Edit tour

Windows Analysis Report
rSyDiExlek.exe

Overview

General Information

Sample name:	rSyDiExlek.exe renamed because original name is a hash value
Original sample name:	6d3b249ec17de0b830b6d21a2a5bc6b4b15c99cc78c05d34ca414e09dea1d9d6.exe
Analysis ID:	1426116
MD5:	908016eddd0dc90bb69c0ff9f8560d68
SHA1:	60e6f9e8bd5e71eea2bab0c636b91b0d800e17bc
SHA256:	6d3b249ec17de0b830b6d21a2a5bc6b4b15c99cc78c05d34ca414e09dea1d9d6
Tags:	exe
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Snake Keylogger

Machine Learning detection for sample

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Outbound SMTP Connections

Uses 32bit PE files

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

rSyDiExlek.exe (PID: 2748 cmdline: "C:\Users\user\Desktop\rSyDiExlek.exe" MD5: 908016EDDD0DC90BB69C0FF9F8560D68)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-usering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "maxsales@maxvaluen.com", "Password": "123456", "Host": "mail.privateemail.com", "Port": "587"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
rSyDiExlek.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
rSyDiExlek.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
rSyDiExlek.exe	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
rSyDiExlek.exe	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14986:$a1: get_encryptedPassword 0x14c7c:$a2: get_encryptedUsername 0x14792:$a3: get_timePasswordChanged 0x1488d:$a4: get_passwordField 0x1499c:$a5: set_encryptedPassword 0x15f95:$a7: get_logins 0x15ef8:$a10: KeyLoggerEventArgs 0x15b91:$a11: KeyLoggerEventArgsEventHandler
rSyDiExlek.exe	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c373:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5a5:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b9d8:$a4: \Orbitum\User Data\Default\Login Data 0x1ca17:$a5: \Kometa\User Data\Default\Login Data
rSyDiExlek.exe	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15538:$s1: UnHook 0x1553f:$s2: SetHook 0x15547:$s3: CallNextHook 0x15554:$s4: _hook
rSyDiExlek.exe	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18374:$x1: $%SMTPDV$ 0x183d8:$x2: $#TheHashHere%& 0x19a2f:$x3: %FTPDV$ 0x19b19:$x4: $%TelegramDv$ 0x15b91:$x5: KeyLoggerEventArgs 0x15ef8:$x5: KeyLoggerEventArgs 0x19a53:$m2: Clipboard Logs ID 0x19c15:$m2: Screenshot Logs ID 0x19ce1:$m2: keystroke Logs ID 0x19bed:$m4: \SnakeKeylogger\
Click to see the 2 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.4589198071.0000000002FD6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.4589198071.0000000002FD6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14786:$a1: get_encryptedPassword 0x14a7c:$a2: get_encryptedUsername 0x14592:$a3: get_timePasswordChanged 0x1468d:$a4: get_passwordField 0x1479c:$a5: set_encryptedPassword 0x15d95:$a7: get_logins 0x15cf8:$a10: KeyLoggerEventArgs 0x15991:$a11: KeyLoggerEventArgsEventHandler
00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18174:$x1: $%SMTPDV$ 0x181d8:$x2: $#TheHashHere%& 0x1982f:$x3: %FTPDV$ 0x19919:$x4: $%TelegramDv$ 0x15991:$x5: KeyLoggerEventArgs 0x15cf8:$x5: KeyLoggerEventArgs 0x19853:$m2: Clipboard Logs ID 0x19a15:$m2: Screenshot Logs ID 0x19ae1:$m2: keystroke Logs ID 0x199ed:$m4: \SnakeKeylogger\
00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: rSyDiExlek.exe PID: 2748	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: rSyDiExlek.exe PID: 2748	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: rSyDiExlek.exe PID: 2748	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x5112c:$a1: get_encryptedPassword 0x51418:$a2: get_encryptedUsername 0x50f42:$a3: get_timePasswordChanged 0x5103d:$a4: get_passwordField 0x51142:$a5: set_encryptedPassword 0x535bb:$a7: get_logins 0x5351e:$a10: KeyLoggerEventArgs 0x531b7:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: rSyDiExlek.exe PID: 2748	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x531b7:$x5: KeyLoggerEventArgs 0x5351e:$x5: KeyLoggerEventArgs 0x53bab:$x5: KeyLoggerEventArgs 0x53edf:$x5: KeyLoggerEventArgs 0x55751:$m2: Clipboard Logs ID 0x5582c:$m2: Screenshot Logs ID 0x55860:$m2: keystroke Logs ID 0x55818:$m4: \SnakeKeylogger\
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.rSyDiExlek.exe.a70000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.rSyDiExlek.exe.a70000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.0.rSyDiExlek.exe.a70000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.0.rSyDiExlek.exe.a70000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x14986:$a1: get_encryptedPassword 0x14c7c:$a2: get_encryptedUsername 0x14792:$a3: get_timePasswordChanged 0x1488d:$a4: get_passwordField 0x1499c:$a5: set_encryptedPassword 0x15f95:$a7: get_logins 0x15ef8:$a10: KeyLoggerEventArgs 0x15b91:$a11: KeyLoggerEventArgsEventHandler
0.0.rSyDiExlek.exe.a70000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1c373:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b5a5:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b9d8:$a4: \Orbitum\User Data\Default\Login Data 0x1ca17:$a5: \Kometa\User Data\Default\Login Data
0.0.rSyDiExlek.exe.a70000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15538:$s1: UnHook 0x1553f:$s2: SetHook 0x15547:$s3: CallNextHook 0x15554:$s4: _hook
0.0.rSyDiExlek.exe.a70000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x18374:$x1: $%SMTPDV$ 0x183d8:$x2: $#TheHashHere%& 0x19a2f:$x3: %FTPDV$ 0x19b19:$x4: $%TelegramDv$ 0x15b91:$x5: KeyLoggerEventArgs 0x15ef8:$x5: KeyLoggerEventArgs 0x19a53:$m2: Clipboard Logs ID 0x19c15:$m2: Screenshot Logs ID 0x19ce1:$m2: keystroke Logs ID 0x19bed:$m4: \SnakeKeylogger\
Click to see the 2 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 198.54.122.135, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\rSyDiExlek.exe, Initiated: true, ProcessId: 2748, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49736

