Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1420792
MD5:	219ef06e5b58fcf3134f362ca6073c06
SHA1:	9d784d81fec551d248506901f7283ed7d91f8017
SHA256:	b86d5ba2ec3c95ad28c63d2c1256a6ce067bbea9b3f2903babe468f53d3838ef
Tags:	exe
Infos:

Detection

DanaBot

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected DanaBot stealer dll

Machine Learning detection for sample

May use the Tor software to hide its network traffic

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Instant Messenger accounts or passwords

Abnormal high CPU Usage

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the installation date of Windows

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7572 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 219EF06E5B58FCF3134F362CA6073C06)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DanaBot	Proofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims. The social engineering in the low-volume DanaBot campaigns we have observed so far has been well-crafted, again pointing to a renewed focus on quality over quantity in email-based threats. DanaBots modular nature enables it to download additional components, increasing the flexibility and robust stealing and remote monitoring capabilities of this banker.	SCULLY SPIDER	https://asec.ahnlab.com/en/30445/ https://asert.arbornetworks.com/danabots-travels-a-global-perspective/ https://assets.virustotal.com/reports/2021trends.pdf https://blog.lexfo.fr/danabot-malware.html https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/	https://malpedia.caad.fkie.fraunhofer.de/details/win.danabot

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1615047964.000000007E81D000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7572	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7572	JoeSecurity_DanaBot_stealer_dll	Yara detected DanaBot stealer dll	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 39%
Source: file.exe	Virustotal: Detection: 48%			Perma Link

Yara detected DanaBot stealer dll

Source: Yara match

File source: Process Memory Space: file.exe PID: 7572, type: MEMORYSTR

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 95.164.23.133
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155
Source: unknown	TCP traffic detected without corresponding DNS query: 91.242.163.155

Source: file.exe, 00000000.00000003.1615529156.000000007E9D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.css
Source: file.exe, 00000000.00000003.1615529156.000000007E9D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.jpg
Source: file.exe, 00000000.00000003.2623590322.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherV
Source: file.exe, 00000000.00000003.3163110959.0000000004760000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3147299610.0000000004760000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3252468404.0000000004760000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3248449775.000000000475C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3258972677.000000000475F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2922074615.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2635270536.0000000004703000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3216900215.0000000004767000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3136970403.0000000004760000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208646911.0000000004740000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValu
Source: file.exe, 00000000.00000003.1615529156.000000007E9D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: file.exe, 00000000.00000003.1618462768.000000007EB44000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1619633085.000000007EB1A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/V
Source: file.exe, 00000000.00000003.1617526286.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: file.exe, 00000000.00000003.1617526286.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.htmlRAND
Source: file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577140463.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577140463.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577140463.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2606084821.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601721111.0000000004750000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2604692526.0000000004766000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2606084821.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601721111.0000000004750000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1677553284.0000000000A95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2322529488.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3059137382.0000000004ABE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2715453796.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2456439561.00000000046E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577021954.0000000004AD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3205950768.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1677553284.0000000000A95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2322529488.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3059137382.0000000004ABE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2715453796.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2456439561.00000000046E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577021954.0000000004AD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1677553284.0000000000A95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2322529488.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3059137382.0000000004ABE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2715453796.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2456439561.00000000046E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577021954.0000000004AD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2868604120.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2758893183.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2635955412.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3121032979.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3259180813.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2805528697.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2934042392.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2790140498.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3237301839.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2858672440.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2734342190.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2796623818.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3011085498.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2855071006.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3212105827.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3138884875.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2926146313.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3157277266.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578709231.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2937000761.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2997762454.0000000000A83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.li
Source: file.exe, 00000000.00000003.2796623818.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3253741103.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2584934228.0000000000A76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: file.exe, 00000000.00000003.2378915000.0000000000A71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2I
Source: file.exe, 00000000.00000003.3212105827.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3237301839.0000000000AA2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2623590322.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3138884875.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2LMEM
Source: file.exe, 00000000.00000003.3121032979.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2855071006.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2997072704.0000000004B3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2559305776.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2863147110.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3144544785.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2922074615.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2906254177.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2935763852.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2761984948.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2938152603.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2862516216.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2564566045.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2573649378.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3160310696.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3063491671.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3253741103.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2790140498.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3206952858.000000000476F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2584934228.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2860291250.0000000004A55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: file.exe, 00000000.00000003.2816320925.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2934042392.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3043333535.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2758893183.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3144544785.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3160310696.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3253741103.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2858672440.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3104004487.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3034670032.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2995945644.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3245336143.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2734342190.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2772440150.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3138884875.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2805528697.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2906254177.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2855071006.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3121032979.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3054441726.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3152660136.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=10330
Source: file.exe, 00000000.00000003.2816320925.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2937000761.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2934042392.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3043333535.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2758893183.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3144544785.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3160310696.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3253741103.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2858672440.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3104004487.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3034670032.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2995945644.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3245336143.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2734342190.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2772440150.0000000000ADB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3138884875.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2805528697.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2862516216.0000000000ADD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2906254177.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2855071006.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3121032979.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=10331
Source: file.exe, 00000000.00000003.3054441726.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3253741103.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2790140498.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2997762454.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2735628453.0000000000A4B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378915000.0000000000A4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033=
Source: file.exe, 00000000.00000003.2688443005.0000000004A3C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2694773007.0000000004A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
Source: file.exe, 00000000.00000003.3232202895.00000000047AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033g
Source: file.exe, 00000000.00000003.2635955412.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3245336143.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3253741103.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3104004487.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2934042392.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3168485910.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3121032979.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2855071006.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2863147110.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2922074615.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2906254177.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2935763852.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2938152603.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3063491671.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2584934228.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2860291250.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2979272033.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2629909586.0000000000A9B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2734342190.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2793855630.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3030053443.0000000004A55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033m
Source: file.exe, 00000000.00000003.3127646749.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3129184188.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3043980372.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3266348783.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3059610614.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3054042970.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3145591655.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3038220145.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3032523285.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3161043523.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3095050608.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3024539773.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3232202895.00000000047B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3271698581.00000000047B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3250869744.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3138286538.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3070300710.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3168062530.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3206952858.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3109546564.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3047903889.00000000047B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033q
Source: file.exe, 00000000.00000003.2504719258.0000000004A43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033veLMEM
Source: file.exe, 00000000.00000003.3127646749.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3129184188.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3043980372.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3266348783.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3059610614.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3054042970.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3145591655.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3038220145.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3032523285.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3161043523.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3095050608.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3024539773.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3232202895.00000000047B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3271698581.00000000047B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3250869744.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3138286538.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3070300710.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3168062530.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3206952858.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3109546564.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3047903889.00000000047B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033x
Source: file.exe, 00000000.00000003.2766959805.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3127646749.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2632142939.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2647541895.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3129184188.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2929784017.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2848439219.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3043980372.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2858016492.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2733684035.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2780564828.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3266348783.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3059610614.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3054042970.00000000047B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3145591655.00000000047B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2609086136.00000000047B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2776383761.00000000047B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2802472343.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2988081170.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2710528686.00000000047B5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2823378437.00000000047B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033z
Source: file.exe, 00000000.00000003.2818083520.0000000004A39000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=000000004
Source: file.exe, 00000000.00000003.3063491671.0000000004A5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3104004487.0000000000A70000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3253741103.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2584934228.0000000000A76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2572183027.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3205950768.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1677553284.0000000000A95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577140463.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2862516216.0000000000A69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.oracle.com/technetwork/java/javase/downloads8.132
Source: file.exe, 00000000.00000003.3117478345.0000000004740000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.oracle.com/technetwork/java/javase/downloadstion

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

E-Banking Fraud

Yara detected DanaBot stealer dll

Source: Yara match

File source: Process Memory Space: file.exe PID: 7572, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe

Process Stats: CPU usage > 49%

Source: file.exe

Static PE information: Number of sections : 11 > 10

Source: file.exe, 00000000.00000003.1618462768.000000007EB44000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibeay32.dllH vs file.exe
Source: file.exe, 00000000.00000003.1619633085.000000007EB1A000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamessleay32.dllH vs file.exe

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptui.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pstorec.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: mal84.phis.troj.spyw.evad.winEXE@1/152@0/2

