8	Standard query (0)	isemauqkwwiumyky.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.400578976 CET	192.168.2.25	1.1.1.1	0x28ec	Standard query (0)	keguuyioweymiaws.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.429570913 CET	192.168.2.25	1.1.1.1	0x440a	Standard query (0)	kwaywmaequkqccai.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.443734884 CET	192.168.2.25	1.1.1.1	0x62cd	Standard query (0)	yyimcoiwgckeakcm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.907856941 CET	192.168.2.25	1.1.1.1	0x2307	Standard query (0)	ekcwemuekgqsimae.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.925920010 CET	192.168.2.25	1.1.1.1	0x6732	Standard query (0)	imigkomgmqgmakqk.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.938268900 CET	192.168.2.25	1.1.1.1	0x8ce	Standard query (0)	omasqkwqyskcagwi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.406230927 CET	192.168.2.25	1.1.1.1	0x9529	Standard query (0)	awyomscgweuqmgaw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.894352913 CET	192.168.2.25	1.1.1.1	0x946	Standard query (0)	eyoyssauceguqwmk.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.921236038 CET	192.168.2.25	1.1.1.1	0x937c	Standard query (0)	gwwcqeykmseicgaw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.930792093 CET	192.168.2.25	1.1.1.1	0x588f	Standard query (0)	qwywqgsmgaoiwsga.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.940582037 CET	192.168.2.25	1.1.1.1	0x8b55	Standard query (0)	ososwckwcqmmwqcy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.949892998 CET	192.168.2.25	1.1.1.1	0x537d	Standard query (0)	osaymwoggqqycmse.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.969302893 CET	192.168.2.25	1.1.1.1	0x15af	Standard query (0)	oyewqwkusieeoqey.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.978871107 CET	192.168.2.25	1.1.1.1	0x355a	Standard query (0)	ommwaqgaemsmcqwc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:47.553057909 CET	192.168.2.25	1.1.1.1	0x108f	Standard query (0)	cauewwukyywyqiei.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:47.576725960 CET	192.168.2.25	1.1.1.1	0x8d99	Standard query (0)	goeykqccmemkswom.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.085042953 CET	192.168.2.25	1.1.1.1	0xe84b	Standard query (0)	aksuakswwkiimamq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.121006966 CET	192.168.2.25	1.1.1.1	0xb3c3	Standard query (0)	isaeicumkcuwqmqq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.154097080 CET	192.168.2.25	1.1.1.1	0x2035	Standard query (0)	qiswokuokugiooky.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.187741041 CET	192.168.2.25	1.1.1.1	0xfa76	Standard query (0)	qiswcssocuqsaqkq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.222307920 CET	192.168.2.25	1.1.1.1	0x3ee0	Standard query (0)	qcyksokwumicscaa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.706020117 CET	192.168.2.25	1.1.1.1	0x68cb	Standard query (0)	esiaisyasoaoqwki.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.716100931 CET	192.168.2.25	1.1.1.1	0xd77c	Standard query (0)	giqukkwwcwgqcisg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.726444960 CET	192.168.2.25	1.1.1.1	0xdc59	Standard query (0)	ymqaaskiwomkucuy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:49.215548038 CET	192.168.2.25	1.1.1.1	0x6b7b	Standard query (0)	akueuaicusaoieiy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:49.677426100 CET	192.168.2.25	1.1.1.1	0x5948	Standard query (0)	sauygqecsusickcu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:49.687751055 CET	192.168.2.25	1.1.1.1	0x6c2e	Standard query (0)	kkwkgmcoawgaoiwg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:50.173773050 CET	192.168.2.25	1.1.1.1	0xee6e	Standard query (0)	saumycuogqsqykes.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:50.655816078 CET	192.168.2.25	1.1.1.1	0x2234	Standard query (0)	ukyokaigmmkumgoa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.117019892 CET	192.168.2.25	1.1.1.1	0x2bb6	Standard query (0)	eswweuycwwiiykwo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.126898050 CET	192.168.2.25	1.1.1.1	0x452	Standard query (0)	uksgyqiqaaiaiesi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.136929989 CET	192.168.2.25	1.1.1.1	0x5579	Standard query (0)	smckcsaioceiyasu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.606379986 CET	192.168.2.25	1.1.1.1	0xa376	Standard query (0)	esimsqgcwwwmyoqc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.623076916 CET	192.168.2.25	1.1.1.1	0x317f	Standard query (0)	maiyuocqqiqiiskw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.635462046 CET	192.168.2.25	1.1.1.1	0xe1ce	Standard query (0)	smaaowemwiwggocu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.107466936 CET	192.168.2.25	1.1.1.1	0x1a5e	Standard query (0)	kwuuwgemogmuomwq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.610630989 CET	192.168.2.25	1.1.1.1	0xfcbe	Standard query (0)	ukicsmiwggcwksam.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.623228073 CET	192.168.2.25	1.1.1.1	0xdfea	Standard query (0)	gwamoggwyegsseao.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.633191109 CET	192.168.2.25	1.1.1.1	0xdfa4	Standard query (0)	immcqsiceooqyaay.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.661283016 CET	192.168.2.25	1.1.1.1	0x6549	Standard query (0)	kkcqgowgkcoyokcu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.681387901 CET	192.168.2.25	1.1.1.1	0x2367	Standard query (0)	kecgikusmakuksma.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.712234974 CET	192.168.2.25	1.1.1.1	0xb5e9	Standard query (0)	ymuiggyusggsymoi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:53.198755980 CET	192.168.2.25	1.1.1.1	0xbb08	Standard query (0)	uecouukwkuceyuwg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:53.216808081 CET	192.168.2.25	1.1.1.1	0x4b16	Standard query (0)	eyoaceoookqskqmy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:53.728027105 CET	192.168.2.25	1.1.1.1	0xa42e	Standard query (0)	awwomgcseeqwkkom.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:53.764839888 CET	192.168.2.25	1.1.1.1	0xe224	Standard query (0)	keykoekseemyiewq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:54.234972954 CET	192.168.2.25	1.1.1.1	0x92b0	Standard query (0)	ysiwwoeeaaskykaw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:54.260205030 CET	192.168.2.25	1.1.1.1	0x7730	Standard query (0)	kwmcuwccqmuecgea.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:54.282120943 CET	192.168.2.25	1.1.1.1	0x5ade	Standard query (0)	gwyooeiscmwguqms.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:54.747514963 CET	192.168.2.25	1.1.1.1	0x9c5c	Standard query (0)	wuokiysmiucoucak.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.215867996 CET	192.168.2.25	1.1.1.1	0x4d6	Standard query (0)	wuuiumemmigyyauq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.241461992 CET	192.168.2.25	1.1.1.1	0x8274	Standard query (0)	acwomuuukiomgqkm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.257781982 CET	192.168.2.25	1.1.1.1	0xeac8	Standard query (0)	muwqwgaaymomgwmi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.718117952 CET	192.168.2.25	1.1.1.1	0xb3f7	Standard query (0)	omgcoecwsqiuqyug.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.729227066 CET	192.168.2.25	1.1.1.1	0x88f4	Standard query (0)	kqmsgskwgemyueya.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.738733053 CET	192.168.2.25	1.1.1.1	0xfb05	Standard query (0)	eyiyueewuaqmmwcm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:56.234822989 CET	192.168.2.25	1.1.1.1	0xc290	Standard query (0)	gwoyamckoqoaauoq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:56.696077108 CET	192.168.2.25	1.1.1.1	0xaaab	Standard query (0)	qwqsoyoqkymakowm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:56.707775116 CET	192.168.2.25	1.1.1.1	0xca67	Standard query (0)	gcmiymmqgwuquokm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:57.178452969 CET	192.168.2.25	1.1.1.1	0x41d8	Standard query (0)	ymseciekayuweoww.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:57.187741041 CET	192.168.2.25	1.1.1.1	0x4d8f	Standard query (0)	oyocwswugeiqqyoo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:57.773452044 CET	192.168.2.25	1.1.1.1	0xb2a9	Standard query (0)	omgooecquoweeomo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:57.792572021 CET	192.168.2.25	1.1.1.1	0xff2	Standard query (0)	imgeoyougkmmeuec.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:58.250876904 CET	192.168.2.25	1.1.1.1	0xebb6	Standard query (0)	smoswyoekkccyuga.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:58.267195940 CET	192.168.2.25	1.1.1.1	0xaee5	Standard query (0)	suwkomiqcykeyako.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:58.728084087 CET	192.168.2.25	1.1.1.1	0x761d	Standard query (0)	smwsugycuuckemue.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:58.737899065 CET	192.168.2.25	1.1.1.1	0x1903	Standard query (0)	qigcqiaomwieqwka.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.204335928 CET	192.168.2.25	1.1.1.1	0x6208	Standard query (0)	oekcyqqggaegsesm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.224514008 CET	192.168.2.25	1.1.1.1	0x5dbd	Standard query (0)	qcoysaaooaiccqyu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.741357088 CET	192.168.2.25	1.1.1.1	0x6584	Standard query (0)	mismuqiygyeysaoo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.751538038 CET	192.168.2.25	1.1.1.1	0x6132	Standard query (0)	wockoyekyageakcg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.761859894 CET	192.168.2.25	1.1.1.1	0x7388	Standard query (0)	ososokqeakgguwsq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.776773930 CET	192.168.2.25	1.1.1.1	0x68d7	Standard query (0)	wcgqccqcugomywua.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.787725925 CET	192.168.2.25	1.1.1.1	0x6138	Standard query (0)	aqaqgemescmwsqks.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.247865915 CET	192.168.2.25	1.1.1.1	0x136a	Standard query (0)	aqiwocaywcswuwsq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.814466953 CET	192.168.2.25	1.1.1.1	0x501d	Standard query (0)	aqgmgoqcoqqkguyk.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.836570024 CET	192.168.2.25	1.1.1.1	0xd2c3	Standard query (0)	oywgqkusocouysua.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.846642971 CET	192.168.2.25	1.1.1.1	0x7ffd	Standard query (0)	uyygagweoagcuqky.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.858335972 CET	192.168.2.25	1.1.1.1	0xa716	Standard query (0)	muiccguyaeaqwweg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.869786978 CET	192.168.2.25	1.1.1.1	0xdfd3	Standard query (0)	qiqueqokwqqgwwci.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:01.348926067 CET	192.168.2.25	1.1.1.1	0xaf58	Standard query (0)	uygmgoymcwcgkios.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:01.370101929 CET	192.168.2.25	1.1.1.1	0x7c31	Standard query (0)	qiyggmguowygeooc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:01.831309080 CET	192.168.2.25	1.1.1.1	0x1a9f	Standard query (0)	acacoiqgoimayqwm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:02.300136089 CET	192.168.2.25	1.1.1.1	0x25b3	Standard query (0)	smisyqewaummmwoc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:02.765747070 CET	192.168.2.25	1.1.1.1	0xe84	Standard query (0)	mumuqocoisaucwmq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:02.775672913 CET	192.168.2.25	1.1.1.1	0x56e1	Standard query (0)	qqoawmqqwqcusmee.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:02.785460949 CET	192.168.2.25	1.1.1.1	0xbcd7	Standard query (0)	qcygacuamqqugcck.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:02.808772087 CET	192.168.2.25	1.1.1.1	0x1875	Standard query (0)	kkiigoymgkmoggoq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.318665981 CET	192.168.2.25	1.1.1.1	0x3220	Standard query (0)	qqmicqemgcgieoau.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.330292940 CET	192.168.2.25	1.1.1.1	0x2d99	Standard query (0)	sagymwuwgeucsmac.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.347778082 CET	192.168.2.25	1.1.1.1	0xf605	Standard query (0)	igmqooiwioymwkcm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.853157997 CET	192.168.2.25	1.1.1.1	0x3b52	Standard query (0)	osyqameakgkceeog.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.862905979 CET	192.168.2.25	1.1.1.1	0x4dfe	Standard query (0)	sgigamoeiwksoecq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.873523951 CET	192.168.2.25	1.1.1.1	0x9e0f	Standard query (0)	keckssemmeoqieqe.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.883097887 CET	192.168.2.25	1.1.1.1	0xe418	Standard query (0)	caysswwugsmkeksw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:04.461028099 CET	192.168.2.25	1.1.1.1	0xb62a	Standard query (0)	cgiamwsqgcmqgqse.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:04.484024048 CET	192.168.2.25	1.1.1.1	0xbd70	Standard query (0)	uyeqwcuyimescesu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:04.956142902 CET	192.168.2.25	1.1.1.1	0xee1c	Standard query (0)	ekiwqiyewuiqoemo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.445194006 CET	192.168.2.25	1.1.1.1	0xfb87	Standard query (0)	oeakuqueisysswcg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.459749937 CET	192.168.2.25	1.1.1.1	0x5d62	Standard query (0)	acemcwecgiqcukys.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.480520964 CET	192.168.2.25	1.1.1.1	0xaa37	Standard query (0)	qcwaiaiqiwcakawa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.500659943 CET	192.168.2.25	1.1.1.1	0xd0d0	Standard query (0)	esyiocqieemagwmo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.524597883 CET	192.168.2.25	1.1.1.1	0x7518	Standard query (0)	kqsakygykwusqams.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.533998966 CET	192.168.2.25	1.1.1.1	0xd0b4	Standard query (0)	ymygkkggyigeqcqe.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.544312954 CET	192.168.2.25	1.1.1.1	0x5a4f	Standard query (0)	qqqkagyoymmosuyo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:06.013573885 CET	192.168.2.25	1.1.1.1	0x1f56	Standard query (0)	moiimkscmiswaesw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:06.473387003 CET	192.168.2.25	1.1.1.1	0x263e	Standard query (0)	igkiociagqsacmwa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:06.937860012 CET	192.168.2.25	1.1.1.1	0x2e22	Standard query (0)	ymugwyokyyccykmw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:06.948519945 CET	192.168.2.25	1.1.1.1	0x5083	Standard query (0)	gieksqwccmmqkemm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:06.957828045 CET	192.168.2.25	1.1.1.1	0x8967	Standard query (0)	iaueigwgocakgsku.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:06.967761040 CET	192.168.2.25	1.1.1.1	0x1271	Standard query (0)	sgsasqgwayeckgoy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:07.458441973 CET	192.168.2.25	1.1.1.1	0x81eb	Standard query (0)	kwogawueykiiumao.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:07.467906952 CET	192.168.2.25	1.1.1.1	0x14b	Standard query (0)	iagmkeayqmuowswy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:07.929809093 CET	192.168.2.25	1.1.1.1	0x1346	Standard query (0)	yyyagyakeciucagk.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:08.391408920 CET	192.168.2.25	1.1.1.1	0xfec0	Standard query (0)	isukyiwyscosaaqc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:08.407486916 CET	192.168.2.25	1.1.1.1	0x7699	Standard query (0)	goicqsmskkygkkka.