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: rSyDiExlek.exe

Avira: detected

Found malware configuration

Source: 00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "maxsales@maxvaluen.com", "Password": "123456", "Host": "mail.privateemail.com", "Port": "587"}

Multi AV Scanner detection for domain / URL

Source: scratchdreams.tk	Virustotal: Detection: 6%	Perma Link
Source: https://scratchdreams.tk	Virustotal: Detection: 15%	Perma Link
Source: https://scratchdreams.tk/_send_.php?TS	Virustotal: Detection: 14%	Perma Link

Multi AV Scanner detection for submitted file

Source: rSyDiExlek.exe	Virustotal: Detection: 67%			Perma Link
Source: rSyDiExlek.exe	ReversingLabs: Detection: 65%

Machine Learning detection for sample

Source: rSyDiExlek.exe

Joe Sandbox ML: detected

Source: rSyDiExlek.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.6:49713 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 172.67.169.18:443 -> 192.168.2.6:49728 version: TLS 1.2

Source: rSyDiExlek.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 02D1FCD1h	0_2_02D1FA10
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 02D1EFDDh	0_2_02D1EDF0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 02D1F967h	0_2_02D1EDF0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	0_2_02D1E310
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0D869h	0_2_05A0D5C0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A015D8h	0_2_05A01506
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0CFB9h	0_2_05A0CD10
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A01011h	0_2_05A00D60
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A00751h	0_2_05A004A0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0F6D1h	0_2_05A0F428
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0C709h	0_2_05A0C460
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0F279h	0_2_05A0EFD0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0E9C9h	0_2_05A0E720
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0BA01h	0_2_05A0B758
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0E119h	0_2_05A0DE70
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A015D8h	0_2_05A011B1
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A015D8h	0_2_05A011C0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A00BB1h	0_2_05A00900
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0D411h	0_2_05A0D168
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0CB61h	0_2_05A0C8B8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0FB29h	0_2_05A0F880
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0C2B1h	0_2_05A0C008
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A002F1h	0_2_05A00040
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0BE59h	0_2_05A0BBB0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0B5A9h	0_2_05A0B300
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0EE21h	0_2_05A0EB78
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0E571h	0_2_05A0E2C8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 05A0DCC1h	0_2_05A0DA18
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A68945h	0_2_06A68608
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A60B99h	0_2_06A608F0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A66171h	0_2_06A65EC8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A658C1h	0_2_06A65618
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A65D19h	0_2_06A65A70
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	0_2_06A633A8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	0_2_06A633B8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A66E79h	0_2_06A66BD0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A665C9h	0_2_06A66320
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A66A21h	0_2_06A66778
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A67751h	0_2_06A674A8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A60741h	0_2_06A60498
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A602E9h	0_2_06A60040
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A672FAh	0_2_06A67050
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A68459h	0_2_06A681B0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A65441h	0_2_06A65198
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A67BA9h	0_2_06A67900
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A60FF1h	0_2_06A60D48
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 4x nop then jmp 06A68001h	0_2_06A67D58