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\Qoqetdehapeoas

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: file.exe, 00000000.00000003.1615283449.000000007E8E0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000003.1615283449.000000007E8E0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: file.exe, 00000000.00000003.1615283449.000000007E8E0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: file.exe, 00000000.00000003.1615283449.000000007E8E0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000003.2714044693.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2328300670.00000000045D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2714803033.0000000004A96000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2417435490.00000000045D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2904153335.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2789499850.0000000004AC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3000726338.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2619476442.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2788944500.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576228145.00000000045B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3066299823.0000000004AD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe	ReversingLabs: Detection: 39%
Source: file.exe	Virustotal: Detection: 48%

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: file.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: file.exe

Static file information: File size 3706880 > 1048576

Source: file.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x363400

Source: file.exe

Static PE information: section name: .didata

Hooking and other Techniques for Hiding and Protection

May use the Tor software to hide its network traffic

Source: file.exe, 00000000.00000003.1615047964.000000007E81D000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: torConnect

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 4572			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 4348			Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7672	Thread sleep time: -9144000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7676	Thread sleep time: -8696000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7680	Thread sleep time: -75075s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7676	Thread sleep time: -640000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7672	Thread sleep time: -592000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 75075

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: file.exe, 00000000.00000003.2735628453.0000000000A1D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: file.exe, 00000000.00000003.2378915000.0000000000A35000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: file.exe, 00000000.00000003.1615047964.000000007E81D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndTrayNotifyWndSysPagerToolbarWindow32U
Source: file.exe, 00000000.00000003.1615283449.000000007E8E0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: explorer.exeShell_TrayWnd

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DanaBot stealer dll

Source: Yara match

File source: Process Memory Space: file.exe PID: 7572, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Instant Messenger accounts or passwords

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\Miranda\

Jump to behavior

Source: Yara match	File source: 00000000.00000003.1615047964.000000007E81D000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7572, type: MEMORYSTR

Remote Access Functionality

Yara detected DanaBot stealer dll

Source: Yara match

File source: Process Memory Space: file.exe PID: 7572, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	121 Virtualization/Sandbox Evasion	1 OS Credential Dumping	111 Security Software Discovery	Remote Services	1 Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	1 Credentials in Registry	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Multi-hop Proxy	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	1 Credentials In Files	121 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	1 Proxy	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 System Owner/User Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	53 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	39%	ReversingLabs	Win32.Trojan.Barys
file.exe	49%	Virustotal		Browse
file.exe	100%	Avira	TR/ATRAPS.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://.jpg	0%	Avira URL Cloud	safe
http://.css	0%	Avira URL Cloud	safe
https://login.li	0%	Avira URL Cloud	safe
http://html4/loose.dtd	0%	Avira URL Cloud	safe
http://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValu	0%	Avira URL Cloud	safe
http://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherV	0%	Avira URL Cloud	safe
https://login.li	0%	Virustotal		Browse
http://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherV	0%	Virustotal		Browse
http://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValu	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577140463.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://html4/loose.dtd	file.exe, 00000000.00000003.1615529156.000000007E9D0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3205950768.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1677553284.0000000000A95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2322529488.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3059137382.0000000004ABE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2715453796.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2456439561.00000000046E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577021954.0000000004AD9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.openssl.org/support/faq.htmlRAND	file.exe, 00000000.00000003.1617526286.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1677553284.0000000000A95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2322529488.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3059137382.0000000004ABE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2715453796.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2456439561.00000000046E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577021954.0000000004AD9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577140463.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.openssl.org/V	file.exe, 00000000.00000003.1618462768.000000007EB44000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000003.1619633085.000000007EB1A000.00000004.00001000.00020000.00000000.sdmp	false		high
https://login.li	file.exe, 00000000.00000003.2868604120.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2758893183.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2635955412.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3121032979.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3259180813.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2805528697.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2934042392.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2790140498.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3237301839.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2858672440.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2734342190.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2796623818.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3011085498.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2855071006.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3212105827.0000000000A83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3138884875.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2926146313.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3157277266.0000000000A86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578709231.0000000000A71000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2937000761.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2997762454.0000000000A83000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValu	file.exe, 00000000.00000003.3163110959.0000000004760000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3147299610.0000000004760000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3252468404.0000000004760000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3248449775.000000000475C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3258972677.000000000475F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2922074615.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2635270536.0000000004703000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3216900215.0000000004767000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3136970403.0000000004760000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208646911.0000000004740000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577140463.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1677553284.0000000000A95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2322529488.00000000046D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3059137382.0000000004ABE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2715453796.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2456439561.00000000046E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577021954.0000000004AD9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2606084821.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601721111.0000000004750000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.oracle.com/technetwork/java/javase/downloads8.132	file.exe, 00000000.00000003.2862516216.0000000000A69000.00000004.00000020.00020000.00000000.sdmp	false		high
http://.css	file.exe, 00000000.00000003.1615529156.000000007E9D0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2572183027.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3205950768.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1677553284.0000000000A95000.00000004.00000020.00020000.00000000.sdmp	false		high
http://.jpg	file.exe, 00000000.00000003.1615529156.000000007E9D0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2503236590.0000000004769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3074874136.0000000004A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3009560315.0000000004787000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2566717021.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.3208525848.0000000004AC2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2909745348.0000000004ABA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2622840039.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2795796137.0000000004A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2583325625.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2378778396.00000000046DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2576485710.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2558658391.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2571503644.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2574599945.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2621659211.0000000004762000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2902582801.0000000004AB9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2416907209.00000000046DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2561955570.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2634761442.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577140463.0000000004761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2627971474.000000000476A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2606084821.000000000476A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601721111.0000000004750000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2604692526.0000000004766000.00000004.00000020.00020000.00000000.sdmp	false		high
http://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherV	file.exe, 00000000.00000003.2623590322.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.openssl.org/support/faq.html	file.exe, 00000000.00000003.1617526286.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://www.oracle.com/technetwork/java/javase/downloadstion	file.exe, 00000000.00000003.3117478345.0000000004740000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
95.164.23.133	unknown	Gibraltar		29632	NASSIST-ASGI	false
91.242.163.155	unknown	Russian Federation		61335	OOO-SYSMEDIA-ASRU	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1420792
Start date and time:	2024-04-05 12:33:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal84.phis.troj.spyw.evad.winEXE@1/152@0/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
12:34:26	API Interceptor	7415024x Sleep call for process: file.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NASSIST-ASGI	7qAKRRMho6.exe	Get hash	malicious	GCleaner, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	95.164.45.22
	8b3ee970a1b172952a665247aa5ff590d12d8f4b33c07.exe	Get hash	malicious	GCleaner, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	95.164.45.22
	e8iuAWz9pB.exe	Get hash	malicious	Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	95.164.45.22
	5zq2Yob8xh.exe	Get hash	malicious	GCleaner, Glupteba, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse	95.164.45.22
	It5nlRgHw8.exe	Get hash	malicious	Spark RAT	Browse	95.164.0.23
	It5nlRgHw8.exe	Get hash	malicious	Spark RAT	Browse	95.164.0.23
	03.04.24 0000123.vbs	Get hash	malicious	AgentTesla, XWorm	Browse	94.131.122.80
	Ux0uyPZABV.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRAT	Browse	95.164.45.22
	VALUATION NO. 2_SC.bat	Get hash	malicious	Unknown	Browse	95.164.21.184

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Aaeutrhyriqdy-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Adawisyphuhwh

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Aeahwuwrsffqo

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Aeefoeoesafra

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Aifwswtotoddq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Aiorpdwaapwpd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Aitsiyyrawtei

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Aoeassrieqydf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Asayspffheape

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ayuuiepeeqtit

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ddepesoeerrpray

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ddihuuehyef

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Deadepufpfupoeu

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dfoaue

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dfwusp

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Diaipqhihoy

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Drysrepeq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dsdquyrweieiut

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dsurthhdhq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dtpereuphysapes

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dwsuwofouh

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dwsuwofouh-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dydapepiu

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dyohrhyrw

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eaeseuyfdderepe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eddeddyq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Efhofqusftyfupu

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eifawouueuwoprs

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eihfueqp

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eirhihrodefhhqq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eorpwosw

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eosdqoyoaheasei

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eouopqwe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eqfydhoeoerhthq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eqfydhoeoerhthq-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eqqhdauy

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eqydswhyppiayfr

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eseuywqf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Esfyfihp

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Esqtehyp

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Esqtehyp-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eswqfeyu