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:08.421977043 CET	192.168.2.25	1.1.1.1	0x7ff	Standard query (0)	awacwkqgsoomimye.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:08.901566982 CET	192.168.2.25	1.1.1.1	0x81d5	Standard query (0)	iaawaweqwceogamg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:08.924355984 CET	192.168.2.25	1.1.1.1	0x79cb	Standard query (0)	kqueagsoikuyocca.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:09.413569927 CET	192.168.2.25	1.1.1.1	0x9ef1	Standard query (0)	momoqikcaksewaua.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:09.423666954 CET	192.168.2.25	1.1.1.1	0xabaf	Standard query (0)	suagiqkqmkgysmiw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:09.445576906 CET	192.168.2.25	1.1.1.1	0x3597	Standard query (0)	gcwequgwyimwymsa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:09.470941067 CET	192.168.2.25	1.1.1.1	0x1f8e	Standard query (0)	igywsgwooemqiuss.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:09.626487017 CET	192.168.2.25	1.1.1.1	0x5520	Standard query (0)	wikiagqsmeeaeegy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:10.127194881 CET	192.168.2.25	1.1.1.1	0xa8b9	Standard query (0)	eeoeukoqgiwsumsu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:10.155452967 CET	192.168.2.25	1.1.1.1	0xe37c	Standard query (0)	ygooiessycewaocg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:10.615256071 CET	192.168.2.25	1.1.1.1	0x646f	Standard query (0)	qcqgssmagywqcgws.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.073590040 CET	192.168.2.25	1.1.1.1	0x1783	Standard query (0)	goiikukwyyauemqc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.084661007 CET	192.168.2.25	1.1.1.1	0x13b2	Standard query (0)	comuwmkimocayeeu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.105017900 CET	192.168.2.25	1.1.1.1	0x3292	Standard query (0)	isgasoomksiwqcmg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.576574087 CET	192.168.2.25	1.1.1.1	0x878d	Standard query (0)	qigismmgwsiseyuu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.588897943 CET	192.168.2.25	1.1.1.1	0x2058	Standard query (0)	wuqggcwmoscwykwg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.609577894 CET	192.168.2.25	1.1.1.1	0x5d33	Standard query (0)	qceawaaswmsuekmu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.625986099 CET	192.168.2.25	1.1.1.1	0x8850	Standard query (0)	ygucsucmagwqsqcu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.096265078 CET	192.168.2.25	1.1.1.1	0x5386	Standard query (0)	giuccqyqokookyue.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.140290976 CET	192.168.2.25	1.1.1.1	0x3736	Standard query (0)	gceesusqmuockkgw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.150914907 CET	192.168.2.25	1.1.1.1	0x40a0	Standard query (0)	ygesoycecmkuwayg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.160746098 CET	192.168.2.25	1.1.1.1	0x7aef	Standard query (0)	sasqgsyksiccuuws.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.675293922 CET	192.168.2.25	1.1.1.1	0x76a3	Standard query (0)	qwggykgwkqoceiuo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.694443941 CET	192.168.2.25	1.1.1.1	0x39d2	Standard query (0)	wiguisuayimaukgu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.714526892 CET	192.168.2.25	1.1.1.1	0xc5d6	Standard query (0)	qcwcgegyyieaoqca.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.746489048 CET	192.168.2.25	1.1.1.1	0x923c	Standard query (0)	gwcyyawigmwceaqi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.226176977 CET	192.168.2.25	1.1.1.1	0x97d7	Standard query (0)	mueuwcqsioowsmce.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.247687101 CET	192.168.2.25	1.1.1.1	0x83d7	Standard query (0)	qiewcykmuuacuoyk.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.257244110 CET	192.168.2.25	1.1.1.1	0x6f0c	Standard query (0)	coayaokeissieqcc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.283457041 CET	192.168.2.25	1.1.1.1	0x21cf	Standard query (0)	oeooiqokqsqcsaig.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.940094948 CET	192.168.2.25	1.1.1.1	0xffa9	Standard query (0)	masegmsiqgamiugm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.954467058 CET	192.168.2.25	1.1.1.1	0x4f0d	Standard query (0)	smwywssyyaciqkae.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.973074913 CET	192.168.2.25	1.1.1.1	0x8204	Standard query (0)	aweqoooqomueeiwi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:14.533673048 CET	192.168.2.25	1.1.1.1	0x520a	Standard query (0)	akasikewaomyiwqk.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.059135914 CET	192.168.2.25	1.1.1.1	0x5271	Standard query (0)	oyyamqygcecqocmq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.068826914 CET	192.168.2.25	1.1.1.1	0xdb27	Standard query (0)	qwikoqqgiayyuakq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.080238104 CET	192.168.2.25	1.1.1.1	0x4c81	Standard query (0)	miqcugomwgmygyoq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.100940943 CET	192.168.2.25	1.1.1.1	0xed2e	Standard query (0)	wiccyamsgmuqoeoy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.594861984 CET	192.168.2.25	1.1.1.1	0xb203	Standard query (0)	ymeiqyyqqyaaygie.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.612150908 CET	192.168.2.25	1.1.1.1	0xc8e2	Standard query (0)	wiomcwmascsigags.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:16.098659992 CET	192.168.2.25	1.1.1.1	0x236b	Standard query (0)	awgyuqqswicwkqcs.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:16.564068079 CET	192.168.2.25	1.1.1.1	0x88e5	Standard query (0)	iacisiamimiiqyeo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:16.574073076 CET	192.168.2.25	1.1.1.1	0xfdd5	Standard query (0)	wogawoqysgiockwa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:16.585449934 CET	192.168.2.25	1.1.1.1	0x5a95	Standard query (0)	mayykkuyeuiggyws.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:16.605741978 CET	192.168.2.25	1.1.1.1	0xf87c	Standard query (0)	cosaygigqegeyewi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.115159035 CET	192.168.2.25	1.1.1.1	0xe3ac	Standard query (0)	ekqyosgcumkcecmo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.579125881 CET	192.168.2.25	1.1.1.1	0xb57a	Standard query (0)	qimmkmaumumswocw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.603133917 CET	192.168.2.25	1.1.1.1	0x9911	Standard query (0)	acqaagqgmsmeouce.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.619899988 CET	192.168.2.25	1.1.1.1	0xf852	Standard query (0)	awasockiaymagmci.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.640113115 CET	192.168.2.25	1.1.1.1	0x3cfe	Standard query (0)	akuyqkmomwqyiyow.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.661252975 CET	192.168.2.25	1.1.1.1	0x424a	Standard query (0)	caceukeeygaaqaec.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:18.169447899 CET	192.168.2.25	1.1.1.1	0xcc6b	Standard query (0)	qwcaikouwwekssco.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:18.672658920 CET	192.168.2.25	1.1.1.1	0x9103	Standard query (0)	qqioykeogcwkowgq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:18.684658051 CET	192.168.2.25	1.1.1.1	0x1b0b	Standard query (0)	igeqissugeuswaus.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:18.694113016 CET	192.168.2.25	1.1.1.1	0x8058	Standard query (0)	osoawyeyassgycgy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:19.181085110 CET	192.168.2.25	1.1.1.1	0x3bca	Standard query (0)	cuaumuqcoeegomsq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:19.210295916 CET	192.168.2.25	1.1.1.1	0x692	Standard query (0)	oyogquqkmyqwwkuq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:19.219737053 CET	192.168.2.25	1.1.1.1	0x1035	Standard query (0)	gwyougsgeaaoiumg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:19.228775978 CET	192.168.2.25	1.1.1.1	0x1c3e	Standard query (0)	ukeoemaaimqyuais.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:19.689579010 CET	192.168.2.25	1.1.1.1	0x4a72	Standard query (0)	oewuwcsmaacckewa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:20.169876099 CET	192.168.2.25	1.1.1.1	0xe609	Standard query (0)	esykokiigsgwcwsa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:20.188801050 CET	192.168.2.25	1.1.1.1	0xf3e5	Standard query (0)	ekgqymkkqiwogqsy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:20.649780989 CET	192.168.2.25	1.1.1.1	0x1b83	Standard query (0)	wueossewygqoakoq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.140238047 CET	192.168.2.25	1.1.1.1	0x9d10	Standard query (0)	isceiesauogasmoo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.150311947 CET	192.168.2.25	1.1.1.1	0xefb3	Standard query (0)	giscmywoiaqmqcmw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.172852039 CET	192.168.2.25	1.1.1.1	0xe1f1	Standard query (0)	uyqweoyukcewugsu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.182447910 CET	192.168.2.25	1.1.1.1	0x13f1	Standard query (0)	imuscegymggagewg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.201678038 CET	192.168.2.25	1.1.1.1	0xc04f	Standard query (0)	wgesgakysuqaewik.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.676177025 CET	192.168.2.25	1.1.1.1	0xc94e	Standard query (0)	uwoyyqgiwowysqou.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.145397902 CET	192.168.2.25	1.1.1.1	0x62c7	Standard query (0)	syaouwwyoaemeekm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.605144024 CET	192.168.2.25	1.1.1.1	0x7fd8	Standard query (0)	aoscugususamokuy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.628765106 CET	192.168.2.25	1.1.1.1	0xb17f	Standard query (0)	qucyaygweeasqeoy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.647497892 CET	192.168.2.25	1.1.1.1	0xbe43	Standard query (0)	uiwwamyuymycooey.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.668869972 CET	192.168.2.25	1.1.1.1	0xc790	Standard query (0)	iygukwyuqwiuoqmi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.688213110 CET	192.168.2.25	1.1.1.1	0x6f79	Standard query (0)	koaeaguekwcaousw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.700277090 CET	192.168.2.25	1.1.1.1	0x8835	Standard query (0)	skssioqkemoiieaa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.713063002 CET	192.168.2.25	1.1.1.1	0xff5	Standard query (0)	yewomygmueegmoqi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.228096962 CET	192.168.2.25	1.1.1.1	0x2e62	Standard query (0)	kuyoukwwacqkcoyo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.238430977 CET	192.168.2.25	1.1.1.1	0xd838	Standard query (0)	gmcqgmkyguwkskyg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.753226995 CET	192.168.2.25	1.1.1.1	0x777f	Standard query (0)	mygiqcqokowwmgqq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.783123016 CET	192.168.2.25	1.1.1.1	0xdf3f	Standard query (0)	cymogqmasaiiwmww.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.820180893 CET	192.168.2.25	1.1.1.1	0x33d7	Standard query (0)	iykumkamcykgicyi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.836344957 CET	192.168.2.25	1.1.1.1	0x3fe8	Standard query (0)	cyemcqwkasuimkgs.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.849541903 CET	192.168.2.25	1.1.1.1	0x7358	Standard query (0)	ieqeeiggkuqcomyo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.859659910 CET	192.168.2.25	1.1.1.1	0xe194	Standard query (0)	ssmkyomikukusksu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:24.359656096 CET	192.168.2.25	1.1.1.1	0x22f0	Standard query (0)	kimakioiwmawksiw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:24.847117901 CET	192.168.2.25	1.1.1.1	0xd453	Standard query (0)	qumssmeysccykkyo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:24.856195927 CET	192.168.2.25	1.1.1.1	0x9b38	Standard query (0)	ykuoaucocogcwoky.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:24.880295992 CET	192.168.2.25	1.1.1.1	0xf358	Standard query (0)	semyssioekmosauo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.362581968 CET	192.168.2.25	1.1.1.1	0x8fcd	Standard query (0)	aiiqyyikowqaygwy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.372354984 CET	192.168.2.25	1.1.1.1	0xd7ff	Standard query (0)	kouumoyqiuckkcau.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.833254099 CET	192.168.2.25	1.1.1.1	0xfe1b	Standard query (0)	qgwkkkyicoqmooqu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.843111038 CET	192.168.2.25	1.1.1.1	0xa478	Standard query (0)	uwwcocucusmeguaw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.865103960 CET	192.168.2.25	1.1.1.1	0x31ac	Standard query (0)	cekggiciueyeyoku.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.883748055 CET	192.168.2.25	1.1.1.1	0x56b9	Standard query (0)	iqqeoamqwiuiyuua.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.354767084 CET	192.168.2.25	1.1.1.1	0x8181	Standard query (0)	uokqmokseqqakiui.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.853183031 CET	192.168.2.25	1.1.1.1	0xdf8f	Standard query (0)	cyqqgacqkowwkqqe.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.879833937 CET	192.168.2.25	1.1.1.1	0x7dcb	Standard query (0)	cmqqeimyycgqwsgg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.889385939 CET	192.168.2.25	1.1.1.1	0xc1c2	Standard query (0)	wmgeoqqiwqcmimwu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.910988092 CET	192.168.2.25	1.1.1.1	0xf444	Standard query (0)	quyckaioggawuois.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.920825958 CET	192.168.2.25	1.1.1.1	0x9e23	Standard query (0)	eqciawooemoueyqu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.384074926 CET	192.168.2.25	1.1.1.1	0x7627	Standard query (0)	oqoaumkywacmuwwm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.393728971 CET	192.168.2.25	1.1.1.1	0xadc2	Standard query (0)	ewueyekksqksycww.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.403215885 CET	192.168.2.25	1.1.1.1	0x1508	Standard query (0)	csmasucykosuwouy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.412825108 CET	192.168.2.25	1.1.1.1	0x376	Standard query (0)	seeogeqwsqmsoaqe.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.928462982 CET	192.168.2.25	1.1.1.1	0x752a	Standard query (0)	gusmkkaiomeeqaiy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.962718010 CET	192.168.2.25	1.1.1.1	0x69db	Standard query (0)	msyecoiqeyqeiquy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.997404099 CET	192.168.2.25	1.1.1.1	0x199e	Standard query (0)	skawoueawceoywsy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:28.463659048 CET	192.168.2.25	1.1.1.1	0x191c	Standard query (0)	iyuaqococuqcsgii.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:28.476036072 CET	192.168.2.25	1.1.1.1	0x31c8	Standard query (0)	kuyaasckcgacyesi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:28.489689112 CET	192.168.2.25	1.1.1.1	0xb49a	Standard query (0)	aaeqiiecqqumcgky.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:28.963917971 CET	192.168.2.25	1.1.1.1	0xbf7c	Standard query (0)	aawiysageawcoyok.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:29.624044895 CET	192.168.2.25	1.1.1.1	0xc126	Standard query (0)	yqysoaosqewciiww.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:29.739098072 CET	192.168.2.25	1.1.1.1	0x681e	Standard query (0)	yessywkwcwmyewqe.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:29.755100012 CET	192.168.2.25	1.1.1.1	0x60e9	Standard query (0)	aueiqscgeicewaoo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:29.773077011 CET	192.168.2.25	1.1.1.1	0x1854	Standard query (0)	uccsgcekiwcyucou.