Networking

Yara detected Generic Downloader

Source: Yara match	File source: rSyDiExlek.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.6:49736 -> 198.54.122.135:587

Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.21.67.152 104.21.67.152
Source: Joe Sandbox View	IP Address: 172.67.169.18 172.67.169.18
Source: Joe Sandbox View	IP Address: 198.54.122.135 198.54.122.135
Source: Joe Sandbox View	IP Address: 132.226.247.73 132.226.247.73

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org

Source: global traffic

TCP traffic: 192.168.2.6:49736 -> 198.54.122.135:587

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.6:49713 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/81.181.62.56 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /_send_.php?TS HTTP/1.1Host: scratchdreams.tkConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: checkip.dyndns.org

Source: rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: rSyDiExlek.exe	String found in binary or memory: http://checkip.dyndns.org/q
Source: rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.C
Source: rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4586638023.0000000001092000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592908036.000000000652F000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.0000000006526000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.00000000064EE000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4593004284.0000000006547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: rSyDiExlek.exe, 00000000.00000002.4592737621.00000000064EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003368000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003344000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000329C000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000335D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000328E000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003320000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003336000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003352000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003280000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003309000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.0000000006526000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.00000000064EE000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003328000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000337D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003368000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003344000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000329C000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000335D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000328E000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003317000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003336000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003352000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003280000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003309000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003328000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000337D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mail.privateemail.com
Source: rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4586638023.0000000001092000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592908036.000000000652F000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.0000000006526000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.00000000064EE000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4593004284.0000000006547000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003368000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003344000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000329C000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000335D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000328E000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003320000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003336000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003352000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003280000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003309000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.0000000006526000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.00000000064EE000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003328000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000337D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www..
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002FB9000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: rSyDiExlek.exe	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/81.181.62.56
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002FB9000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/81.181.62.56$
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F1F000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org0Q
Source: rSyDiExlek.exe	String found in binary or memory: https://scratchdreams.tk
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002FB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://scratchdreams.tk/_send_.php?TS
Source: rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003368000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003344000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000329C000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000335D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000328E000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003320000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003336000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003352000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003280000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003309000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.0000000006526000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.00000000064EE000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003328000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000337D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown