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eswqfeyu-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Euquewpfdpwwwsq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Euupodsoopshrhq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Euwuydetqpeprda

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Fphdiq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Fstyda

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ftuowi

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Heatqtp

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Herfiri

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hhuauyy

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hiwppep

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hptqohs

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hptqohs-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hrsseey

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hsardei

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hsardei-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hsrwwhs

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hssewqu

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Htefeyf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Htefeyf-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Htsuypw

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hwaeyui

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ieatoerqwrr

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Iehturoiepr

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Iidpyowytuq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Iifhidedyut

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Iqpedhiyees

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Iquspsqiiau

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Iwuqheuepdh

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Iyaqwyfhrrf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Odyrhuuaawwh

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Odyrhuuaawwh-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Oeowwraouais

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Oeowwraouais-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Offwusrroasr

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ofpsietohpep

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Oieoqwyephqr

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Oyhsetppwtai

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Oyifaqyityye

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Pdaedwwrquyrp

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Pdawodtytupsw

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Phwyttq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ptqefearpewdfd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Qewfdhwfioorqi

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Qoqetdehapeoas

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Qorsstastffqae

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Qqadeaqdrhside

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Qqrpseehudfiqr

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Quaotetiheqeua

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rdoweryiwrrw

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rdqsrwefeotdae

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rersdppayfrieqi

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rorwofewttpe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rpeqyawuotuypye

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rqeqtefqefeehy

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rqeqtefqefeehy-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rqfyaqfequiupd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rqieuoyddseewq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rqwayfrofeuuip

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rqwayfrofeuuip-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rrhwusy

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rseqiqoo

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rwwyhwwdt

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ryewrhrei

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ryewrhrei-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ryyftfwhi

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Sapewwheiiuap

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Sapewwheiiuap-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Seirrdyqrwtuaot

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Sfatst

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Sfostd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Shiosfh

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Sifqehtitwa

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Sifywhptuew

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Speiyeys

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Tdywsishr

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Tftoap

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Tqoosqaqthoaff

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Trpeqdswprhoyof

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Tuowwrqpeh

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ueauhewhhi

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	CF845A781C107EC1346E849C9DD1B7E8
SHA1:	B44CCC7F7D519352422E59EE8B0BDBAC881768A7
SHA-256:	18619B678A5C207A971A0AA931604F48162E307C57ECDEC450D5F095FE9F32C7
SHA-512:	4802861EA06DC7FB85229A3C8F04E707A084F1BA516510C6F269821B33C8EE4EBF495258FE5BEE4850668A5AAC1A45F0EDF51580DA13B7EE160A29D067C67612
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Uepaeqtrue

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Uessydqysq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ufrdprysdo

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ufrdprysdo-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ufsfewdfdf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ufsfewdfdf-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Urqtwwrfaf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Usaiwdissf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Usaiwdissf-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Uwwpawuprt

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Uydhiqetee

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wfouso

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wfrhye

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wfrhye-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wiasyuhiuhd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wpeedfqteodyqer

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wphsodd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wquitspafyppwf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wstwtehoqayoswh

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wsweoqrehesyduf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	76B973F7B910A22256212C63ADB7A103
SHA1:	2EAB7B3CF42E12BA5F1FF6AB512E4A105740F631
SHA-256:	96C94D0826105FE47C587FD79E8869CE5EDBFBACDDDAB9F4F30C5FECBA2CA6A3
SHA-512:	4C11351FE96BA26070E1B22230AA940BAFD2AA646960ED7A512F7398DAFE6FA2C029FE941F7EBF2C27C9D64957DC05DF66F5DB4365A9A8C6556216314FC12E95
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wusepwyaou

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Yosstffaf

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ypuhyerto

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	modified
Size (bytes):	98304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0A9156C4E3C48EF827980639C4D1E263
SHA1:	9F13A523321C66208E90D45F87FA0CD9B370E111
SHA-256:	3A3ED164E42500A1C5B2D0093F0A813D27DC50D038F330CC100A7E70ECE2E6E4
SHA-512:	8A46C1B44C0EA338AFF0D2E2D07C34430B67B68B6D27E1ADB8CF216B0F0994172CED106A90283F2F0469B5CAA40ACEDF101D45729B823E5179EA55AC507E04AD
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ypuhyerto-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Yqreefuwe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Yroauefed

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	AB893875D697A3145AF5EED5309BEE26
SHA1:	C90116149196CBF74FFB453ECB3B12945372EBFA
SHA-256:	02B1C2234680617802901A77EAE606AD02E4DDB4282CCBC60061EAC5B2D90BBA
SHA-512:	6B65C0A1956CE18DF2D271205F53274D2905C803D059A0801BF8331CCAA28A1D4842D3585DD9C2B01502A4BE6664BDE2E965B15FCFEC981E85EED37C595CD6BC
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ysetfeopq

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	F4F35D60B3CC18AAA6D8D92F0CD3708A
SHA1:	6FECD5769C727E137B7580AE3B1823B06EE6F9D9
SHA-256:	2AAE7DC846AAF25F1CADF55F1666862046C6DB9D65D84BDC07FA039DAC405606
SHA-512:	A69E2DCE2F75771C63ACDA51E4AEECC95B00F65377E3026BAF93A6CFB936BF6F10CB320CC09B0E43EB7833D062B24EFC5932569A1826E55DBB736CCDA0BEB413
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ysqafthhd

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	E6FF930C3FB6DE61F664581C1A85F60C
SHA1:	F447CB15945D8630CC88ED3B7BEE049B6F5E4C7D
SHA-256:	CAA961E702D561D3245D06BF54FB5FE35BF75037032D764EC11FCB5AC1D41C1C
SHA-512:	60CA902E544D9535BC0F596EE8D262CAA73C885750875623DE20B42FAD52189C0CF41225312FC50DDB0C4D52580094A79F69CC8C674DC3200A42A935190DFFF8
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.7603057180395405
TrID:	Win32 Executable (generic) a (10002005/4) 99.53% Win32 EXE PECompact compressed (generic) (41571/9) 0.41% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	file.exe
File size:	3'706'880 bytes
MD5:	219ef06e5b58fcf3134f362ca6073c06
SHA1:	9d784d81fec551d248506901f7283ed7d91f8017
SHA256:	b86d5ba2ec3c95ad28c63d2c1256a6ce067bbea9b3f2903babe468f53d3838ef
SHA512:	d4cc35a6265b190d5be505798824d41aa06d6f4075ba23c2de3298f9ff0a77dbdb371b166b7a4821b3e303d87788a9268f9f44bd6214225a84b25ca5ad8a3286
SSDEEP:	49152:qdtvLwUU5h6/60ChOUreaSwotBP1aH4vaTZtSkLvUWgIc/ivZAFZnyFNz30dm9TN:iuo61frTStildtSkjDctBARkdS
TLSH:	9506F126F284D53EE49E1A394037A994D93FB76278168C8B56F048CCCF3D4817A7A25F
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x765d78
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x660FB096 [Fri Apr 5 08:04:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	3515998abe0aea14ac46a446bebe93d1