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.241533041 CET	192.168.2.25	1.1.1.1	0xb4ca	Standard query (0)	aiumyocycyyikiwc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.264930010 CET	192.168.2.25	1.1.1.1	0x6959	Standard query (0)	aoqayemwgmsyuimi.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.284924984 CET	192.168.2.25	1.1.1.1	0xc9e0	Standard query (0)	mmiowgeswucumqae.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.773312092 CET	192.168.2.25	1.1.1.1	0xcb75	Standard query (0)	mmiugosumuqmuqoc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.783163071 CET	192.168.2.25	1.1.1.1	0xd910	Standard query (0)	ecqisawmymscauow.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.800040960 CET	192.168.2.25	1.1.1.1	0x4036	Standard query (0)	iyoqqeicqoquiqka.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:31.380435944 CET	192.168.2.25	1.1.1.1	0x60fc	Standard query (0)	ecoqwiswmwqokmay.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:31.390683889 CET	192.168.2.25	1.1.1.1	0x36b2	Standard query (0)	ceckmwoyqkwgeoqg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:31.895950079 CET	192.168.2.25	1.1.1.1	0x2548	Standard query (0)	kcoiygiwuyqyaoku.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:32.369046926 CET	192.168.2.25	1.1.1.1	0xad0e	Standard query (0)	aaeyckqsgmiqsgew.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:32.401468992 CET	192.168.2.25	1.1.1.1	0x9458	Standard query (0)	qgaiosyouwwkgsmm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:32.887537003 CET	192.168.2.25	1.1.1.1	0x953c	Standard query (0)	ocqseueommkkqcgs.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:32.898433924 CET	192.168.2.25	1.1.1.1	0xb92c	Standard query (0)	owmesaosmycoeceq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:32.919496059 CET	192.168.2.25	1.1.1.1	0x6d0a	Standard query (0)	qokauaicweuwscac.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.401985884 CET	192.168.2.25	1.1.1.1	0x2822	Standard query (0)	sewmmwqeyauowwwo.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.412174940 CET	192.168.2.25	1.1.1.1	0x349c	Standard query (0)	mmgowiccqoeomagq.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.424161911 CET	192.168.2.25	1.1.1.1	0x3dec	Standard query (0)	kcwiywyygywkkysk.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.433795929 CET	192.168.2.25	1.1.1.1	0xe630	Standard query (0)	syiysgiqgqggqkoc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.908251047 CET	192.168.2.25	1.1.1.1	0xed34	Standard query (0)	ykuasckuceswseig.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.922616005 CET	192.168.2.25	1.1.1.1	0x7190	Standard query (0)	quugmiumsieaiyys.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:34.404953003 CET	192.168.2.25	1.1.1.1	0x2d87	Standard query (0)	ikqywgcqaggogqsa.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:34.412868023 CET	192.168.2.25	1.1.1.1	0x2afb	Standard query (0)	eqyamamqwsseyoig.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.039408922 CET	192.168.2.25	1.1.1.1	0x7a10	Standard query (0)	seqkawokggwucsui.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.067667961 CET	192.168.2.25	1.1.1.1	0xbd0b	Standard query (0)	gmqeqkcqackwkgao.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.077465057 CET	192.168.2.25	1.1.1.1	0xfee6	Standard query (0)	guowewgekuoqacyy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.106921911 CET	192.168.2.25	1.1.1.1	0xd259	Standard query (0)	aaokyscqeecowaci.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.120034933 CET	192.168.2.25	1.1.1.1	0x6895	Standard query (0)	ywywwwgwekicgico.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.587372065 CET	192.168.2.25	1.1.1.1	0xfa3c	Standard query (0)	wsisaoaauqwmuomg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.596689939 CET	192.168.2.25	1.1.1.1	0xe258	Standard query (0)	koouumcuucaeakye.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.606057882 CET	192.168.2.25	1.1.1.1	0xb67e	Standard query (0)	okccisioeycusekg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.096088886 CET	192.168.2.25	1.1.1.1	0xb7b7	Standard query (0)	cymymsciyaiacwgw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.594146013 CET	192.168.2.25	1.1.1.1	0x9856	Standard query (0)	aoyeoimcuuqakckw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.621835947 CET	192.168.2.25	1.1.1.1	0x9bdf	Standard query (0)	qoaweokuqggaymks.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.631676912 CET	192.168.2.25	1.1.1.1	0xc887	Standard query (0)	ewuyacewswkoueqw.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.643141985 CET	192.168.2.25	1.1.1.1	0x3c4c	Standard query (0)	kiuymkmaomciimcc.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.667798996 CET	192.168.2.25	1.1.1.1	0xb26	Standard query (0)	oqaiyaoqwyeswaiy.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.684043884 CET	192.168.2.25	1.1.1.1	0xad7	Standard query (0)	koyokggaqsagggym.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:37.162106037 CET	192.168.2.25	1.1.1.1	0x6cd7	Standard query (0)	cmsuagygagqceocm.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:37.704206944 CET	192.168.2.25	1.1.1.1	0xb8a7	Standard query (0)	uisgoqaoksgqsqyg.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:37.721868038 CET	192.168.2.25	1.1.1.1	0xcb87	Standard query (0)	ocgcqsagaakgkcma.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:37.744195938 CET	192.168.2.25	1.1.1.1	0x9fd4	Standard query (0)	okgigkmiieweagia.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:37.779659986 CET	192.168.2.25	1.1.1.1	0xcc43	Standard query (0)	skiwkmaaeeiqqgee.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:38.251837969 CET	192.168.2.25	1.1.1.1	0x53d	Standard query (0)	aagokgyaswscyaeu.xyz	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:38.263748884 CET	192.168.2.25	1.1.1.1	0x8f71	Standard query (0)	gmciuwiycsqycggy.xyz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 31, 2024 10:48:39.499711037 CET	1.1.1.1	192.168.2.25	0xc3b	Name error (3)	skyqsyyymyacyayc.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:39.509066105 CET	1.1.1.1	192.168.2.25	0xf8e8	No error (0)	uoigsiqmemcscosu.xyz		193.32.177.34	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:39.523838043 CET	1.1.1.1	192.168.2.25	0xc0ab	Name error (3)	kuywuskkgqsigqqs.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:39.995750904 CET	1.1.1.1	192.168.2.25	0xf54	Name error (3)	iyaikmkkowcqemsi.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.005398035 CET	1.1.1.1	192.168.2.25	0xa43e	Name error (3)	ggicikyqcaiyguee.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.845437050 CET	1.1.1.1	192.168.2.25	0xcdb1	Name error (3)	eqakguiwiqacqiwg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.855361938 CET	1.1.1.1	192.168.2.25	0x3d6a	Name error (3)	wgcaouuqqqwucogy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.881439924 CET	1.1.1.1	192.168.2.25	0x849	Name error (3)	ewacuagosgqmuocm.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:40.898183107 CET	1.1.1.1	192.168.2.25	0x726e	Name error (3)	wgqyouayikuyuqmk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:41.862340927 CET	1.1.1.1	192.168.2.25	0x5d0b	Name error (3)	uiggameqqycugsqw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.411463022 CET	1.1.1.1	192.168.2.25	0x9ed4	Name error (3)	keosqeosukqcooco.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.424527884 CET	1.1.1.1	192.168.2.25	0x9356	Name error (3)	maoeeogmuauywsyu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.442982912 CET	1.1.1.1	192.168.2.25	0x8977	Name error (3)	ismqaewykmoiguki.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:42.478051901 CET	1.1.1.1	192.168.2.25	0x813	Name error (3)	wucwykasawokemaw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.437088013 CET	1.1.1.1	192.168.2.25	0x79c5	Name error (3)	ysawassgkwqygmmq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.907752037 CET	1.1.1.1	192.168.2.25	0x4d34	Name error (3)	iagisciiyoemgwaa.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.917320013 CET	1.1.1.1	192.168.2.25	0xaf1e	Name error (3)	ymysimqoykwqeqiq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.926779985 CET	1.1.1.1	192.168.2.25	0xabf9	Name error (3)	ymmcwogyimsuqmcc.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:43.943850994 CET	1.1.1.1	192.168.2.25	0x485b	Name error (3)	osmoygyawqmmimkq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.373358011 CET	1.1.1.1	192.168.2.25	0x54c8	Name error (3)	isemauqkwwiumyky.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.422020912 CET	1.1.1.1	192.168.2.25	0x28ec	Name error (3)	keguuyioweymiaws.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.442380905 CET	1.1.1.1	192.168.2.25	0x440a	Name error (3)	kwaywmaequkqccai.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.925098896 CET	1.1.1.1	192.168.2.25	0x2307	Name error (3)	ekcwemuekgqsimae.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:45.937573910 CET	1.1.1.1	192.168.2.25	0x6732	Name error (3)	imigkomgmqgmakqk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.920356035 CET	1.1.1.1	192.168.2.25	0x946	Name error (3)	eyoyssauceguqwmk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.930006981 CET	1.1.1.1	192.168.2.25	0x937c	Name error (3)	gwwcqeykmseicgaw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.939661980 CET	1.1.1.1	192.168.2.25	0x588f	Name error (3)	qwywqgsmgaoiwsga.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.949173927 CET	1.1.1.1	192.168.2.25	0x8b55	Name error (3)	ososwckwcqmmwqcy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.968614101 CET	1.1.1.1	192.168.2.25	0x537d	Name error (3)	osaymwoggqqycmse.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:46.978053093 CET	1.1.1.1	192.168.2.25	0x15af	Name error (3)	oyewqwkusieeoqey.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:47.575042009 CET	1.1.1.1	192.168.2.25	0x108f	Name error (3)	cauewwukyywyqiei.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.112277985 CET	1.1.1.1	192.168.2.25	0xe84b	Name error (3)	aksuakswwkiimamq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.132031918 CET	1.1.1.1	192.168.2.25	0xb3c3	Name error (3)	isaeicumkcuwqmqq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.162832022 CET	1.1.1.1	192.168.2.25	0x2035	Name error (3)	qiswokuokugiooky.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.197954893 CET	1.1.1.1	192.168.2.25	0xfa76	Name error (3)	qiswcssocuqsaqkq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.715275049 CET	1.1.1.1	192.168.2.25	0x68cb	Name error (3)	esiaisyasoaoqwki.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:48.724792004 CET	1.1.1.1	192.168.2.25	0xd77c	Name error (3)	giqukkwwcwgqcisg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:49.686980009 CET	1.1.1.1	192.168.2.25	0x5948	Name error (3)	sauygqecsusickcu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.126133919 CET	1.1.1.1	192.168.2.25	0x2bb6	Name error (3)	eswweuycwwiiykwo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.135782003 CET	1.1.1.1	192.168.2.25	0x452	Name error (3)	uksgyqiqaaiaiesi.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.622251987 CET	1.1.1.1	192.168.2.25	0xa376	Name error (3)	esimsqgcwwwmyoqc.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:51.634681940 CET	1.1.1.1	192.168.2.25	0x317f	Name error (3)	maiyuocqqiqiiskw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.622525930 CET	1.1.1.1	192.168.2.25	0xfcbe	Name error (3)	ukicsmiwggcwksam.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.632410049 CET	1.1.1.1	192.168.2.25	0xdfea	Name error (3)	gwamoggwyegsseao.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.660650969 CET	1.1.1.1	192.168.2.25	0xdfa4	Name error (3)	immcqsiceooqyaay.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.680291891 CET	1.1.1.1	192.168.2.25	0x6549	Name error (3)	kkcqgowgkcoyokcu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:52.701386929 CET	1.1.1.1	192.168.2.25	0x2367	Name error (3)	kecgikusmakuksma.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:53.215816975 CET	1.1.1.1	192.168.2.25	0xbb08	Name error (3)	uecouukwkuceyuwg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:53.751163006 CET	1.1.1.1	192.168.2.25	0xa42e	Name error (3)	awwomgcseeqwkkom.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:54.259394884 CET	1.1.1.1	192.168.2.25	0x92b0	Name error (3)	ysiwwoeeaaskykaw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:54.281328917 CET	1.1.1.1	192.168.2.25	0x7730	Name error (3)	kwmcuwccqmuecgea.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.240479946 CET	1.1.1.1	192.168.2.25	0x4d6	Name error (3)	wuuiumemmigyyauq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.255656004 CET	1.1.1.1	192.168.2.25	0x8274	Name error (3)	acwomuuukiomgqkm.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.728554010 CET	1.1.1.1	192.168.2.25	0xb3f7	Name error (3)	omgcoecwsqiuqyug.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:55.737946033 CET	1.1.1.1	192.168.2.25	0x88f4	Name error (3)	kqmsgskwgemyueya.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:56.707087040 CET	1.1.1.1	192.168.2.25	0xaaab	Name error (3)	qwqsoyoqkymakowm.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:57.187067986 CET	1.1.1.1	192.168.2.25	0x41d8	Name error (3)	ymseciekayuweoww.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:57.791910887 CET	1.1.1.1	192.168.2.25	0xb2a9	Name error (3)	omgooecquoweeomo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:58.266202927 CET	1.1.1.1	192.168.2.25	0xebb6	Name error (3)	smoswyoekkccyuga.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:58.737265110 CET	1.1.1.1	192.168.2.25	0x761d	Name error (3)	smwsugycuuckemue.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.223778009 CET	1.1.1.1	192.168.2.25	0x6208	Name error (3)	oekcyqqggaegsesm.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.750823021 CET	1.1.1.1	192.168.2.25	0x6584	Name error (3)	mismuqiygyeysaoo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.761094093 CET	1.1.1.1	192.168.2.25	0x6132	Name error (3)	wockoyekyageakcg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.776074886 CET	1.1.1.1	192.168.2.25	0x7388	Name error (3)	ososokqeakgguwsq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:48:59.787061930 CET	1.1.1.1	192.168.2.25	0x68d7	Name error (3)	wcgqccqcugomywua.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.834060907 CET	1.1.1.1	192.168.2.25	0x501d	Name error (3)	aqgmgoqcoqqkguyk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.845748901 CET	1.1.1.1	192.168.2.25	0xd2c3	Name error (3)	oywgqkusocouysua.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.857527018 CET	1.1.1.1	192.168.2.25	0x7ffd	Name error (3)	uyygagweoagcuqky.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:00.868942022 CET	1.1.1.1	192.168.2.25	0xa716	Name error (3)	muiccguyaeaqwweg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:01.369366884 CET	1.1.1.1	192.168.2.25	0xaf58	Name error (3)	uygmgoymcwcgkios.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:02.775005102 CET	1.1.1.1	192.168.2.25	0xe84	Name error (3)	mumuqocoisaucwmq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:02.784842968 CET	1.1.1.1	192.168.2.25	0x56e1	Name error (3)	qqoawmqqwqcusmee.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:02.807709932 CET	1.1.1.1	192.168.2.25	0xbcd7	Name error (3)	qcygacuamqqugcck.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.329689980 CET	1.1.1.1	192.168.2.25	0x3220	Name error (3)	qqmicqemgcgieoau.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.347115040 CET	1.1.1.1	192.168.2.25	0x2d99	Name error (3)	sagymwuwgeucsmac.