HTTPS traffic detected: 172.67.169.18:443 -> 192.168.2.6:49728 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: rSyDiExlek.exe, type: SAMPLE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: rSyDiExlek.exe, type: SAMPLE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: rSyDiExlek.exe, type: SAMPLE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: rSyDiExlek.exe, type: SAMPLE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: rSyDiExlek.exe PID: 2748, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: rSyDiExlek.exe PID: 2748, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1B388	0_2_02D1B388
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1C1F0	0_2_02D1C1F0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D16168	0_2_02D16168
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D16790	0_2_02D16790
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1C7B1	0_2_02D1C7B1
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1C4D0	0_2_02D1C4D0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1CA91	0_2_02D1CA91
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1FA10	0_2_02D1FA10
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D14B31	0_2_02D14B31
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D198B8	0_2_02D198B8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1EDF0	0_2_02D1EDF0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1E310	0_2_02D1E310
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1E300	0_2_02D1E300
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D135C8	0_2_02D135C8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1B552	0_2_02D1B552
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D1BC08	0_2_02D1BC08
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A03688	0_2_05A03688
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A07BA8	0_2_05A07BA8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A08278	0_2_05A08278
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0D5B0	0_2_05A0D5B0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0D5C0	0_2_05A0D5C0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0CD03	0_2_05A0CD03
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0CD10	0_2_05A0CD10
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A00D60	0_2_05A00D60
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A00D50	0_2_05A00D50
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A004A0	0_2_05A004A0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A00490	0_2_05A00490
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0F428	0_2_05A0F428
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0F418	0_2_05A0F418
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0C460	0_2_05A0C460
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0C450	0_2_05A0C450
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0BFF8	0_2_05A0BFF8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0EFC1	0_2_05A0EFC1
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0EFD0	0_2_05A0EFD0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0E720	0_2_05A0E720
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0E710	0_2_05A0E710
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0B748	0_2_05A0B748
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0B758	0_2_05A0B758
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0DE63	0_2_05A0DE63
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0DE70	0_2_05A0DE70
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A03678	0_2_05A03678
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A071FC	0_2_05A071FC
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A00900	0_2_05A00900
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0D168	0_2_05A0D168
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0D158	0_2_05A0D158
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0C8A8	0_2_05A0C8A8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0C8B8	0_2_05A0C8B8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0F880	0_2_05A0F880
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A008F1	0_2_05A008F1
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A00006	0_2_05A00006
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0C008	0_2_05A0C008
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0F871	0_2_05A0F871
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A00040	0_2_05A00040
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0BBA0	0_2_05A0BBA0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0BBB0	0_2_05A0BBB0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0B300	0_2_05A0B300
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0EB68	0_2_05A0EB68
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0EB78	0_2_05A0EB78
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0E2B8	0_2_05A0E2B8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0B2EF	0_2_05A0B2EF
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0E2C8	0_2_05A0E2C8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0822E	0_2_05A0822E
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A07200	0_2_05A07200
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0DA09	0_2_05A0DA09
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0DA18	0_2_05A0DA18
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6B6E8	0_2_06A6B6E8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A68608	0_2_06A68608
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6D670	0_2_06A6D670
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6AA58	0_2_06A6AA58
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6C388	0_2_06A6C388
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A68BF3	0_2_06A68BF3
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6B0A0	0_2_06A6B0A0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A608F0	0_2_06A608F0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6D028	0_2_06A6D028
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6A408	0_2_06A6A408
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A611A0	0_2_06A611A0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6C9D8	0_2_06A6C9D8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6BD38	0_2_06A6BD38
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A65EB8	0_2_06A65EB8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A65EC8	0_2_06A65EC8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6B6D8	0_2_06A6B6D8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A68603	0_2_06A68603
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6560B	0_2_06A6560B
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A65618	0_2_06A65618
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6D663	0_2_06A6D663
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A65A60	0_2_06A65A60
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A65A70	0_2_06A65A70
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6AA48	0_2_06A6AA48
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A633A8	0_2_06A633A8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A633B8	0_2_06A633B8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6C387	0_2_06A6C387
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6A3FB	0_2_06A6A3FB
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A66BC1	0_2_06A66BC1
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A66BD0	0_2_06A66BD0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A66320	0_2_06A66320
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A63730	0_2_06A63730
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A66310	0_2_06A66310
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6676B	0_2_06A6676B
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A66778	0_2_06A66778
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A674A8	0_2_06A674A8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A60488	0_2_06A60488
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A67497	0_2_06A67497
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6B090	0_2_06A6B090
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A60498	0_2_06A60498
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A608E0	0_2_06A608E0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A678F0	0_2_06A678F0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6D027	0_2_06A6D027
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A60023	0_2_06A60023
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A64430	0_2_06A64430
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A62807	0_2_06A62807
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A62818	0_2_06A62818
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A60040	0_2_06A60040
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A67049	0_2_06A67049
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A67050	0_2_06A67050
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A681A0	0_2_06A681A0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A681B0	0_2_06A681B0
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6518B	0_2_06A6518B
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A61191	0_2_06A61191
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A65198	0_2_06A65198
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6C9C8	0_2_06A6C9C8
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6BD37	0_2_06A6BD37
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A60D39	0_2_06A60D39
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A67900	0_2_06A67900
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A60D48	0_2_06A60D48
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A67D48	0_2_06A67D48
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A67D58	0_2_06A67D58

Source: rSyDiExlek.exe, 00000000.00000002.4586638023.000000000105E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs rSyDiExlek.exe
Source: rSyDiExlek.exe, 00000000.00000002.4586418188.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs rSyDiExlek.exe
Source: rSyDiExlek.exe, 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs rSyDiExlek.exe
Source: rSyDiExlek.exe	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs rSyDiExlek.exe

Source: rSyDiExlek.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: rSyDiExlek.exe, type: SAMPLE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: rSyDiExlek.exe, type: SAMPLE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: rSyDiExlek.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: rSyDiExlek.exe, type: SAMPLE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: rSyDiExlek.exe PID: 2748, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: rSyDiExlek.exe PID: 2748, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: rSyDiExlek.exe, --.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: rSyDiExlek.exe, --.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: rSyDiExlek.exe, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: rSyDiExlek.exe, -.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.winEXE@1/0@4/4

Source: C:\Users\user\Desktop\rSyDiExlek.exe

Mutant created: NULL

Source: rSyDiExlek.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: rSyDiExlek.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\rSyDiExlek.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: rSyDiExlek.exe, 00000000.00000002.4591579237.0000000003F5C000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: rSyDiExlek.exe	Virustotal: Detection: 67%
Source: rSyDiExlek.exe	ReversingLabs: Detection: 65%