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 00760FB0h
call 00007FEA55153CE5h
xor eax, eax
push ebp
push 00765DA9h
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
call 00007FEA554A447Ah
xor eax, eax
pop edx
pop ecx
pop ecx
mov dword ptr fs:[eax], edx
push 00765DB0h
ret
jmp 00007FEA5514C937h
jmp 00007FEA554A953Ah
call 00007FEA5514D044h
lea eax, dword ptr [eax+00h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x377000	0x97	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x374000	0x13a2	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x393000	0x3400	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x37a000	0x182a0	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x379000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x374404	0x2ec	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x376000	0x246	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x363338	0x363400	3f2cd5fa88724df31fcf0e381943e73d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x365000	0xdb8	0xe00	e541b584ebb047ffe0eb64ae2ea76930	False	0.5580357142857143	data	6.224715531237705	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x366000	0x7488	0x7600	19df17825a5cd981b58f20dfdf00e994	False	0.5737552966101694	data	6.326463995089972	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x36e000	0x5f38	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x374000	0x13a2	0x1400	b7b3ad03a0fa9b93301d30e153e6e0ed	False	0.33359375	data	4.899869589483029	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0x376000	0x246	0x400	020b75d8398ba5c98b72db31cb9e8c5b	False	0.259765625	firmware 100 v0 (revision 2455844608) Ha7 , version 12318.16640.30 (region 2288006912), 0 bytes or less, UNKNOWN1 0x88603700, at 0 0 bytes , at 0 0 bytes , at 0x14524000 2354135040 bytes	2.4287425138293757	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x377000	0x97	0x200	f52dc19b27d4291714a8135ee65e2ece	False	0.251953125	data	1.8247353620405944	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x378000	0x20	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x379000	0x5c	0x200	e6e33c184a5992815f54be7636d6ad3f	False	0.1875	data	1.350805590113611	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x37a000	0x182a0	0x18400	773828fa93ce0e7d4665d61ec3932b8a	False	0.5864308150773195	data	6.711616617593465	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x393000	0x3400	0x3400	070c734a20828e36d1786ba497543ec4	False	0.2860576923076923	data	3.661232076352613	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_STRING	0x393368	0x20c	data	0.4255725190839695
RT_STRING	0x393574	0x424	data	0.34150943396226413
RT_STRING	0x393998	0x294	data	0.3151515151515151
RT_STRING	0x393c2c	0x488	data	0.3956896551724138
RT_STRING	0x3940b4	0x544	data	0.3241839762611276
RT_STRING	0x3945f8	0x37c	data	0.3632286995515695
RT_STRING	0x394974	0x440	data	0.38878676470588236
RT_STRING	0x394db4	0x21c	data	0.40555555555555556
RT_STRING	0x394fd0	0xbc	data	0.6542553191489362
RT_STRING	0x39508c	0x100	data	0.62890625
RT_STRING	0x39518c	0x338	data	0.4223300970873786
RT_STRING	0x3954c4	0x478	data	0.29895104895104896
RT_STRING	0x39593c	0x354	data	0.4107981220657277
RT_STRING	0x395c90	0x2b8	data	0.4367816091954023
RT_RCDATA	0x395f48	0x10	data	1.5
RT_RCDATA	0x395f58	0x348	data	0.6142857142857143

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	CharNextW, LoadStringW
kernel32.dll	Sleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
kernel32.dll	GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
user32.dll	PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, CharUpperBuffW, CharUpperW, CharLowerBuffW
version.dll	VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
kernel32.dll	WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VerSetConditionMask, VerifyVersionInfoW, UnmapViewOfFile, SwitchToThread, SuspendThread, Sleep, SetThreadPriority, SetLastError, SetFileTime, SetFilePointer, SetEvent, SetEndOfFile, ResumeThread, ResetEvent, ReleaseSemaphore, ReadFile, RaiseException, QueryDosDeviceW, IsDebuggerPresent, MapViewOfFile, LocalFree, LoadLibraryA, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GetVolumeInformationW, GetVersionExW, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLogicalDrives, GetLogicalDriveStringsW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesExW, GetFileAttributesW, GetExitCodeThread, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeLibrary, FormatMessageW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumSystemLocalesW, EnumCalendarInfoW, EnterCriticalSection, DeleteCriticalSection, CreateSemaphoreA, CreateFileMappingW, CreateFileW, CreateEventA, CreateEventW, CreateDirectoryW, CompareStringW, CloseHandle
kernel32.dll	Sleep
netapi32.dll	NetApiBufferFree, NetWkstaGetInfo
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
msvcrt.dll	memset, memmove, memcpy
msvcrt.dll	_beginthreadex

Exports

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x7005cc
__dbk_fcall_wrapper	2	0x4103fc
dbkFCallWrapperAddr	1	0x77162c