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.862241983 CET	1.1.1.1	192.168.2.25	0x3b52	Name error (3)	osyqameakgkceeog.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.872878075 CET	1.1.1.1	192.168.2.25	0x4dfe	Name error (3)	sgigamoeiwksoecq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:03.882529020 CET	1.1.1.1	192.168.2.25	0x9e0f	Name error (3)	keckssemmeoqieqe.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:04.475536108 CET	1.1.1.1	192.168.2.25	0xb62a	Name error (3)	cgiamwsqgcmqgqse.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.458719015 CET	1.1.1.1	192.168.2.25	0xfb87	Name error (3)	oeakuqueisysswcg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.479623079 CET	1.1.1.1	192.168.2.25	0x5d62	Name error (3)	acemcwecgiqcukys.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.499818087 CET	1.1.1.1	192.168.2.25	0xaa37	Name error (3)	qcwaiaiqiwcakawa.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.523947954 CET	1.1.1.1	192.168.2.25	0xd0d0	Name error (3)	esyiocqieemagwmo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.533401966 CET	1.1.1.1	192.168.2.25	0x7518	Name error (3)	kqsakygykwusqams.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:05.543823004 CET	1.1.1.1	192.168.2.25	0xd0b4	Name error (3)	ymygkkggyigeqcqe.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:06.948000908 CET	1.1.1.1	192.168.2.25	0x2e22	Name error (3)	ymugwyokyyccykmw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:06.957411051 CET	1.1.1.1	192.168.2.25	0x5083	Name error (3)	gieksqwccmmqkemm.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:06.967109919 CET	1.1.1.1	192.168.2.25	0x8967	Name error (3)	iaueigwgocakgsku.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:07.467431068 CET	1.1.1.1	192.168.2.25	0x81eb	Name error (3)	kwogawueykiiumao.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:08.407004118 CET	1.1.1.1	192.168.2.25	0xfec0	Name error (3)	isukyiwyscosaaqc.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:08.421402931 CET	1.1.1.1	192.168.2.25	0x7699	Name error (3)	goicqsmskkygkkka.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:08.923728943 CET	1.1.1.1	192.168.2.25	0x81d5	Name error (3)	iaawaweqwceogamg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:09.422389030 CET	1.1.1.1	192.168.2.25	0x9ef1	Name error (3)	momoqikcaksewaua.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:09.444344044 CET	1.1.1.1	192.168.2.25	0xabaf	Name error (3)	suagiqkqmkgysmiw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:09.469796896 CET	1.1.1.1	192.168.2.25	0x3597	Name error (3)	gcwequgwyimwymsa.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:09.494803905 CET	1.1.1.1	192.168.2.25	0x1f8e	Name error (3)	igywsgwooemqiuss.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:10.154731035 CET	1.1.1.1	192.168.2.25	0xa8b9	Name error (3)	eeoeukoqgiwsumsu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.083925962 CET	1.1.1.1	192.168.2.25	0x1783	Name error (3)	goiikukwyyauemqc.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.104305983 CET	1.1.1.1	192.168.2.25	0x13b2	Name error (3)	comuwmkimocayeeu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.588169098 CET	1.1.1.1	192.168.2.25	0x878d	Name error (3)	qigismmgwsiseyuu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.608743906 CET	1.1.1.1	192.168.2.25	0x2058	Name error (3)	wuqggcwmoscwykwg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:11.625241041 CET	1.1.1.1	192.168.2.25	0x5d33	Name error (3)	qceawaaswmsuekmu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.118424892 CET	1.1.1.1	192.168.2.25	0x5386	Name error (3)	giuccqyqokookyue.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.149076939 CET	1.1.1.1	192.168.2.25	0x3736	Name error (3)	gceesusqmuockkgw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.160126925 CET	1.1.1.1	192.168.2.25	0x40a0	Name error (3)	ygesoycecmkuwayg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.693825006 CET	1.1.1.1	192.168.2.25	0x76a3	Name error (3)	qwggykgwkqoceiuo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.713844061 CET	1.1.1.1	192.168.2.25	0x39d2	Name error (3)	wiguisuayimaukgu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:12.735336065 CET	1.1.1.1	192.168.2.25	0xc5d6	Name error (3)	qcwcgegyyieaoqca.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.247159004 CET	1.1.1.1	192.168.2.25	0x97d7	Name error (3)	mueuwcqsioowsmce.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.256625891 CET	1.1.1.1	192.168.2.25	0x83d7	Name error (3)	qiewcykmuuacuoyk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.282674074 CET	1.1.1.1	192.168.2.25	0x6f0c	Name error (3)	coayaokeissieqcc.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.953931093 CET	1.1.1.1	192.168.2.25	0xffa9	Name error (3)	masegmsiqgamiugm.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:13.972595930 CET	1.1.1.1	192.168.2.25	0x4f0d	Name error (3)	smwywssyyaciqkae.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.068381071 CET	1.1.1.1	192.168.2.25	0x5271	Name error (3)	oyyamqygcecqocmq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.079721928 CET	1.1.1.1	192.168.2.25	0xdb27	Name error (3)	qwikoqqgiayyuakq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.100428104 CET	1.1.1.1	192.168.2.25	0x4c81	Name error (3)	miqcugomwgmygyoq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:15.610605001 CET	1.1.1.1	192.168.2.25	0xb203	Name error (3)	ymeiqyyqqyaaygie.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:16.573539019 CET	1.1.1.1	192.168.2.25	0x88e5	Name error (3)	iacisiamimiiqyeo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:16.584266901 CET	1.1.1.1	192.168.2.25	0xfdd5	Name error (3)	wogawoqysgiockwa.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:16.605017900 CET	1.1.1.1	192.168.2.25	0x5a95	Name error (3)	mayykkuyeuiggyws.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.589116096 CET	1.1.1.1	192.168.2.25	0xb57a	Name error (3)	qimmkmaumumswocw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.619155884 CET	1.1.1.1	192.168.2.25	0x9911	Name error (3)	acqaagqgmsmeouce.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.639513016 CET	1.1.1.1	192.168.2.25	0xf852	Name error (3)	awasockiaymagmci.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:17.660573959 CET	1.1.1.1	192.168.2.25	0x3cfe	Name error (3)	akuyqkmomwqyiyow.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:18.684062004 CET	1.1.1.1	192.168.2.25	0x9103	Name error (3)	qqioykeogcwkowgq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:18.693582058 CET	1.1.1.1	192.168.2.25	0x1b0b	Name error (3)	igeqissugeuswaus.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:19.209589958 CET	1.1.1.1	192.168.2.25	0x3bca	Name error (3)	cuaumuqcoeegomsq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:19.219185114 CET	1.1.1.1	192.168.2.25	0x692	Name error (3)	oyogquqkmyqwwkuq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:19.228265047 CET	1.1.1.1	192.168.2.25	0x1035	Name error (3)	gwyougsgeaaoiumg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:20.187843084 CET	1.1.1.1	192.168.2.25	0xe609	Name error (3)	esykokiigsgwcwsa.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.149569035 CET	1.1.1.1	192.168.2.25	0x9d10	Name error (3)	isceiesauogasmoo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.172117949 CET	1.1.1.1	192.168.2.25	0xefb3	Name error (3)	giscmywoiaqmqcmw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.181759119 CET	1.1.1.1	192.168.2.25	0xe1f1	Name error (3)	uyqweoyukcewugsu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:21.200997114 CET	1.1.1.1	192.168.2.25	0x13f1	Name error (3)	imuscegymggagewg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.627778053 CET	1.1.1.1	192.168.2.25	0x7fd8	Name error (3)	aoscugususamokuy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.646388054 CET	1.1.1.1	192.168.2.25	0xb17f	Name error (3)	qucyaygweeasqeoy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.668066025 CET	1.1.1.1	192.168.2.25	0xbe43	Name error (3)	uiwwamyuymycooey.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.687305927 CET	1.1.1.1	192.168.2.25	0xc790	Name error (3)	iygukwyuqwiuoqmi.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.699538946 CET	1.1.1.1	192.168.2.25	0x6f79	Name error (3)	koaeaguekwcaousw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:22.712450027 CET	1.1.1.1	192.168.2.25	0x8835	Name error (3)	skssioqkemoiieaa.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.237663984 CET	1.1.1.1	192.168.2.25	0x2e62	Name error (3)	kuyoukwwacqkcoyo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.779238939 CET	1.1.1.1	192.168.2.25	0x777f	Name error (3)	mygiqcqokowwmgqq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.792675972 CET	1.1.1.1	192.168.2.25	0xdf3f	Name error (3)	cymogqmasaiiwmww.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.835037947 CET	1.1.1.1	192.168.2.25	0x33d7	Name error (3)	iykumkamcykgicyi.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.848718882 CET	1.1.1.1	192.168.2.25	0x3fe8	Name error (3)	cyemcqwkasuimkgs.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:23.858369112 CET	1.1.1.1	192.168.2.25	0x7358	Name error (3)	ieqeeiggkuqcomyo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:24.855551004 CET	1.1.1.1	192.168.2.25	0xd453	Name error (3)	qumssmeysccykkyo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:24.879683018 CET	1.1.1.1	192.168.2.25	0x9b38	Name error (3)	ykuoaucocogcwoky.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.371809959 CET	1.1.1.1	192.168.2.25	0x8fcd	Name error (3)	aiiqyyikowqaygwy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.842437029 CET	1.1.1.1	192.168.2.25	0xfe1b	Name error (3)	qgwkkkyicoqmooqu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.864475012 CET	1.1.1.1	192.168.2.25	0xa478	Name error (3)	uwwcocucusmeguaw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:25.879257917 CET	1.1.1.1	192.168.2.25	0x31ac	Name error (3)	cekggiciueyeyoku.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.879133940 CET	1.1.1.1	192.168.2.25	0xdf8f	Name error (3)	cyqqgacqkowwkqqe.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.888592005 CET	1.1.1.1	192.168.2.25	0x7dcb	Name error (3)	cmqqeimyycgqwsgg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.907834053 CET	1.1.1.1	192.168.2.25	0xc1c2	Name error (3)	wmgeoqqiwqcmimwu.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:26.920284033 CET	1.1.1.1	192.168.2.25	0xf444	Name error (3)	quyckaioggawuois.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.393016100 CET	1.1.1.1	192.168.2.25	0x7627	Name error (3)	oqoaumkywacmuwwm.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.402688980 CET	1.1.1.1	192.168.2.25	0xadc2	Name error (3)	ewueyekksqksycww.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.412319899 CET	1.1.1.1	192.168.2.25	0x1508	Name error (3)	csmasucykosuwouy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.944467068 CET	1.1.1.1	192.168.2.25	0x752a	Name error (3)	gusmkkaiomeeqaiy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:27.971934080 CET	1.1.1.1	192.168.2.25	0x69db	Name error (3)	msyecoiqeyqeiquy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:28.475383997 CET	1.1.1.1	192.168.2.25	0x191c	Name error (3)	iyuaqococuqcsgii.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:28.488914013 CET	1.1.1.1	192.168.2.25	0x31c8	Name error (3)	kuyaasckcgacyesi.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:29.652785063 CET	1.1.1.1	192.168.2.25	0xc126	Name error (3)	yqysoaosqewciiww.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:29.753029108 CET	1.1.1.1	192.168.2.25	0x681e	Name error (3)	yessywkwcwmyewqe.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:29.771337032 CET	1.1.1.1	192.168.2.25	0x60e9	Name error (3)	aueiqscgeicewaoo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.263164997 CET	1.1.1.1	192.168.2.25	0xb4ca	Name error (3)	aiumyocycyyikiwc.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.284112930 CET	1.1.1.1	192.168.2.25	0x6959	Name error (3)	aoqayemwgmsyuimi.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.782598972 CET	1.1.1.1	192.168.2.25	0xcb75	Name error (3)	mmiugosumuqmuqoc.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:30.799489021 CET	1.1.1.1	192.168.2.25	0xd910	Name error (3)	ecqisawmymscauow.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:31.389961958 CET	1.1.1.1	192.168.2.25	0x60fc	Name error (3)	ecoqwiswmwqokmay.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:32.382692099 CET	1.1.1.1	192.168.2.25	0xad0e	Name error (3)	aaeyckqsgmiqsgew.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:32.897634983 CET	1.1.1.1	192.168.2.25	0x953c	Name error (3)	ocqseueommkkqcgs.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:32.915704012 CET	1.1.1.1	192.168.2.25	0xb92c	Name error (3)	owmesaosmycoeceq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.411214113 CET	1.1.1.1	192.168.2.25	0x2822	Name error (3)	sewmmwqeyauowwwo.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.423644066 CET	1.1.1.1	192.168.2.25	0x349c	Name error (3)	mmgowiccqoeomagq.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.433289051 CET	1.1.1.1	192.168.2.25	0x3dec	Name error (3)	kcwiywyygywkkysk.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:33.921447992 CET	1.1.1.1	192.168.2.25	0xed34	Name error (3)	ykuasckuceswseig.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:34.412379980 CET	1.1.1.1	192.168.2.25	0x2d87	Name error (3)	ikqywgcqaggogqsa.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.047079086 CET	1.1.1.1	192.168.2.25	0x7a10	Name error (3)	seqkawokggwucsui.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.076823950 CET	1.1.1.1	192.168.2.25	0xbd0b	Name error (3)	gmqeqkcqackwkgao.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.103796005 CET	1.1.1.1	192.168.2.25	0xfee6	Name error (3)	guowewgekuoqacyy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.115420103 CET	1.1.1.1	192.168.2.25	0xd259	Name error (3)	aaokyscqeecowaci.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.596153975 CET	1.1.1.1	192.168.2.25	0xfa3c	Name error (3)	wsisaoaauqwmuomg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:35.605516911 CET	1.1.1.1	192.168.2.25	0xe258	Name error (3)	koouumcuucaeakye.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.621120930 CET	1.1.1.1	192.168.2.25	0x9856	Name error (3)	aoyeoimcuuqakckw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.630994081 CET	1.1.1.1	192.168.2.25	0x9bdf	Name error (3)	qoaweokuqggaymks.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.642637014 CET	1.1.1.1	192.168.2.25	0xc887	Name error (3)	ewuyacewswkoueqw.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.667201996 CET	1.1.1.1	192.168.2.25	0x3c4c	Name error (3)	kiuymkmaomciimcc.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:36.683386087 CET	1.1.1.1	192.168.2.25	0xb26	Name error (3)	oqaiyaoqwyeswaiy.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:37.716798067 CET	1.1.1.1	192.168.2.25	0xb8a7	Name error (3)	uisgoqaoksgqsqyg.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:37.736483097 CET	1.1.1.1	192.168.2.25	0xcb87	Name error (3)	ocgcqsagaakgkcma.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:37.766561985 CET	1.1.1.1	192.168.2.25	0x9fd4	Name error (3)	okgigkmiieweagia.xyz	none	none	A (IP address)	IN (0x0001)	false
Dec 31, 2024 10:49:38.263108015 CET	1.1.1.1	192.168.2.25	0x53d	Name error (3)	aagokgyaswscyaeu.xyz	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