Source: rSyDiExlek.exe

String found in binary or memory: F-Stopw

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: rSyDiExlek.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: rSyDiExlek.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_02D12511 push 8BFFFFFFh; retf	0_2_02D12517
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_05A0234A push edx; ret	0_2_05A0234B
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Code function: 0_2_06A6F0B3 push es; ret	0_2_06A6F0B8

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Memory allocated: 2CD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Memory allocated: 2ED0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Memory allocated: 2D30000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598889	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598672	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598562	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598453	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598344	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598234	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598125	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598015	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597906	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597797	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597687	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597578	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597469	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597359	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597250	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597140	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597031	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596922	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596812	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596703	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596594	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596484	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596375	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596265	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596156	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596047	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595937	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595828	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595719	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595609	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595500	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595389	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595281	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595172	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595062	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 594844	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 594625	Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Window / User API: threadDelayed 8613			Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Window / User API: threadDelayed 1250			Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -23980767295822402s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 4160	Thread sleep count: 8613 > 30	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 4160	Thread sleep count: 1250 > 30	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -599765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -599656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -599547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -599437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -599328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -599219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -599109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -599000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -598889s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -598781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -598672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -598562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -598453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -598344s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -598234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -598125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -598015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -597906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -597797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -597687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -597578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -597469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -597359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -597250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -597140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -597031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -596922s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -596812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -596703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -596594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -596484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -596375s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -596265s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -596156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -596047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -595937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -595828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -595719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -595609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -595500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -595389s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -595281s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -595172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -595062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -594953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -594844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -594734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe TID: 2992	Thread sleep time: -594625s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599547	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598889	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598672	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598562	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598453	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598344	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598234	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598125	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 598015	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597906	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597797	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597687	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597578	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597469	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597359	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597250	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597140	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 597031	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596922	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596812	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596703	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596594	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596484	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596375	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596265	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596156	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 596047	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595937	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595828	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595719	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595609	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595500	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595389	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595281	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595172	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 595062	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 594953	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 594844	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 594734	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Thread delayed: delay time: 594625	Jump to behavior

Source: rSyDiExlek.exe, 00000000.00000002.4586638023.0000000001092000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:

Source: C:\Users\user\Desktop\rSyDiExlek.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe