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 5, 2024 12:35:08.205909967 CEST	49737	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:08.205944061 CEST	443	49737	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:08.206165075 CEST	49737	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:08.294898987 CEST	49737	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:08.294913054 CEST	443	49737	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:08.294935942 CEST	49737	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:08.294943094 CEST	443	49737	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:08.294965029 CEST	443	49737	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:08.306824923 CEST	49738	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:08.306860924 CEST	443	49738	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:08.306976080 CEST	49738	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:08.367026091 CEST	49738	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:08.367039919 CEST	443	49738	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:08.367064953 CEST	443	49738	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:08.391242981 CEST	49739	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:08.391268015 CEST	443	49739	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:08.391613960 CEST	49739	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:09.459201097 CEST	49739	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:09.459223986 CEST	443	49739	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:09.459278107 CEST	49739	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:09.459286928 CEST	443	49739	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:09.459305048 CEST	443	49739	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:09.468729973 CEST	49740	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:09.468763113 CEST	443	49740	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:09.468863010 CEST	49740	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:09.572738886 CEST	49740	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:09.572753906 CEST	443	49740	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:09.572765112 CEST	49740	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:09.572776079 CEST	443	49740	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:09.572827101 CEST	443	49740	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:11.610775948 CEST	49742	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:11.610807896 CEST	443	49742	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:11.610878944 CEST	49742	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:11.710736990 CEST	49742	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:11.710753918 CEST	443	49742	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:11.710804939 CEST	49742	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:11.710807085 CEST	443	49742	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:11.710815907 CEST	443	49742	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:11.723442078 CEST	49743	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:11.723474026 CEST	443	49743	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:11.723546982 CEST	49743	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:11.804938078 CEST	49743	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:11.804953098 CEST	443	49743	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:11.804996967 CEST	443	49743	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:11.804997921 CEST	49743	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:11.805006027 CEST	443	49743	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:11.817884922 CEST	49744	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:11.817910910 CEST	443	49744	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:11.817969084 CEST	49744	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:11.943856955 CEST	49744	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:11.943872929 CEST	443	49744	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:11.943922043 CEST	49744	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:11.943928003 CEST	443	49744	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:11.943929911 CEST	443	49744	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:11.955641031 CEST	49745	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:11.955676079 CEST	443	49745	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:11.955745935 CEST	49745	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.049598932 CEST	49745	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.049622059 CEST	443	49745	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.049659014 CEST	49745	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.049664021 CEST	443	49745	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.049681902 CEST	443	49745	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.061924934 CEST	49746	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:12.061953068 CEST	443	49746	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:12.062016964 CEST	49746	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:12.166476965 CEST	49746	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:12.166492939 CEST	443	49746	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:12.166517973 CEST	49746	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:12.166526079 CEST	443	49746	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:12.166527033 CEST	443	49746	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:12.176023006 CEST	49747	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.176055908 CEST	443	49747	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.176115036 CEST	49747	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.229840040 CEST	49747	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.229854107 CEST	443	49747	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.229876995 CEST	443	49747	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.229892015 CEST	49747	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.229898930 CEST	443	49747	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.239300966 CEST	49748	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:12.239330053 CEST	443	49748	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:12.239399910 CEST	49748	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:12.303411007 CEST	49748	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:12.303425074 CEST	443	49748	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:12.303448915 CEST	49748	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:12.303455114 CEST	443	49748	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:12.303486109 CEST	443	49748	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:12.316534042 CEST	49749	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.316556931 CEST	443	49749	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.316601992 CEST	49749	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.410929918 CEST	49749	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.410944939 CEST	443	49749	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.410990953 CEST	443	49749	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:12.411031961 CEST	49749	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:12.411041021 CEST	443	49749	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:14.442888975 CEST	49750	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:14.442934036 CEST	443	49750	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:14.443042040 CEST	49750	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:14.518924952 CEST	49750	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:14.518938065 CEST	443	49750	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:14.518992901 CEST	443	49750	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:15.104882002 CEST	49751	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:15.104919910 CEST	443	49751	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:15.108010054 CEST	49751	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:16.184879065 CEST	49751	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:16.184912920 CEST	443	49751	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:16.184961081 CEST	49751	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:16.184973955 CEST	443	49751	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:16.184983015 CEST	443	49751	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:16.193875074 CEST	49752	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:16.193916082 CEST	443	49752	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:16.193988085 CEST	49752	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:16.247962952 CEST	49752	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:16.247987986 CEST	443	49752	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:16.248035908 CEST	49752	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:16.248043060 CEST	443	49752	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:16.248048067 CEST	443	49752	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:16.258672953 CEST	49753	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:16.258697987 CEST	443	49753	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:16.258781910 CEST	49753	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:16.337369919 CEST	49753	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:16.337398052 CEST	443	49753	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:16.337424994 CEST	443	49753	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:16.337444067 CEST	49753	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:16.337454081 CEST	443	49753	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:18.380862951 CEST	49754	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:18.380899906 CEST	443	49754	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:18.381144047 CEST	49754	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:18.708062887 CEST	49754	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:18.708087921 CEST	443	49754	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:18.708157063 CEST	443	49754	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:18.725115061 CEST	49755	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:18.725155115 CEST	443	49755	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:18.725239038 CEST	49755	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:18.784919977 CEST	49755	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:18.784938097 CEST	443	49755	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:18.784960032 CEST	443	49755	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:18.784961939 CEST	49755	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:18.784972906 CEST	443	49755	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:18.798444986 CEST	49756	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:18.798480988 CEST	443	49756	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:18.798547983 CEST	49756	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:18.870317936 CEST	49756	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:18.870342970 CEST	443	49756	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:18.870399952 CEST	443	49756	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:18.870476961 CEST	49756	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:18.870493889 CEST	443	49756	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:19.099145889 CEST	49757	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:19.099176884 CEST	443	49757	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:19.099651098 CEST	49757	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:19.149615049 CEST	49757	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:19.149633884 CEST	443	49757	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:19.149693012 CEST	443	49757	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:19.220423937 CEST	49758	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:19.220470905 CEST	443	49758	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:19.220633984 CEST	49758	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:19.281229973 CEST	49758	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:19.281243086 CEST	443	49758	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:19.281276941 CEST	443	49758	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:19.281302929 CEST	49758	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:19.281312943 CEST	443	49758	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:19.290313959 CEST	49759	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:19.290348053 CEST	443	49759	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:19.290528059 CEST	49759	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:19.627902985 CEST	49759	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:19.627922058 CEST	443	49759	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:19.627969027 CEST	443	49759	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:19.651257992 CEST	49760	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:19.651287079 CEST	443	49760	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:19.651365995 CEST	49760	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:19.794338942 CEST	49760	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:19.794353962 CEST	443	49760	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:19.794384956 CEST	443	49760	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:21.584686995 CEST	49761	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:21.584713936 CEST	443	49761	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:21.584767103 CEST	49761	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:21.659770966 CEST	49761	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:21.659784079 CEST	443	49761	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:21.659826040 CEST	443	49761	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:21.659831047 CEST	49761	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:21.659842968 CEST	443	49761	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:23.770956039 CEST	49762	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:23.770987034 CEST	443	49762	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:23.771050930 CEST	49762	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:23.848244905 CEST	49762	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:23.848270893 CEST	443	49762	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:23.848320007 CEST	49762	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:23.848326921 CEST	443	49762	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:23.848332882 CEST	443	49762	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:24.194519997 CEST	49763	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:24.194555998 CEST	443	49763	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:24.194617033 CEST	49763	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:24.263274908 CEST	49763	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:24.263288975 CEST	443	49763	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:24.263330936 CEST	443	49763	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:24.263333082 CEST	49763	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:24.263343096 CEST	443	49763	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:25.061357975 CEST	49764	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:25.061392069 CEST	443	49764	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:25.062992096 CEST	49764	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:25.108023882 CEST	49764	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:25.108023882 CEST	49764	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:25.108042955 CEST	443	49764	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:25.108055115 CEST	443	49764	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:25.108092070 CEST	443	49764	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:25.493350029 CEST	49765	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:25.493381023 CEST	443	49765	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:25.493455887 CEST	49765	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:25.651575089 CEST	49765	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:25.651597977 CEST	443	49765	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:25.651645899 CEST	443	49765	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:25.651647091 CEST	49765	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:25.651657104 CEST	443	49765	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:28.079802036 CEST	49766	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:28.079842091 CEST	443	49766	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:28.079901934 CEST	49766	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:28.140470982 CEST	49766	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:28.140484095 CEST	443	49766	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:28.140522957 CEST	49766	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:28.140527964 CEST	443	49766	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:28.140536070 CEST	443	49766	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:29.058934927 CEST	49767	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:29.058964968 CEST	443	49767	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:29.062966108 CEST	49767	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:30.141268015 CEST	49767	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:30.141297102 CEST	443	49767	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:30.141361952 CEST	443	49767	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:30.141362906 CEST	49767	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:30.141387939 CEST	443	49767	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:31.388860941 CEST	49768	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:31.388892889 CEST	443	49768	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:31.388967037 CEST	49768	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:31.476373911 CEST	49768	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:31.476388931 CEST	443	49768	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:31.476428986 CEST	49768	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:31.476435900 CEST	443	49768	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:31.476439953 CEST	443	49768	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:32.136887074 CEST	49769	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:32.136918068 CEST	443	49769	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:32.137022972 CEST	49769	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:32.282881021 CEST	49769	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:32.282893896 CEST	443	49769	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:32.282936096 CEST	443	49769	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:32.282953024 CEST	49769	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:32.282964945 CEST	443	49769	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:33.043185949 CEST	49770	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:33.043217897 CEST	443	49770	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:33.043307066 CEST	49770	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:33.098520041 CEST	49770	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:33.098536015 CEST	443	49770	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:33.098581076 CEST	443	49770	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:33.098614931 CEST	49770	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:33.098623991 CEST	443	49770	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:33.112652063 CEST	49771	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:33.112688065 CEST	443	49771	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:33.112756014 CEST	49771	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:33.178637981 CEST	49771	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:33.178652048 CEST	443	49771	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:33.178677082 CEST	443	49771	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:33.178798914 CEST	49771	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:33.178808928 CEST	443	49771	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:33.204617977 CEST	49772	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:33.204646111 CEST	443	49772	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:33.207187891 CEST	49772	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:33.258861065 CEST	49772	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:33.258877039 CEST	443	49772	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:33.258904934 CEST	443	49772	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:33.270987988 CEST	49773	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:33.271011114 CEST	443	49773	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:33.271116018 CEST	49773	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:33.318325996 CEST	49773	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:33.318341017 CEST	443	49773	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:33.318366051 CEST	443	49773	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:35.345081091 CEST	49774	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:35.345112085 CEST	443	49774	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:35.345304012 CEST	49774	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:35.402519941 CEST	49774	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:35.402537107 CEST	443	49774	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:35.402579069 CEST	443	49774	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:36.053246021 CEST	49775	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:36.053277016 CEST	443	49775	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:36.053339005 CEST	49775	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:36.109924078 CEST	49775	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:36.109956026 CEST	443	49775	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:36.109999895 CEST	49775	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:36.110003948 CEST	443	49775	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:36.110013008 CEST	443	49775	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:37.411576033 CEST	49776	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:37.411607981 CEST	443	49776	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:37.411675930 CEST	49776	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:39.097932100 CEST	49776	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:39.097954988 CEST	443	49776	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:39.098001957 CEST	49776	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:39.098007917 CEST	443	49776	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:39.098018885 CEST	443	49776	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:40.379915953 CEST	49777	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:40.379946947 CEST	443	49777	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:40.380042076 CEST	49777	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:40.440900087 CEST	49777	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:40.440923929 CEST	443	49777	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:40.440963984 CEST	443	49777	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:43.489043951 CEST	49778	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:43.489073992 