uoigsiqmemcscosu.xyz:443

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.25	49728	193.32.177.34	443	1180	C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 10:48:39.513829947 CET	130	OUT	GET /api/client_hello HTTP/1.1 Accept: / Connection: close Host: uoigsiqmemcscosu.xyz:443 User-Agent: cpp-httplib/0.12.1

Target ID:	0
Start time:	04:47:32
Start date:	31/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\CH2emxsgb7.msi"
Imagebase:	0x7ff72fb60000
File size:	176'128 bytes
MD5 hash:	C0D3BDDE74C1EC82F75681D4D5ED44C8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	04:47:46
Start date:	31/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff72fb60000
File size:	176'128 bytes
MD5 hash:	C0D3BDDE74C1EC82F75681D4D5ED44C8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	04:48:00
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 8B13F332C161E5AF2FCE42F1915DE773
Imagebase:	0x5b0000
File size:	145'408 bytes
MD5 hash:	FE653E9A818C22D7E744320F65A91C09
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	04:48:00
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Imagebase:	0x930000
File size:	30'208 bytes
MD5 hash:	DF132308B964322137C3AA6CD2705D24
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	04:48:00
Start date:	31/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c7360000
File size:	1'040'384 bytes
MD5 hash:	9698384842DA735D80D278A427A229AB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	04:48:00
Start date:	31/12/2024
Path:	C:\Windows\SysWOW64\expand.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
Imagebase:	0x1b0000
File size:	39'424 bytes
MD5 hash:	63860F134FE4705269CE653A673DBD88
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	04:48:00
Start date:	31/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c7360000
File size:	1'040'384 bytes
MD5 hash:	9698384842DA735D80D278A427A229AB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	04:48:32
Start date:	31/12/2024
Path:	C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe" /VERYSILENT /VERYSILENT
Imagebase:	0x6c0000
File size:	690'480'128 bytes
MD5 hash:	34281BDF47FBF9E5EACB560C90EF9DD3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	5.7%
Total number of Nodes:	1353
Total number of Limit Nodes:	12