Code function: 0_2_05A07BA8 LdrInitializeThunk,

0_2_05A07BA8

Source: C:\Users\user\Desktop\rSyDiExlek.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe	Queries volume information: C:\Users\user\Desktop\rSyDiExlek.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\rSyDiExlek.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: rSyDiExlek.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4589198071.0000000002FD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rSyDiExlek.exe PID: 2748, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\rSyDiExlek.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\rSyDiExlek.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\rSyDiExlek.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match	File source: rSyDiExlek.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4589198071.0000000002FD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rSyDiExlek.exe PID: 2748, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: rSyDiExlek.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rSyDiExlek.exe.a70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4589198071.0000000002FD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rSyDiExlek.exe PID: 2748, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Email Collection	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	31 Virtualization/Sandbox Evasion	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	31 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	23 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
rSyDiExlek.exe	67%	Virustotal		Browse
rSyDiExlek.exe	66%	ReversingLabs	ByteCode-MSIL.Keylogger.NotFound
rSyDiExlek.exe	100%	Avira	HEUR/AGEN.1307591
rSyDiExlek.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
reallyfreegeoip.org	1%	Virustotal	Browse
scratchdreams.tk	6%	Virustotal	Browse
checkip.dyndns.com	0%	Virustotal	Browse
checkip.dyndns.org	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://checkip.dyndns.org/	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
https://reallyfreegeoip.org	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
https://reallyfreegeoip.org/xml/	0%	URL Reputation	safe
https://scratchdreams.tk	15%	Virustotal		Browse
https://scratchdreams.tk/_send_.php?TS	14%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mail.privateemail.com	198.54.122.135	true	false		high
reallyfreegeoip.org	104.21.67.152	true	false	1%, Virustotal, Browse	unknown
scratchdreams.tk	172.67.169.18	true	false	6%, Virustotal, Browse	unknown
checkip.dyndns.com	132.226.247.73	true	false	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://reallyfreegeoip.org/xml/81.181.62.56	false		unknown
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
https://scratchdreams.tk/_send_.php?TS	false	14%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www..	rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp	false		low
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003368000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003344000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000329C000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000335D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000328E000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003320000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003336000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003352000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003280000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003309000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.0000000006526000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.00000000064EE000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003328000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000337D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032A9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sectigo.com/CPS0	rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003368000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003344000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000329C000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000335D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000328E000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003320000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003336000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003352000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003280000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003309000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.0000000006526000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.00000000064EE000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003328000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000337D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032A9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.comodoca.C	rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://ocsp.sectigo.com0	rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003368000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003344000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592908036.0000000006536000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000329C000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000335D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000328E000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003320000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003336000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.000000000651B000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003352000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003280000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003309000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.0000000006526000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4592737621.00000000064EE000.00000004.00000020.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003328000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000337D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000030A8000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032A9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org0Q	rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F1F000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://checkip.dyndns.org/q	rSyDiExlek.exe	false	URL Reputation: safe	unknown
https://scratchdreams.tk	rSyDiExlek.exe	false	15%, Virustotal, Browse	unknown