CEST	443	49778	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:43.489145041 CEST	49778	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:43.553868055 CEST	49778	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:43.553883076 CEST	443	49778	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:43.553930998 CEST	49778	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:43.553936958 CEST	443	49778	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:43.553945065 CEST	443	49778	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:44.518858910 CEST	49779	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:44.518903971 CEST	443	49779	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:44.526910067 CEST	49779	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:44.598052025 CEST	49779	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:44.598066092 CEST	443	49779	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:44.598118067 CEST	443	49779	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:45.762186050 CEST	49780	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:45.762222052 CEST	443	49780	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:45.762279034 CEST	49780	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:46.054189920 CEST	49780	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:46.054212093 CEST	443	49780	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:46.054223061 CEST	49780	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:46.054229021 CEST	443	49780	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:46.054260015 CEST	443	49780	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:47.662954092 CEST	49781	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:47.662978888 CEST	443	49781	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:47.663039923 CEST	49781	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:47.990406036 CEST	49781	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:47.990430117 CEST	443	49781	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:47.990472078 CEST	49781	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:47.990478039 CEST	443	49781	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:47.990500927 CEST	443	49781	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:49.550436020 CEST	49782	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:49.550470114 CEST	443	49782	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:49.550527096 CEST	49782	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:49.973115921 CEST	49782	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:49.973150015 CEST	443	49782	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:49.973200083 CEST	49782	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:49.973201036 CEST	443	49782	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:49.973217964 CEST	443	49782	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:50.029268026 CEST	49783	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:50.029304028 CEST	443	49783	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:50.029369116 CEST	49783	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:50.112173080 CEST	49783	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:50.112189054 CEST	443	49783	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:50.112237930 CEST	443	49783	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:50.112245083 CEST	49783	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:50.112252951 CEST	443	49783	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:50.128079891 CEST	49784	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:50.128110886 CEST	443	49784	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:50.128166914 CEST	49784	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:50.196105003 CEST	49784	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:50.196126938 CEST	443	49784	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:50.196163893 CEST	443	49784	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:50.196211100 CEST	49784	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:50.196222067 CEST	443	49784	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:50.442977905 CEST	49785	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:50.443020105 CEST	443	49785	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:50.443455935 CEST	49785	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:50.786894083 CEST	49785	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:50.786911011 CEST	443	49785	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:50.786992073 CEST	49785	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:50.786995888 CEST	443	49785	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:50.787013054 CEST	443	49785	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:52.834930897 CEST	49786	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:52.834959030 CEST	443	49786	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:52.835499048 CEST	49786	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:52.895122051 CEST	49786	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:52.895134926 CEST	443	49786	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:52.895209074 CEST	443	49786	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:54.198677063 CEST	49787	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:54.198709965 CEST	443	49787	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:54.198779106 CEST	49787	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:54.286699057 CEST	49787	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:54.286711931 CEST	443	49787	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:54.286722898 CEST	49787	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:54.286727905 CEST	443	49787	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:54.286756039 CEST	443	49787	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:55.294233084 CEST	49788	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:55.294265032 CEST	443	49788	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:55.294343948 CEST	49788	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:55.345483065 CEST	49788	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:55.345496893 CEST	443	49788	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:55.345529079 CEST	49788	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:35:55.345535040 CEST	443	49788	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:55.345546007 CEST	443	49788	91.242.163.155	192.168.2.4
Apr 5, 2024 12:35:59.056868076 CEST	49789	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:59.056894064 CEST	443	49789	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:59.057013035 CEST	49789	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:59.641153097 CEST	49789	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:59.641170025 CEST	443	49789	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:59.641231060 CEST	49789	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:35:59.641236067 CEST	443	49789	95.164.23.133	192.168.2.4
Apr 5, 2024 12:35:59.641242981 CEST	443	49789	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:03.114408970 CEST	49790	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:03.114447117 CEST	443	49790	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:03.114567995 CEST	49790	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:03.165710926 CEST	49790	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:03.165724993 CEST	443	49790	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:03.165776968 CEST	443	49790	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:03.974505901 CEST	49791	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:03.974539995 CEST	443	49791	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:03.974596977 CEST	49791	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:04.044550896 CEST	49791	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:04.044574022 CEST	443	49791	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:04.044615984 CEST	443	49791	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:04.044619083 CEST	49791	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:04.044630051 CEST	443	49791	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:04.986887932 CEST	49792	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:04.986916065 CEST	443	49792	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:04.992968082 CEST	49792	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:05.055731058 CEST	49792	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:05.055756092 CEST	443	49792	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:05.055813074 CEST	443	49792	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:05.055833101 CEST	49792	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:05.055844069 CEST	443	49792	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:05.714018106 CEST	49793	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:05.714050055 CEST	443	49793	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:05.714117050 CEST	49793	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:05.800632000 CEST	49793	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:05.800647974 CEST	443	49793	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:05.800698996 CEST	443	49793	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:05.800705910 CEST	49793	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:05.800715923 CEST	443	49793	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:07.493438959 CEST	49794	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:07.493470907 CEST	443	49794	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:07.493522882 CEST	49794	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:07.771615982 CEST	49794	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:07.771636963 CEST	443	49794	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:07.771672964 CEST	49794	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:07.771677017 CEST	443	49794	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:07.771703005 CEST	443	49794	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:08.093792915 CEST	49795	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:08.093823910 CEST	443	49795	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:08.093889952 CEST	49795	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:08.193558931 CEST	49795	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:08.193583012 CEST	443	49795	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:08.193623066 CEST	49795	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:08.193629026 CEST	443	49795	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:08.193641901 CEST	443	49795	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:08.207123995 CEST	49796	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:08.207149029 CEST	443	49796	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:08.207210064 CEST	49796	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:08.297700882 CEST	49796	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:08.297714949 CEST	443	49796	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:08.297768116 CEST	49796	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:08.297772884 CEST	443	49796	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:08.297779083 CEST	443	49796	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:08.314691067 CEST	49797	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:08.314730883 CEST	443	49797	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:08.314790010 CEST	49797	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:08.387012005 CEST	49797	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:08.387034893 CEST	443	49797	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:08.387073040 CEST	443	49797	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:08.387077093 CEST	49797	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:08.387090921 CEST	443	49797	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:10.423738003 CEST	49798	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:10.423772097 CEST	443	49798	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:10.423835039 CEST	49798	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:10.506876945 CEST	49798	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:10.506895065 CEST	443	49798	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:10.506958961 CEST	443	49798	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:10.506979942 CEST	49798	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:10.506989002 CEST	443	49798	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:11.625718117 CEST	49799	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:11.625755072 CEST	443	49799	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:11.625822067 CEST	49799	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:11.720535040 CEST	49799	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:11.720554113 CEST	443	49799	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:11.720593929 CEST	49799	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:11.720602036 CEST	443	49799	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:11.720647097 CEST	443	49799	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:12.501919985 CEST	49800	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:12.501964092 CEST	443	49800	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:12.502094030 CEST	49800	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:12.568912983 CEST	49800	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:12.568929911 CEST	443	49800	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:12.568975925 CEST	443	49800	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:12.569005013 CEST	49800	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:12.569017887 CEST	443	49800	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:13.883071899 CEST	49801	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:13.883110046 CEST	443	49801	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:13.883169889 CEST	49801	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:13.963102102 CEST	49801	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:13.963125944 CEST	443	49801	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:13.963167906 CEST	49801	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:13.963174105 CEST	443	49801	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:13.963191986 CEST	443	49801	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:17.210472107 CEST	49802	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:17.210508108 CEST	443	49802	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:17.210786104 CEST	49802	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:17.288846016 CEST	49802	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:17.288866997 CEST	443	49802	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:17.288912058 CEST	443	49802	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:17.288942099 CEST	49802	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:17.288953066 CEST	443	49802	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:18.781418085 CEST	49803	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:18.781445980 CEST	443	49803	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:18.782891989 CEST	49803	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:18.838973999 CEST	49803	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:18.838988066 CEST	443	49803	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:18.839035988 CEST	443	49803	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:18.839061022 CEST	49803	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:18.839067936 CEST	443	49803	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:20.044265032 CEST	49804	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:20.044294119 CEST	443	49804	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:20.044363022 CEST	49804	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:20.955025911 CEST	49804	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:20.955025911 CEST	49804	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:20.955048084 CEST	443	49804	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:20.955058098 CEST	443	49804	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:20.955120087 CEST	443	49804	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:22.246412039 CEST	49805	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:22.246453047 CEST	443	49805	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:22.246512890 CEST	49805	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:22.714267969 CEST	49805	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:22.714287996 CEST	443	49805	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:22.714327097 CEST	443	49805	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:22.714349985 CEST	49805	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:22.714360952 CEST	443	49805	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:24.247665882 CEST	49806	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:24.247706890 CEST	443	49806	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:24.247771025 CEST	49806	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:24.314058065 CEST	49806	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:24.314080000 CEST	443	49806	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:24.314125061 CEST	443	49806	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:24.618791103 CEST	49807	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:24.618818045 CEST	443	49807	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:24.618885040 CEST	49807	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:24.697518110 CEST	49807	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:24.697536945 CEST	443	49807	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:24.697573900 CEST	443	49807	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:25.052488089 CEST	49808	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:25.052520037 CEST	443	49808	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:25.052654028 CEST	49808	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:25.153915882 CEST	49808	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:25.153934956 CEST	443	49808	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:25.153981924 CEST	443	49808	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:25.154073000 CEST	49808	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:25.154088974 CEST	443	49808	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:25.170871019 CEST	49809	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:25.170902967 CEST	443	49809	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:25.171118021 CEST	49809	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:26.254384995 CEST	49809	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:26.254406929 CEST	443	49809	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:26.254455090 CEST	49809	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:26.254460096 CEST	443	49809	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:26.254486084 CEST	443	49809	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:28.298948050 CEST	49810	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:28.298980951 CEST	443	49810	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:28.299402952 CEST	49810	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:28.358856916 CEST	49810	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:28.358871937 CEST	443	49810	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:28.358918905 CEST	443	49810	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:28.358975887 CEST	49810	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:28.358985901 CEST	443	49810	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:31.546315908 CEST	49811	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:31.546348095 CEST	443	49811	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:31.546405077 CEST	49811	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:32.199227095 CEST	49811	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:32.199259043 CEST	443	49811	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:32.199275017 CEST	49811	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:32.199284077 CEST	443	49811	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:32.199327946 CEST	443	49811	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:33.326121092 CEST	49812	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:33.326153040 CEST	443	49812	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:33.326956034 CEST	49812	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:34.430886984 CEST	49812	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:34.430912018 CEST	443	49812	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:34.430922985 CEST	49812	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:34.430931091 CEST	443	49812	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:34.430980921 CEST	443	49812	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:35.466032028 CEST	49813	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:35.466074944 CEST	443	49813	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:35.466197968 CEST	49813	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:35.541255951 CEST	49813	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:35.541270018 CEST	443	49813	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:35.541316986 CEST	49813	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:35.541317940 CEST	443	49813	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:35.541326046 CEST	443	49813	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:37.595407963 CEST	49814	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:37.595434904 CEST	443	49814	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:37.595493078 CEST	49814	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:37.690562963 CEST	49814	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:37.690577984 CEST	443	49814	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:37.690618038 CEST	49814	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:37.690627098 CEST	443	49814	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:37.690640926 CEST	443	49814	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:37.856287003 CEST	49815	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:37.856334925 CEST	443	49815	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:37.856403112 CEST	49815	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:37.915544033 CEST	49815	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:37.915561914 CEST	443	49815	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:37.915608883 CEST	49815	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:37.915613890 CEST	443	49815	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:37.915620089 CEST	443	49815	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:37.940660000 CEST	49816	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:37.940681934 CEST	443	49816	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:37.940741062 CEST	49816	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.034517050 CEST	49816	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.034526110 CEST	443	49816	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.034564018 CEST	49816	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.034576893 CEST	443	49816	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.034603119 CEST	443	49816	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.056128979 CEST	49817	