Executed Functions

Function 0085E866 Relevance: .0, Instructions: 29
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07128884e581d2eca11261019dab7fd9a9360ea982bffda55b223eb5914ef143
Instruction ID: a4c6855163631f78cffe9d38e1feb14608ff53da7491f016d0f048e30c4f8cce
Opcode Fuzzy Hash: 07128884e581d2eca11261019dab7fd9a9360ea982bffda55b223eb5914ef143
Instruction Fuzzy Hash: D9F03032A21724DBCB2ADB4CD805B99B3B8FB45B62F1140A6E905E7151D7B0DE48C7C1

Function 0085C0A9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

api-ms-, xrefs: 0085C100
ext-ms-, xrefs: 0085C114

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: ae7fc65f949e6c77e316d60b7f6c15ba0fb87ca9316137e5f56097b67aec47dc
Instruction ID: 816c90b9c19ec4fc4e57654d8255b5c1f6312c5e43fd90e62ddcb4948dadbd9d
Opcode Fuzzy Hash: ae7fc65f949e6c77e316d60b7f6c15ba0fb87ca9316137e5f56097b67aec47dc
Instruction Fuzzy Hash: E521D571A85B25AFCB218B289C44B1A3758FF15B66F211120ED1AE7392E630ED09CED0

Function 0084FF76 Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,Function_0019008E,00000000,00000000,?), ref: 0084FFBF
GetLastError.KERNEL32(?,00711CD8,00000000,00000000,007FE9E0,?,00000000,?), ref: 0084FFCB
__dosmaperr.LIBCMT ref: 0084FFD2

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 7732ba34467c42d6cb0645904f46d87560dbc627b5c5685d4b00bf1384f7e417
Instruction ID: 698ed1050dfd7b93ea2e13751a635c89e1d2df6a88a2cabf5acf381a55d70de8
Opcode Fuzzy Hash: 7732ba34467c42d6cb0645904f46d87560dbc627b5c5685d4b00bf1384f7e417
Instruction Fuzzy Hash: C7018C32500209ABCF159FA4DC09EAE7BA4FF0131AF104028F905D61A1DF75CA54DB91

Function 0085008E Relevance: 3.0, APIs: 2, Instructions: 38
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(0087CA98,0000000C), ref: 008500A1
ExitThread.KERNEL32 ref: 008500A8

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 93ea269d5dee8433dffe4343305d03b5e5ff29f45f80c092dead426314fe0238
Instruction ID: 580634e1def4ca955aef6327f5636dfcaaf077756a0f51ed45a032fc733f05e4
Opcode Fuzzy Hash: 93ea269d5dee8433dffe4343305d03b5e5ff29f45f80c092dead426314fe0238
Instruction Fuzzy Hash: E9F0AF71940604AFDB24AFB4DC0AA2E3B65FF01302F204149F815D7292CB349A44CFA2

Function 0085C170 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d57b8ae391e6514f41fdd073222f88c21cd9e33d03d95657336e7dea7bdbd3b0
Instruction ID: 0a63431b1ed633ce9150449e176030ee3a7ad387fc6601f823956363f8bb9d78
Opcode Fuzzy Hash: d57b8ae391e6514f41fdd073222f88c21cd9e33d03d95657336e7dea7bdbd3b0
Instruction Fuzzy Hash: 05014737350B19AF9F22CF2DEC4895A379AFBC47713248121FE04CB199EA30C8099B80

Non-executed Functions

Function 006D2DD0 Relevance: 15.6, Strings: 12, Instructions: 614
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

",, xrefs: 006D346B
T{hW, xrefs: 006D2FC9
",, xrefs: 006D3610
",, xrefs: 006D3498
",, xrefs: 006D352D
",, xrefs: 006D35FD
",, xrefs: 006D3638
",, xrefs: 006D33D8
",, xrefs: 006D3470
",, xrefs: 006D339F
",, xrefs: 006D33B0
T{hW, xrefs: 006D2FAB

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: T{hW$T{hW$",$",$",$",$",$",$",$",$",$",
API String ID: 0-1170976903
Opcode ID: c018a3483d6df7d9a472abc4bca246d61843791383b0e2f38f68f2a7acd143fa
Instruction ID: 6174c458fa169a9b516742b05bcfd411403d06b2203c027678ac54fadb1ee72e
Opcode Fuzzy Hash: c018a3483d6df7d9a472abc4bca246d61843791383b0e2f38f68f2a7acd143fa
Instruction Fuzzy Hash: EE321679A082519FCB188F38989056AB7D3BFD9314F684A2EE495CB3A1C730CE45DB43

Function 006C6E40 Relevance: 15.6, Strings: 12, Instructions: 584
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

oj, xrefs: 006C7016
yg1?, xrefs: 006C7190
xQq., xrefs: 006C6EE8
yg1?, xrefs: 006C7467
xQq., xrefs: 006C763E
oj, xrefs: 006C7698
nj, xrefs: 006C700B
oj, xrefs: 006C705C
.rdata, xrefs: 006C6F75
.pdata, xrefs: 006C6FDA
yg1?, xrefs: 006C74A4
wQq., xrefs: 006C6ED2

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: .pdata$.rdata$nj$oj$oj$oj$wQq.$xQq.$xQq.$yg1?$yg1?$yg1?
API String ID: 0-3292500357
Opcode ID: 1457077584d48da7a7acd80b0dc383a2067a9e011f1d4f7a8612c18693221067
Instruction ID: d4f45ced8d70d4f2e69a6a38a6b8b121ed1d55e11532cf4dd52c7739cb70fc83
Opcode Fuzzy Hash: 1457077584d48da7a7acd80b0dc383a2067a9e011f1d4f7a8612c18693221067
Instruction Fuzzy Hash: 2E22AE78B081059F8F18CA68D8D4ABEB7F7EF88310B24455AE812DB3A0D735DD46CB95

Function 006C22F0 Relevance: 15.3, Strings: 12, Instructions: 337
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

hLZ, xrefs: 006C2304
%Cr*, xrefs: 006C24D2
i17, xrefs: 006C2400
&Cr*, xrefs: 006C28B8
hLZ, xrefs: 006C28AE
j17, xrefs: 006C2418
hLZ, xrefs: 006C2368
&Cr*, xrefs: 006C27D8
&Cr*, xrefs: 006C27E2
j17, xrefs: 006C2886
>V;, xrefs: 006C25CD
>V;, xrefs: 006C2424

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: %Cr*$&Cr*$&Cr*$&Cr*$hLZ$hLZ$hLZ$i17$j17$j17$>V;$>V;
API String ID: 0-1715124807
Opcode ID: c4cf2701ca3e5786b3035d000d62747bde0233e0b5b7c58266bb6a2737c0c9fd
Instruction ID: 62cfec876a0dfc4b7d96f8184b0ae69e9cb5adb9d6372fb0d943aa9fe2701a89
Opcode Fuzzy Hash: c4cf2701ca3e5786b3035d000d62747bde0233e0b5b7c58266bb6a2737c0c9fd
Instruction Fuzzy Hash: 88C1F6356145429F4E2C8A2881B4A7A63D3FFC036476A460EDC4BAF7E4DE2D8D474B92

Function 006C1000 Relevance: 14.6, Strings: 11, Instructions: 814COMMON

Download Yara Rule

Strings

kK0, xrefs: 006C1CE8
kK0, xrefs: 006C1CD2
kK0, xrefs: 006C1D2C
X[, xrefs: 006C196D
X[, xrefs: 006C185B
kK0, xrefs: 006C163A
}W?X, xrefs: 006C16FA
kK0, xrefs: 006C1D3E
|W?X, xrefs: 006C1208
}W?X, xrefs: 006C19B2
X[, xrefs: 006C1860

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: X[$X[$X[$kK0$kK0$kK0$kK0$kK0$|W?X$}W?X$}W?X
API String ID: 0-2499471908
Opcode ID: 5dfecfdeda0f54b503d1a4a7429bf974b1738b960982b707ac29a8893ba1cf24
Instruction ID: f171087ecf8ca61fac327e3579a63181dbf205a078c42f93835dc88fb97d6119
Opcode Fuzzy Hash: 5dfecfdeda0f54b503d1a4a7429bf974b1738b960982b707ac29a8893ba1cf24
Instruction Fuzzy Hash: 815219755483488FCF28AB289588F7A72D3EB93350F18861ED9554F7A3E735CC868742

Function 006C7710 Relevance: 11.9, Strings: 9, Instructions: 618COMMON

Download Yara Rule

Strings

d@/#, xrefs: 006C7814
],TC, xrefs: 006C777B
],TC, xrefs: 006C7908
\,TC, xrefs: 006C78FC
*gM1, xrefs: 006C7820
c@/#, xrefs: 006C7808
*gM1, xrefs: 006C7D6B
*gM1, xrefs: 006C7E53
d@/#, xrefs: 006C7E7F

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: *gM1$*gM1$*gM1$\,TC$],TC$],TC$c@/#$d@/#$d@/#
API String ID: 0-2681508148
Opcode ID: 09a2c0bf923b4c169744089d644ea07cbaaf5a9ae6061deac7faa1b9c0100ea0
Instruction ID: c9d1d0b11916c9297d2af2472d51e239e0435c10a7a2b4d9a5264eebf49abab9
Opcode Fuzzy Hash: 09a2c0bf923b4c169744089d644ea07cbaaf5a9ae6061deac7faa1b9c0100ea0
Instruction Fuzzy Hash: 4E328339B1911A8BCF1CCE64D5B4ABDB3A3EF99320B24815DD8136B790CA356D42CF91

Function 006C9E90 Relevance: 6.2, APIs: 4, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb23388f80cee4e15686bef5aae12761b3bf029eb3f1956117f8c470543f2c0e
Instruction ID: 6851b780b8aca3fd6ab676a970335131986b45ec4ff1eaa3f1b254dc9fdfd592
Opcode Fuzzy Hash: fb23388f80cee4e15686bef5aae12761b3bf029eb3f1956117f8c470543f2c0e
Instruction Fuzzy Hash: 98811A75B0010A9B8F14CF68A9D4ABE77E3EF99314F28411ED921D7391DB21DC0ADB92

Function 006CA310 Relevance: 6.2, APIs: 4, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6ffa0a245e249a177aa382ca94a4dd6866c8b051c1fdcd9c0ffeef323472b30
Instruction ID: a0ee47e7803ba062970076907a54e85bfe8dd5015b972fdcc767daf561f91e48
Opcode Fuzzy Hash: e6ffa0a245e249a177aa382ca94a4dd6866c8b051c1fdcd9c0ffeef323472b30
Instruction Fuzzy Hash: 6F814B75B000499BCF188F7898909BE77E7EF85318B28851AD926D73A0DB35DC0A9793

Function 006CA960 Relevance: 5.6, Strings: 4, Instructions: 556COMMON

Download Yara Rule

Strings

~![C, xrefs: 006CAE1A
~![C, xrefs: 006CAD57
~![C, xrefs: 006CAE48
~![C, xrefs: 006CAD22

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: ~![C$~![C$~![C$~![C
API String ID: 0-3770912386
Opcode ID: 340500391df850e4c04fafbd763dcfa9dc05ca4e154eaa3825f1ae00a86bbf75
Instruction ID: ffa17127c340114deccf8d87838dba2da4d9352da8a6cf7c1b511371accba476
Opcode Fuzzy Hash: 340500391df850e4c04fafbd763dcfa9dc05ca4e154eaa3825f1ae00a86bbf75
Instruction Fuzzy Hash: 971246353042499F8B188E68A894A7A77E7EFD5314F298A2DE856C73A1D734CC0AD743