https://reallyfreegeoip.org	rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002FB9000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org	rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/81.181.62.56$	rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002FB9000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002F49000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://mail.privateemail.com	rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032ED000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003368000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003344000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000329C000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000335D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032FB000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000328E000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003317000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003336000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003352000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003280000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032B7000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003309000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.0000000003328000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.000000000337D000.00000004.00000800.00020000.00000000.sdmp, rSyDiExlek.exe, 00000000.00000002.4589198071.00000000032A9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	rSyDiExlek.exe, 00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/	rSyDiExlek.exe	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.67.152	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false
172.67.169.18	scratchdreams.tk	United States	13335	CLOUDFLARENETUS	false
198.54.122.135	mail.privateemail.com	United States	22612	NAMECHEAP-NETUS	false
132.226.247.73	checkip.dyndns.com	United States	16989	UTMEMUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1426116
Start date and time:	2024-04-15 15:35:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	rSyDiExlek.exe renamed because original name is a hash value
Original Sample Name:	6d3b249ec17de0b830b6d21a2a5bc6b4b15c99cc78c05d34ca414e09dea1d9d6.exe
Detection:	MAL
Classification:	mal100.troj.spyw.winEXE@1/0@4/4
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 102 Number of non-executed functions: 87
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
15:36:46	API Interceptor	11208243x Sleep call for process: rSyDiExlek.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.67.152	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse
	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse
	Zarefy4bOs.exe	Get hash	malicious	Snake Keylogger	Browse
	SAT8765456000.xlam.xlsx	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse
	1d4D5ndo0x.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse
	D09876500900000H.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse
	23343100IM00270839_Dekont1.exe	Get hash	malicious	Snake Keylogger	Browse
172.67.169.18	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse
	1d4D5ndo0x.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse
	D09876500900000H.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse
	z52OURO08765.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse
	SDTP098766700000.exe	Get hash	malicious	Snake Keylogger	Browse
	SecuriteInfo.com.Trojan.PackedNET.2725.8730.30889.exe	Get hash	malicious	Snake Keylogger	Browse
	vessel details.exe	Get hash	malicious	Snake Keylogger	Browse
	Ship Particulars.exe	Get hash	malicious	Snake Keylogger	Browse
	SecuriteInfo.com.Trojan.PackedNET.2725.26841.22155.exe	Get hash	malicious	Snake Keylogger	Browse
198.54.122.135	17129026260efdd91c6d1ffeca6e8eda3ece36cd849272dce1a2d9ab3c208be65a370d4493880.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse
	17128389081d4616ae42b2693f5ea6783112f41cb2ee5184f49d983f8bf833df0b0e97b429449.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse
	BBL ADVICE FOR INWARD_BC I650120-000_04012024.vbs	Get hash	malicious	AgentTesla	Browse
	Kmjcdaceubh.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	8O9uA5CrsY.exe	Get hash	malicious	AgentTesla	Browse
	Purchase.js	Get hash	malicious	AgentTesla	Browse
	RFQ_6356636.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	Documents-2023.11.exe	Get hash	malicious	AgentTesla	Browse
	j2cDlEn8A0.exe	Get hash	malicious	AgentTesla, zgRAT	Browse
	DWngv5D73c.exe	Get hash	malicious	AgentTesla	Browse
132.226.247.73	sample1.exe	Get hash	malicious	SeclesBot, TrojanRansom	Browse	checkip.dyndns.org/
	BmLue8t2V7.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Remittance_copy.pdf.scr.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Fuy2BDS9W2.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse	checkip.dyndns.org/
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	8wvP84hzFu.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Payment_Draft_confirmation.xla.xlsx	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	xdd6BRIg0O.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkip.dyndns.com	sample1.exe	Get hash	malicious	SeclesBot, TrojanRansom	Browse	132.226.247.73
	UbMsBrTi5s.exe	Get hash	malicious	Unknown	Browse	193.122.6.168
	Pnihosiyvr.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	158.101.44.242
	BmLue8t2V7.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	gZIZ5eyCtS.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	PsBygexGwH.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	Zarefy4bOs.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
mail.privateemail.com	17129026260efdd91c6d1ffeca6e8eda3ece36cd849272dce1a2d9ab3c208be65a370d4493880.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	198.54.122.135
	17128389081d4616ae42b2693f5ea6783112f41cb2ee5184f49d983f8bf833df0b0e97b429449.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	198.54.122.135
	BBL ADVICE FOR INWARD_BC I650120-000_04012024.vbs	Get hash	malicious	AgentTesla	Browse	198.54.122.135
	Kmjcdaceubh.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	198.54.122.135
	8O9uA5CrsY.exe	Get hash	malicious	AgentTesla	Browse	198.54.122.135
	Purchase.js	Get hash	malicious	AgentTesla	Browse	198.54.122.135
	RFQ_6356636.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	198.54.122.135
	Documents-2023.11.exe	Get hash	malicious	AgentTesla	Browse	198.54.122.135
	j2cDlEn8A0.exe	Get hash	malicious	AgentTesla, zgRAT	Browse	198.54.122.135
	DWngv5D73c.exe	Get hash	malicious	AgentTesla	Browse	198.54.122.135
reallyfreegeoip.org	Pnihosiyvr.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	172.67.177.134
	BmLue8t2V7.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	gZIZ5eyCtS.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	PsBygexGwH.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	Zarefy4bOs.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	Remittance_copy.pdf.scr.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.177.134
	SAT8765456000.xlam.xlsx	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse	104.21.67.152
scratchdreams.tk	PsBygexGwH.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
	58208 Teklif.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.169.18
	Zarefy4bOs.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
	Remittance_copy.pdf.scr.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
	Fuy2BDS9W2.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse	104.21.27.85
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	172.67.169.18
	109__Purchase_Order.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.27.85