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.056154013 CEST	443	49817	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.056212902 CEST	49817	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.125791073 CEST	49817	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.125804901 CEST	443	49817	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.125842094 CEST	443	49817	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.125855923 CEST	49817	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.125864983 CEST	443	49817	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.143116951 CEST	49818	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.143145084 CEST	443	49818	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.143201113 CEST	49818	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.213392019 CEST	49818	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.213418961 CEST	443	49818	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.213459015 CEST	49818	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.213469982 CEST	443	49818	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.213473082 CEST	443	49818	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.218394995 CEST	49819	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.218420982 CEST	443	49819	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.218468904 CEST	49819	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.293817043 CEST	49819	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.293845892 CEST	443	49819	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.293867111 CEST	49819	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.293874025 CEST	443	49819	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.293888092 CEST	443	49819	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.296756029 CEST	49820	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.296777010 CEST	443	49820	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.296865940 CEST	49820	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.342055082 CEST	49820	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.342075109 CEST	443	49820	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.342103958 CEST	443	49820	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.342122078 CEST	49820	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:38.342133045 CEST	443	49820	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:38.344680071 CEST	49821	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.344712019 CEST	443	49821	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.344769001 CEST	49821	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.402420044 CEST	49821	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.402434111 CEST	443	49821	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.402457952 CEST	443	49821	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:38.402478933 CEST	49821	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:38.402487993 CEST	443	49821	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:40.422333956 CEST	49822	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:40.422364950 CEST	443	49822	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:40.422454119 CEST	49822	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:40.471069098 CEST	49822	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:40.471086025 CEST	443	49822	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:40.471148014 CEST	49822	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:40.471152067 CEST	443	49822	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:40.471157074 CEST	443	49822	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:40.486825943 CEST	49823	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:40.486852884 CEST	443	49823	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:40.486913919 CEST	49823	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:40.538399935 CEST	49823	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:40.538414001 CEST	443	49823	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:40.538450956 CEST	49823	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:40.538455963 CEST	443	49823	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:40.538469076 CEST	443	49823	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:40.550971031 CEST	49824	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:40.551001072 CEST	443	49824	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:40.552875042 CEST	49824	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:40.604837894 CEST	49824	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:40.604847908 CEST	443	49824	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:40.604893923 CEST	443	49824	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:40.604911089 CEST	49824	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:40.604924917 CEST	443	49824	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:40.616050005 CEST	49825	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:40.616074085 CEST	443	49825	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:40.616244078 CEST	49825	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:40.670015097 CEST	49825	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:40.670027018 CEST	443	49825	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:40.670146942 CEST	49825	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:40.670151949 CEST	443	49825	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:40.670155048 CEST	443	49825	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:42.705585003 CEST	49826	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:42.705621958 CEST	443	49826	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:42.705686092 CEST	49826	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:42.767543077 CEST	49826	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:42.767556906 CEST	443	49826	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:42.767600060 CEST	443	49826	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:42.779141903 CEST	49827	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:42.779167891 CEST	443	49827	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:42.784876108 CEST	49827	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:43.840837002 CEST	49827	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:43.840863943 CEST	443	49827	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:43.840918064 CEST	443	49827	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:43.856834888 CEST	49828	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:43.856864929 CEST	443	49828	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:43.856940031 CEST	49828	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:43.912808895 CEST	49828	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:43.912822008 CEST	443	49828	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:43.912847042 CEST	443	49828	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:43.912873983 CEST	49828	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:43.912882090 CEST	443	49828	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:43.925020933 CEST	49829	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:43.925051928 CEST	443	49829	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:43.925134897 CEST	49829	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:43.978806019 CEST	49829	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:43.978817940 CEST	443	49829	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:43.978843927 CEST	443	49829	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:43.978854895 CEST	49829	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:43.978863955 CEST	443	49829	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:43.990307093 CEST	49830	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:43.990331888 CEST	443	49830	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:43.990634918 CEST	49830	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:44.033373117 CEST	49830	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:44.033385992 CEST	443	49830	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:44.033415079 CEST	443	49830	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:44.037007093 CEST	49831	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:44.037045956 CEST	443	49831	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:44.037122965 CEST	49831	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:44.095835924 CEST	49831	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:44.095850945 CEST	443	49831	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:44.095880032 CEST	443	49831	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:44.095910072 CEST	49831	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:44.095918894 CEST	443	49831	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:44.099572897 CEST	49832	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:44.099605083 CEST	443	49832	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:44.099697113 CEST	49832	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:44.153366089 CEST	49832	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:44.153384924 CEST	443	49832	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:44.153424025 CEST	443	49832	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:44.159410954 CEST	49833	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:44.159447908 CEST	443	49833	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:44.159609079 CEST	49833	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:44.255820990 CEST	49833	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:44.255846024 CEST	443	49833	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:44.255878925 CEST	443	49833	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:46.284472942 CEST	49834	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:46.284511089 CEST	443	49834	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:46.284832001 CEST	49834	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:46.338320971 CEST	49834	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:46.338336945 CEST	443	49834	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:46.338414907 CEST	49834	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:46.338416100 CEST	443	49834	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:46.338424921 CEST	443	49834	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:46.353676081 CEST	49835	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:46.353701115 CEST	443	49835	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:46.353863955 CEST	49835	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:46.437937021 CEST	49835	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:46.437937021 CEST	49835	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:46.437953949 CEST	443	49835	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:46.437963009 CEST	443	49835	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:46.438011885 CEST	443	49835	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:46.449824095 CEST	49836	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:46.449847937 CEST	443	49836	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:46.450861931 CEST	49836	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:46.491570950 CEST	49836	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:46.491585016 CEST	443	49836	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:46.491616964 CEST	443	49836	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:46.491641045 CEST	49836	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:46.491647959 CEST	443	49836	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:46.502883911 CEST	49837	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:46.502922058 CEST	443	49837	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:46.503058910 CEST	49837	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:46.581046104 CEST	49837	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:46.581058025 CEST	443	49837	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:46.581087112 CEST	443	49837	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:46.581100941 CEST	49837	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:46.581114054 CEST	443	49837	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:49.298502922 CEST	49838	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:49.298549891 CEST	443	49838	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:49.298609972 CEST	49838	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:49.458116055 CEST	49838	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:49.458136082 CEST	443	49838	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:49.458182096 CEST	49838	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:49.458184958 CEST	443	49838	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:49.458192110 CEST	443	49838	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:49.665956974 CEST	49839	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:49.665996075 CEST	443	49839	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:49.666054964 CEST	49839	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:49.735254049 CEST	49839	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:49.735270023 CEST	443	49839	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:49.735312939 CEST	443	49839	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:49.735316038 CEST	49839	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:49.735325098 CEST	443	49839	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:49.884756088 CEST	49840	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:49.884779930 CEST	443	49840	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:49.884879112 CEST	49840	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:49.994539022 CEST	49840	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:49.994555950 CEST	443	49840	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:49.994605064 CEST	443	49840	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:49.994626045 CEST	49840	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:49.994638920 CEST	443	49840	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:50.012012959 CEST	49841	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.012037992 CEST	443	49841	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.012111902 CEST	49841	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.095617056 CEST	49841	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.095634937 CEST	443	49841	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.095671892 CEST	443	49841	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.095683098 CEST	49841	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.095691919 CEST	443	49841	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.228642941 CEST	49842	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:50.228679895 CEST	443	49842	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:50.229305029 CEST	49842	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:50.417697906 CEST	49842	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:50.417716980 CEST	443	49842	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:50.417764902 CEST	443	49842	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:50.417772055 CEST	49842	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:50.417782068 CEST	443	49842	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:50.425601959 CEST	49843	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.425625086 CEST	443	49843	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.425710917 CEST	49843	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.547712088 CEST	49843	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.547738075 CEST	443	49843	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.547768116 CEST	49843	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.547775030 CEST	443	49843	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.547796965 CEST	443	49843	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.552316904 CEST	49844	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:50.552337885 CEST	443	49844	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:50.552424908 CEST	49844	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:50.594940901 CEST	49844	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:50.594957113 CEST	443	49844	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:50.594990015 CEST	443	49844	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:50.595019102 CEST	49844	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:50.595027924 CEST	443	49844	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:50.598869085 CEST	49845	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.598902941 CEST	443	49845	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.602984905 CEST	49845	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.665888071 CEST	49845	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.665889025 CEST	49845	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:50.665908098 CEST	443	49845	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.665916920 CEST	443	49845	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:50.665946960 CEST	443	49845	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:52.687592030 CEST	49846	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:52.687624931 CEST	443	49846	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:52.688683033 CEST	49846	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:52.735109091 CEST	49846	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:52.735121965 CEST	443	49846	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:52.735161066 CEST	443	49846	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:52.750926018 CEST	49847	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:52.750962973 CEST	443	49847	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:52.760443926 CEST	49847	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:52.809444904 CEST	49847	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:52.809454918 CEST	443	49847	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:52.809488058 CEST	443	49847	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:52.820849895 CEST	49848	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:52.820877075 CEST	443	49848	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:52.826821089 CEST	49848	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:52.880949974 CEST	49848	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:52.880970955 CEST	443	49848	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:52.881014109 CEST	443	49848	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:52.881059885 CEST	49848	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:52.881067991 CEST	443	49848	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:52.892846107 CEST	49849	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:52.892874002 CEST	443	49849	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:52.896894932 CEST	49849	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:52.952948093 CEST	49849	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:52.952965975 CEST	443	49849	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:52.953011990 CEST	443	49849	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.030473948 CEST	49850	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.030508995 CEST	443	49850	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.032845974 CEST	49850	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.069174051 CEST	49850	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.069174051 CEST	49850	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.069186926 CEST	443	49850	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.069196939 CEST	443	49850	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.069232941 CEST	443	49850	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.079154968 CEST	49851	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.079188108 CEST	443	49851	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.080030918 CEST	49851	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.121646881 CEST	49851	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.121666908 CEST	443	49851	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.121687889 CEST	443	49851	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.121721029 CEST	49851	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.121731043 CEST	443	49851	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.130108118 CEST	49852	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.130134106 CEST	443	49852	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.130268097 CEST	49852	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.185619116 CEST	49852	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.185619116 CEST	49852	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.185641050 CEST	443	49852	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.185651064 CEST	443	49852	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.185671091 CEST	443	49852	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.195396900 CEST	49853	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.195426941 CEST	443	49853	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.200922012 CEST	49853	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.245575905 CEST	49853	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.245575905 CEST	49853	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.245592117 CEST	443	49853	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.245599985 CEST	443	49853	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.245618105 CEST	443	49853	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.258862972 CEST	49854	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.258891106 CEST	443	49854	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.262896061 CEST	49854	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.310908079 CEST	49854	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.310926914 CEST	443	49854	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.310946941 CEST	443	49854	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.318861961 CEST	49855	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.318887949 CEST	443	49855	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.326848030 CEST	49855	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.370893955 CEST	49855	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.370907068 CEST	443	49855	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.370934963 CEST	443	49855	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.378859997 CEST	49856	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.378886938 CEST	443	49856	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.387056112 CEST	49856	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.430962086 CEST	49856	443	192.168.2.4	91.242.163.155
Apr 5, 2024 12:36:55.430969000 CEST	443	49856	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.430990934 CEST	443	49856	91.242.163.155	192.168.2.4
Apr 5, 2024 12:36:55.438962936 CEST	49857	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:55.438990116 CEST	443	49857	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:55.443068981 CEST	49857	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:56.494874954 CEST	49857	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:56.494894028 CEST	443	49857	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:56.494942904 CEST	443	49857	95.164.23.133	192.168.2.4
Apr 5, 2024 12:36:56.494975090 CEST	49857	443	192.168.2.4	95.164.23.133
Apr 5, 2024 12:36:56.494987965 CEST	443	49857	95.164.23.133	192.168.2.4