Function 006C85D0 Relevance: 5.5, Strings: 4, Instructions: 546COMMON

Download Yara Rule

Strings

,poq, xrefs: 006C8B89
,poq, xrefs: 006C8CD9
,poq, xrefs: 006C8CED
,poq, xrefs: 006C8689

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: ,poq$,poq$,poq$,poq
API String ID: 0-1466084340
Opcode ID: b11e5de91adb95fd19a9b93e1f13128ec887475ee042655755241d008283c771
Instruction ID: 4fa8e939157e10aeedfe1cf9ec9dadbb409a475c7148398780f524caedba0700
Opcode Fuzzy Hash: b11e5de91adb95fd19a9b93e1f13128ec887475ee042655755241d008283c771
Instruction Fuzzy Hash: 41224D79B012198FCF28CF68D9949BDB7F2FF89310B244569E815E73A1DA31AC42CB51

Function 00852A8A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00852B82
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00852B8C
UnhandledExceptionFilter.KERNEL32(008630F9,?,?,?,?,?,00000000), ref: 00852B99

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: e9251b5d1cf8ff1eebe6c85e8212ee719312a60b2695cd1ded606523bd9654b5
Instruction ID: 09d9fe8878d51763e4b1a8ae6e03f8866458534a5b81340d00af2c995397e220
Opcode Fuzzy Hash: e9251b5d1cf8ff1eebe6c85e8212ee719312a60b2695cd1ded606523bd9654b5
Instruction Fuzzy Hash: CC31C27494122DABCB21DF68D88978DBBB8FF08310F5041EAE81CA7251EB709F858F45

Function 00850278 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,00850330,?,?,?,?), ref: 0085029A
TerminateProcess.KERNEL32(00000000,?,00850330,?,?,?,?), ref: 008502A1
ExitProcess.KERNEL32 ref: 008502B3

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: b06230900799121c607e306f808ec964f93f05d3b72d4f62ec45c91025e58b99
Instruction ID: c06a9a791989900cd714ca6c8594c90c443fee625dc3c6c8bcf87882043e8653
Opcode Fuzzy Hash: b06230900799121c607e306f808ec964f93f05d3b72d4f62ec45c91025e58b99
Instruction Fuzzy Hash: 6EE0BD31008148EFCF166BA8DE4DA583B7AFB88342F004428F899CA131CB75ED86CA95

Function 006E0945 Relevance: 4.2, Strings: 3, Instructions: 499COMMON

Download Yara Rule

Strings

;[aS, xrefs: 006E0DE0
:[aS, xrefs: 006E0AB7
;[aS, xrefs: 006E0AC2

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: :[aS$;[aS$;[aS
API String ID: 0-2901522136
Opcode ID: bf3e3965d3a650ef6b1897b2295e0d7d0f9ed76bf2c6e398967190d15e56c9c9
Instruction ID: 1c1c1c5da3f14a8c0441a8932c0fffa11048aa72bcc64b88e34d67772be17e8a
Opcode Fuzzy Hash: bf3e3965d3a650ef6b1897b2295e0d7d0f9ed76bf2c6e398967190d15e56c9c9
Instruction Fuzzy Hash: 0302497AB023998FDF148B6D98D05AD77E3AFC5320F384255D411A73A5C7708D86CB92

Function 006D1C00 Relevance: 4.1, Strings: 3, Instructions: 302COMMON

Download Yara Rule

Strings

e2(Z, xrefs: 006D1DAE
e2(Z, xrefs: 006D1FF5
d2(Z, xrefs: 006D1CEC

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: d2(Z$e2(Z$e2(Z
API String ID: 0-2828783447
Opcode ID: f49ca43cd712141e01bfdefd7927b6f558ec447029fa831d4bb973e4f45dc803
Instruction ID: 17b75a3cf544bf0abab2322d8d08c949137686a696582f3894e6bd9d4a60d9e0
Opcode Fuzzy Hash: f49ca43cd712141e01bfdefd7927b6f558ec447029fa831d4bb973e4f45dc803
Instruction Fuzzy Hash: B2B10775F043199FCF148BBC98C15ADB7E2AB5A360F254212D920BF3A1D2A98C458BA1

Function 006CB430 Relevance: 2.8, Strings: 2, Instructions: 315COMMON

Download Yara Rule

Strings

xA=, xrefs: 006CB5B8
xA=, xrefs: 006CB851

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID: xA=$xA=
API String ID: 0-1948165972
Opcode ID: 0da8862050b5d19947bbc7882677f986bb5d12928cf70cb2ffcc12632f689220
Instruction ID: 12f2fa952e2847697dc74722adacd5fa3178bc61a84b4ca3db969d5a403be33d
Opcode Fuzzy Hash: 0da8862050b5d19947bbc7882677f986bb5d12928cf70cb2ffcc12632f689220
Instruction Fuzzy Hash: BAB1F63B7046088F8F18CA2CC885ABD73EBEFC9760F26510AD8159B3A5CB319C468F51

Function 006D0F90 Relevance: .5, Instructions: 458COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d80ab07816db9b59144160a7596588b13ee26649836a1381ca341994aa0c2c37
Instruction ID: 3295f2556dab3e8103dde01b1eaa3c6a245544110925bf72250739585bc633ae
Opcode Fuzzy Hash: d80ab07816db9b59144160a7596588b13ee26649836a1381ca341994aa0c2c37
Instruction Fuzzy Hash: 97F13435F00105DF8F18CB6895A05FE7BE3AFCA354F29845BD816AF3A5CA309D468B91

Function 006C5510 Relevance: .4, Instructions: 402COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89e7997ab611efc6f2f00b75dcb71593ea17f93dfd2610c953b4bc31f8d2eec5
Instruction ID: 3c2dd67859bec76ba244918a3b2940043a0026531deadef727553fabd65f0a2f
Opcode Fuzzy Hash: 89e7997ab611efc6f2f00b75dcb71593ea17f93dfd2610c953b4bc31f8d2eec5
Instruction Fuzzy Hash: 43E1E873508A409BCE288A1CC994F7E77A3D7C4360FEA891EE567173B0D675ACC68742

Function 006CD9C0 Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b58cef0c4dabd060240a246173436384554ce117c756d1c3c78ca841644c7b
Instruction ID: fa36f8ae7ded0cb6a3d1cb144f5e9bd126d14ba6eaf79681ad5be1485ccc6512
Opcode Fuzzy Hash: 84b58cef0c4dabd060240a246173436384554ce117c756d1c3c78ca841644c7b
Instruction Fuzzy Hash: 02D1D8797082118FCA188A28D4E0ABE77D3EFD5314F258A6EE8534B7F4C6359C46DB81

Function 006C1E50 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a903717183b37115092618e135a60c13d4836f4edc17c81c10e9f10ec5aabdd5
Instruction ID: d1f673a32f48f0626439ae6599532cf03944d7759c4d34a1795936d878778372
Opcode Fuzzy Hash: a903717183b37115092618e135a60c13d4836f4edc17c81c10e9f10ec5aabdd5
Instruction Fuzzy Hash: 93B1BC36E001368F8F24DE19D480ABEB7E3FB9A360B1A425ACD55BB355D7349C428BD1

Function 006D1710 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad67b92f28e4f143afb712e6a5974f5b88eb925d1acbd975e987cd491c300d5
Instruction ID: 3ee6dafc70efd7e0049ebe0ac404bedf7779ba05afc4226a871a45994577d0ff
Opcode Fuzzy Hash: dad67b92f28e4f143afb712e6a5974f5b88eb925d1acbd975e987cd491c300d5
Instruction Fuzzy Hash: EDB1E339F006149FCB10CFA8C590AEEB7F3AF86360F19525AD815AB3A4D7719D06CB90

Function 0085E835 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8002cddf0912a3c4a4c14f9dabde380401963fb4ceedbd51d2a293b40520d5e8
Instruction ID: 831b8ff4d226056e2a7f917149fd709c7a75a30e960d7dc8eacc398e2ba5b2d4
Opcode Fuzzy Hash: 8002cddf0912a3c4a4c14f9dabde380401963fb4ceedbd51d2a293b40520d5e8
Instruction Fuzzy Hash: 94E04632911228EBCB28DB8C8904D8AB3ECFB44B02B1100AAB901D3101C670DE04CBD0

Function 0085F804 Relevance: 19.6, APIs: 13, Instructions: 113
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___free_lconv_mon.LIBCMT ref: 0085F848

Part of subcall function 0085EC60: _free.LIBCMT ref: 0085EC7D
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085EC8F
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ECA1
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ECB3
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ECC5
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ECD7
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ECE9
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ECFB
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ED0D
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ED1F
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ED31
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ED43
Part of subcall function 0085EC60: _free.LIBCMT ref: 0085ED55

_free.LIBCMT ref: 0085F83D

Part of subcall function 0085B397: HeapFree.KERNEL32(00000000,00000000,?,008521FB), ref: 0085B3AD
Part of subcall function 0085B397: GetLastError.KERNEL32(?,?,008521FB), ref: 0085B3BF

_free.LIBCMT ref: 0085F85F
_free.LIBCMT ref: 0085F874
_free.LIBCMT ref: 0085F87F
_free.LIBCMT ref: 0085F8A1
_free.LIBCMT ref: 0085F8B4
_free.LIBCMT ref: 0085F8C2
_free.LIBCMT ref: 0085F8CD
_free.LIBCMT ref: 0085F905
_free.LIBCMT ref: 0085F90C
_free.LIBCMT ref: 0085F929
_free.LIBCMT ref: 0085F941

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 1d22ff053908d5def3f1a543b6c0b5a2034a16fffce90154c0cb39138100342c
Instruction ID: 8fc2458bd5660914f7fe11ad9e142c245745e68109c821e2f48f83d97658dc92
Opcode Fuzzy Hash: 1d22ff053908d5def3f1a543b6c0b5a2034a16fffce90154c0cb39138100342c
Instruction Fuzzy Hash: 51311A31600709AFDB206A68D845B9ABBE9FF10352F114839E999E6292DF31ED488711

Function 0085A414 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::operator==.LIBVCRUNTIME ref: 0085A533
CatchIt.LIBVCRUNTIME ref: 0085A692
_UnwindNestedFrames.LIBCMT ref: 0085A793
CallUnexpected.LIBVCRUNTIME ref: 0085A7AE

Strings

csm, xrefs: 0085A56A
csm, xrefs: 0085A451
csm, xrefs: 0085A4BE

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: CallCatchFramesNestedUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2332921423-393685449
Opcode ID: a898b07ed5a7c83085055057ea9c6d203230da13f141036a04706bd76ae3b854
Instruction ID: b02fde942ad2c2b83868d6fa16a96359f6f10a41022ca3a5bb0597961244c07f
Opcode Fuzzy Hash: a898b07ed5a7c83085055057ea9c6d203230da13f141036a04706bd76ae3b854
Instruction Fuzzy Hash: 38B16B75800219DFCF29DFA8C8819AEB7B5FF18312F144259EC55AB202D731DA59CB93

Function 006D27F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 188COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 006D28BB

Strings

iostream stream error, xrefs: 006D2999
HI>, xrefs: 006D2888
HI>, xrefs: 006D29FF
HI>, xrefs: 006D2A66

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: _strlen
String ID: HI>$HI>$HI>$iostream stream error
API String ID: 4218353326-3843587778
Opcode ID: f59c3aa84e590e9163a19841f8f3c941fd5d9f5d7fb4b8d2123f96c6e3addde9
Instruction ID: 9d7b7aaa85bea1c7f6c5ef6af8a5784564b2421521d48d3e94519300f3a68510
Opcode Fuzzy Hash: f59c3aa84e590e9163a19841f8f3c941fd5d9f5d7fb4b8d2123f96c6e3addde9
Instruction Fuzzy Hash: 6861F371A007038BCB14CF2898A57AA77E6FB64320F28421AE815DB391D3769D4ACB95

Function 0084C2D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 0084C307
___except_validate_context_record.LIBVCRUNTIME ref: 0084C30F
_ValidateLocalCookies.LIBCMT ref: 0084C398
__IsNonwritableInCurrentImage.LIBCMT ref: 0084C3C3
_ValidateLocalCookies.LIBCMT ref: 0084C418

Strings

csm, xrefs: 0084C3AD

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: b44987eec380207ab516c76266074f7eadae9473afd81a8106df5d1d1ed913cc
Instruction ID: 8d93d6fe8f044a2b6d752d016f5e02d8dd27583edb91f2fd13263e147e68003f
Opcode Fuzzy Hash: b44987eec380207ab516c76266074f7eadae9473afd81a8106df5d1d1ed913cc
Instruction Fuzzy Hash: D741A034A0121CABCF50DF68C884AAEBBA8FF05318F14C155F815EB352D731AA15CB92

Function 0085F050 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0085F3B0: _free.LIBCMT ref: 0085F3D5

_free.LIBCMT ref: 0085F09E

Part of subcall function 0085B397: HeapFree.KERNEL32(00000000,00000000,?,008521FB), ref: 0085B3AD
Part of subcall function 0085B397: GetLastError.KERNEL32(?,?,008521FB), ref: 0085B3BF

_free.LIBCMT ref: 0085F0A9
_free.LIBCMT ref: 0085F0B4
_free.LIBCMT ref: 0085F108
_free.LIBCMT ref: 0085F113
_free.LIBCMT ref: 0085F11E
_free.LIBCMT ref: 0085F129

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 10f89baa2e0e33ddf7736a6c1844a4c53b43da7e62d178f93e44d7a4bdad20d8
Instruction ID: 202193bd74d20e645aad7b31f4af6793deff36d5abb0e1c753de4e042a34d0ee
Opcode Fuzzy Hash: 10f89baa2e0e33ddf7736a6c1844a4c53b43da7e62d178f93e44d7a4bdad20d8
Instruction Fuzzy Hash: 7E11FCB2540B08EAE520BBB4CC46FDB7B9DFF04702F404865BA99E6293DB65B5084652

Function 0085B598 Relevance: 9.1, APIs: 6, Instructions: 128COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,008500B3,0087CA98,0000000C), ref: 0085B59D
_free.LIBCMT ref: 0085B5FA
_free.LIBCMT ref: 0085B630
SetLastError.KERNEL32(00000000,00000005,000000FF,?,?,008500B3,0087CA98,0000000C), ref: 0085B63B
_free.LIBCMT ref: 0085B6A5
_free.LIBCMT ref: 0085B6D9

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: _free$ErrorLast
String ID:
API String ID: 3291180501-0
Opcode ID: e8098967caadf51a9526d53036f489487911d1ddae78389e2858bccf0a0a6882
Instruction ID: 2c1d9d04509e40c734a03a175916868111abb60684d51a093a6bceb3f158e247
Opcode Fuzzy Hash: e8098967caadf51a9526d53036f489487911d1ddae78389e2858bccf0a0a6882
Instruction Fuzzy Hash: 22310472601A156EDE11377C9C46E2B259DFFB07B7B240624FC20E62E2EF258C0E8356

Function 00859B4D Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00859B44,0085A326,?,?,?,?,0084BDBD,?,?,?,?,?,00000000,00000000), ref: 00859B5B
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00859B69
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00859B82
SetLastError.KERNEL32(00000000,?,00859B44,0085A326,?,?,?,?,0084BDBD,?,?,?,?,?,00000000,00000000), ref: 00859BD4

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: a7e2376fad695c0a9aee8159f288aee4313434fd2c4a6c78ecfa6b63f64607aa
Instruction ID: dab2e462c22e62eab3c95077fd7e2e17308f619350aede9350dd1252bb6af52f
Opcode Fuzzy Hash: a7e2376fad695c0a9aee8159f288aee4313434fd2c4a6c78ecfa6b63f64607aa
Instruction Fuzzy Hash: ED01D432108726DEFB24277CBC8E9172A49FB017BA7200339F914D15E1FF554C4AA342

Function 00850225 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,008502AF,?,?,00850330,?,?,?), ref: 0085023A
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0085024D
FreeLibrary.KERNEL32(00000000,?,?,008502AF,?,?,00850330,?,?,?), ref: 00850270

Strings

CorExitProcess, xrefs: 00850245
mscoree.dll, xrefs: 00850233

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 5bd7048b39c3b1b26304725d27c120a3acbb9a30a1ad4d287d2ab2d91fc4bec9
Instruction ID: 8ccbfcd2b8bdc2cf43ab8b708db81fc743e2ddfffe5b6376a222d92e0d9f5d25
Opcode Fuzzy Hash: 5bd7048b39c3b1b26304725d27c120a3acbb9a30a1ad4d287d2ab2d91fc4bec9
Instruction Fuzzy Hash: DEF01C31A05618FBDB229B65ED0DB9EBB69FB04796F108060F809E11A4CB74CE44DF90

Function 0085EF6C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0085EF84

Part of subcall function 0085B397: HeapFree.KERNEL32(00000000,00000000,?,008521FB), ref: 0085B3AD
Part of subcall function 0085B397: GetLastError.KERNEL32(?,?,008521FB), ref: 0085B3BF

_free.LIBCMT ref: 0085EF96
_free.LIBCMT ref: 0085EFA8
_free.LIBCMT ref: 0085EFBA
_free.LIBCMT ref: 0085EFCC

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e4d7858dc37f3150ef7ac917fc6cd0fe97281a8e145af8be86915be259c8803e
Instruction ID: 2f824b8e4e57f1ce72f997fb45a20e0de06df3e0d5b561d970006cdf8d91f84e
Opcode Fuzzy Hash: e4d7858dc37f3150ef7ac917fc6cd0fe97281a8e145af8be86915be259c8803e
Instruction Fuzzy Hash: FAF04F32508308AB8A64EF5CE989C9A7FDEFA047127650849F858E7A40CF24FC884B64

Function 0085A839 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0085A73F,?,?,00000000,00000000,00000000,?), ref: 0085A85E
CatchIt.LIBVCRUNTIME ref: 0085A944

Strings

MOC, xrefs: 0085A870
RCC, xrefs: 0085A878

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 38aaaff7a6061425a2e35b25ed7a84467e0ca7c0ba615baaa2810b8505367f1c
Instruction ID: 48c2060da952657edb0334f197524d6380dcbb60a23f5658eb30d70099f3ad82
Opcode Fuzzy Hash: 38aaaff7a6061425a2e35b25ed7a84467e0ca7c0ba615baaa2810b8505367f1c
Instruction Fuzzy Hash: 56418871900219EFCF1ACF98CC81AAEBBB5FF48311F158169FE18A7211D3359A54DB52

Function 00865DAF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00865E4B,?,?,00000000,?,?,?,00865D09,00000002,FlsGetValue,008702A4,008702AC), ref: 00865DBC
GetLastError.KERNEL32(?,00865E4B,?,?,00000000,?,?,?,00865D09,00000002,FlsGetValue,008702A4,008702AC,?,?,00859B6E), ref: 00865DC6
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00865DEE

Strings

api-ms-, xrefs: 00865DD3

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 2f02bc72c83cb163fbe7f0934a189c01081c303825c876f21d45b6024d910fbe
Instruction ID: 8cc86b6d50f65054df06997b70fc7afab91b5aa6e98994d5ab50a66d4a5c6798
Opcode Fuzzy Hash: 2f02bc72c83cb163fbe7f0934a189c01081c303825c876f21d45b6024d910fbe
Instruction Fuzzy Hash: 5AE04F70684705B7EB201F61EC0EB593B54FB11B91F104030FA0CE84E5EBA2E9A4D945

Function 0085A13B Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0085A202
___AdjustPointer.LIBCMT ref: 0085A225
___AdjustPointer.LIBCMT ref: 0085A2C1

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 3788cce53b26d8200b629c6d099de1bc1b4f8f436bd06b584fc1124e4b263c81
Instruction ID: b2dcc64dcf06b1a42c3d4c11159f96bf6b4c1ad69d1e21381351cc9d219b6a57
Opcode Fuzzy Hash: 3788cce53b26d8200b629c6d099de1bc1b4f8f436bd06b584fc1124e4b263c81
Instruction Fuzzy Hash: DD51D275A05606AFDB2D8F54D8C2B6A77A5FF00712F14462DEC06D7290D732ED48CB92

Function 0085B6EF Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0085233C,0085B3BD,?,?,008521FB), ref: 0085B6F4
_free.LIBCMT ref: 0085B751
_free.LIBCMT ref: 0085B787
SetLastError.KERNEL32(00000000,00000005,000000FF,?,?,0085233C,0085B3BD,?,?,008521FB), ref: 0085B792

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: bcd535f1d555c2d7301b1385d478d83593c45021c78df9573df1c75095eb9ec1
Instruction ID: db01fbbd79c17713db083f15da9eef294f0b740342097813fa1e7e863410d704
Opcode Fuzzy Hash: bcd535f1d555c2d7301b1385d478d83593c45021c78df9573df1c75095eb9ec1
Instruction Fuzzy Hash: 3811C2322016056FDA00277C5C85E2A266EFBE47B7B340634FD24D62D2DF258C0E8621

Function 006D2170 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 006D222B

Strings

a m, xrefs: 006D22AA, 006D2202

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: _strlen
String ID: a m
API String ID: 4218353326-282280258
Opcode ID: 053ef714df909aeac266c7ea403a6aa88a11959c4342d2cd1395f8c765178914
Instruction ID: 79e664d626330e4b8a68c5b570ae7d24615cb7c1318e9011280130ccb419e093
Opcode Fuzzy Hash: 053ef714df909aeac266c7ea403a6aa88a11959c4342d2cd1395f8c765178914
Instruction Fuzzy Hash: 9B518F75E002199FDF00CFA4D890AEEBBB6FF99310F14412AE911A7391D3759E45CB94

Function 0085A0A4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0085A31B

Strings

csm, xrefs: 0085A33D
csm, xrefs: 0085A3AE

Memory Dump Source

Source File: 0000000C.00000002.2612046155.00000000006C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006C0000, based on PE: true

Associated: 0000000C.00000002.2612019434.00000000006C0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612169132.000000000086B000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612193637.000000000087E000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.0000000000881000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612209830.000000000088B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000088F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000C.00000002.2612242429.000000000090B000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_6c0000_install.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 8681b41566cfafb396b0be45168a066616131e2331250a7bf14afe8d2f4bc1fa
Instruction ID: cb9945bed988e397840b318738879c778146c34e7d06667a519274ef42366dd9
Opcode Fuzzy Hash: 8681b41566cfafb396b0be45168a066616131e2331250a7bf14afe8d2f4bc1fa
Instruction Fuzzy Hash: 32318431400218DBCF2A5F94C8C49AA7B65FF0931BB184659FC548A212D377CCAADB93

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Process: Process Creation, Service: Service Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report CH2emxsgb7.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files.cab

C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\374144fc37be4cfc995091726f5280c7$dpx$.tmp\fc2afe7abf0b084895c411b2655de9b1.tmp

C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\files\install.exe (copy)

C:\Users\user\AppData\Local\Temp\MW-493a2f6a-b2ac-4668-b938-9317c43e1e97\msiwrapper.ini

C:\Windows\Installer\6c33d4.msi

C:\Windows\Installer\MSIAB7.tmp

C:\Windows\Installer\SourceHash{EC0B7729-7E31-4A40-84C7-A7BC5EBB8C41}

C:\Windows\Installer\inprogressinstallinfo.ipi

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

C:\Windows\SystemTemp\~DF180919B16B293FC2.TMP

C:\Windows\SystemTemp\~DF6D82FCD56D3FCB17.TMP

\Device\ConDrv

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Windows Analysis Report
CH2emxsgb7.msi

Function 0085E866 Relevance: .0, Instructions: 29
COMMON

Function 0085C0A9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Function 0084FF76 Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Function 0085008E Relevance: 3.0, APIs: 2, Instructions: 38
threadCOMMON

Function 0085C170 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Function 006D2DD0 Relevance: 15.6, Strings: 12, Instructions: 614
COMMON

Function 006C6E40 Relevance: 15.6, Strings: 12, Instructions: 584
COMMON

Function 006C22F0 Relevance: 15.3, Strings: 12, Instructions: 337
COMMON