Target ID:	0
Start time:	12:33:48
Start date:	05/04/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x400000
File size:	3'706'880 bytes
MD5 hash:	219EF06E5B58FCF3134F362CA6073C06
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1615047964.000000007E81D000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Containers, IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	To disguise the source of malicious traffic, adversaries may chain together multiple proxies. Typically, a defender will be able to identify the last proxy traffic traversed before it enters their network; the defender may or may not be able to identify any previous proxies before the last-hop proxy. This technique makes identifying the original source of the malicious traffic even more difficult by requiring the defender to trace malicious traffic through several proxies to identify its source. A particular variant of this behavior is to use onion routing networks, such as the publicly available TOR network.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN , ZXProxy, and ZXPortMap. Adversaries use these types of proxies to manage command and control communications, reduce the number of simultaneous outbound network connections, provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Adversaries may chain together multiple proxies to further disguise the source of malicious traffic.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Aaeutrhyriqdy

C:\Users\user\AppData\Local\Temp\Aaeutrhyriqdy-shm

C:\Users\user\AppData\Local\Temp\Adawisyphuhwh

C:\Users\user\AppData\Local\Temp\Aeahwuwrsffqo

C:\Users\user\AppData\Local\Temp\Aeefoeoesafra

C:\Users\user\AppData\Local\Temp\Aifwswtotoddq

C:\Users\user\AppData\Local\Temp\Aiorpdwaapwpd

C:\Users\user\AppData\Local\Temp\Aitsiyyrawtei

C:\Users\user\AppData\Local\Temp\Aoeassrieqydf

C:\Users\user\AppData\Local\Temp\Asayspffheape

C:\Users\user\AppData\Local\Temp\Ayuuiepeeqtit

C:\Users\user\AppData\Local\Temp\Ddepesoeerrpray

C:\Users\user\AppData\Local\Temp\Ddihuuehyef

C:\Users\user\AppData\Local\Temp\Deadepufpfupoeu

C:\Users\user\AppData\Local\Temp\Dfoaue

C:\Users\user\AppData\Local\Temp\Dfwusp

C:\Users\user\AppData\Local\Temp\Diaipqhihoy

C:\Users\user\AppData\Local\Temp\Drysrepeq

C:\Users\user\AppData\Local\Temp\Dsdquyrweieiut

Windows Analysis Report
file.exe