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	phishing_email.eml.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.21.31.115
	DOCUMENTS OF OWNERSHIP AND PAYMENT REQUIREMENTS.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	172.67.74.152
	MT103 .exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	New Order 0048757.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	order Depeng POORD20231109001.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	ungziped_file.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	SKM_C3350i2402291223.bat.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	http://nursing-theory.org	Get hash	malicious	Coinimp	Browse	172.64.151.202
	https://cloudflare-ipfs.com/ipfs/QmSFdBWsgwFRtCzNJSbX1pf4C4Wg5j9DAoah1hHZDA7Qzz/#david.embretsen@skolverket.se&id=71de&rcpt=david.embretsen@skolverket.se&tss=1713181249&msgid=f1e0bd0e-fb1c-11ee-adc9-0050569b30f3&html=1&h=5b858140	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://lopsided-atom-reindeer.glitch.me/	Get hash	malicious	Unknown	Browse	172.66.40.60
CLOUDFLARENETUS	phishing_email.eml.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.21.31.115
	DOCUMENTS OF OWNERSHIP AND PAYMENT REQUIREMENTS.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	172.67.74.152
	MT103 .exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	New Order 0048757.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	order Depeng POORD20231109001.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	ungziped_file.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	SKM_C3350i2402291223.bat.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	http://nursing-theory.org	Get hash	malicious	Coinimp	Browse	172.64.151.202
	https://cloudflare-ipfs.com/ipfs/QmSFdBWsgwFRtCzNJSbX1pf4C4Wg5j9DAoah1hHZDA7Qzz/#david.embretsen@skolverket.se&id=71de&rcpt=david.embretsen@skolverket.se&tss=1713181249&msgid=f1e0bd0e-fb1c-11ee-adc9-0050569b30f3&html=1&h=5b858140	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://lopsided-atom-reindeer.glitch.me/	Get hash	malicious	Unknown	Browse	172.66.40.60
NAMECHEAP-NETUS	Ordin de plat#U0103.exe	Get hash	malicious	FormBook	Browse	198.54.120.175
	Arrival Notice.vbs	Get hash	malicious	FormBook, GuLoader	Browse	162.255.119.150
	HSBC Advice_pdf.vbs	Get hash	malicious	FormBook	Browse	185.61.152.72
	https://worker-long-darkness-7875.feranthomas135.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	198.187.31.254
	Swift Message.pdf.exe	Get hash	malicious	FormBook	Browse	162.0.236.122
	17129026260efdd91c6d1ffeca6e8eda3ece36cd849272dce1a2d9ab3c208be65a370d4493880.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	198.54.122.135
	17128389081d4616ae42b2693f5ea6783112f41cb2ee5184f49d983f8bf833df0b0e97b429449.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	198.54.122.135
	MT103 Payment.vbs	Get hash	malicious	FormBook	Browse	185.61.153.96
	https://en.dv-tube.com/	Get hash	malicious	TechSupportScam	Browse	198.54.115.53
	http://www.malwaredomainlist.com/	Get hash	malicious	Unknown	Browse	192.64.119.254
UTMEMUS	kGbjOmkleq.elf	Get hash	malicious	Mirai	Browse	132.226.89.207
	BmLue8t2V7.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	edlyEKgpaz.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	VI3 Operation Guide_tech Info versionfdp.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.8.169
	1WOxWETNbC.elf	Get hash	malicious	Unknown	Browse	132.226.89.213
	Remittance_copy.pdf.scr.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	request-2.doc.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	132.226.8.169
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	Fuy2BDS9W2.exe	Get hash	malicious	PureLog Stealer, RedLine, Snake Keylogger	Browse	132.226.247.73
	Purchase Order.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	Request For Quotation.exe	Get hash	malicious	PureLog Stealer	Browse	104.21.67.152
	Request For Quotation.exe	Get hash	malicious	PureLog Stealer	Browse	104.21.67.152
	PEE1tTQcx4.exe	Get hash	malicious	Xehook Stealer	Browse	104.21.67.152
	SecuriteInfo.com.FileRepPup.2542.22578.exe	Get hash	malicious	Unknown	Browse	104.21.67.152
	SecuriteInfo.com.FileRepMalware.1286.7375.exe	Get hash	malicious	Unknown	Browse	104.21.67.152
	SecuriteInfo.com.FileRepMalware.1286.7375.exe	Get hash	malicious	Unknown	Browse	104.21.67.152
	https://docs.google.com/presentation/d/e/2PACX-1vTDYiKRA4Xpi87V1ueZYWLPwiU1D7IimpaLgw9IwC2WOcZVcxEAqv83v8l-qPScyrAJ2_Ln7kd6oD0B/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher	Browse	104.21.67.152
	Ghost Loader 8.7.1.exe	Get hash	malicious	PureLog Stealer, Xehook Stealer	Browse	104.21.67.152
	https://docs.google.com/presentation/d/e/2PACX-1vSzDVBvjTDn0sg9JpyWDO6IpOCyPgJDXBngPVTCitEwRTjv_KYpZwrm0V19bUFNJVw69pkJpH9ABC5O/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	104.21.67.152
	SecuriteInfo.com.Trojan.DownLoader18.23007.9391.27741.exe	Get hash	malicious	Unknown	Browse	104.21.67.152
3b5074b1b5d032e5620f69f9f700ff0e	DOCUMENTS OF OWNERSHIP AND PAYMENT REQUIREMENTS.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	172.67.169.18
	ORDER SPECIFICATION.exe	Get hash	malicious	AgentTesla	Browse	172.67.169.18
	MT103 .exe	Get hash	malicious	AgentTesla	Browse	172.67.169.18
	New Order 0048757.exe	Get hash	malicious	AgentTesla	Browse	172.67.169.18
	Ordin de plat#U0103.exe	Get hash	malicious	FormBook	Browse	172.67.169.18
	order Depeng POORD20231109001.exe	Get hash	malicious	AgentTesla	Browse	172.67.169.18
	ungziped_file.exe	Get hash	malicious	AgentTesla	Browse	172.67.169.18
	SKM_C3350i2402291223.bat.exe	Get hash	malicious	AgentTesla	Browse	172.67.169.18
	PURCHASE_ORDER_SHEET_&_SPECIFICATIONS_0000000.vbs	Get hash	malicious	GuLoader	Browse	172.67.169.18
	FRS3587.js	Get hash	malicious	RHADAMANTHYS	Browse	172.67.169.18

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.833141559591565
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	rSyDiExlek.exe
File size:	133'632 bytes
MD5:	908016eddd0dc90bb69c0ff9f8560d68
SHA1:	60e6f9e8bd5e71eea2bab0c636b91b0d800e17bc
SHA256:	6d3b249ec17de0b830b6d21a2a5bc6b4b15c99cc78c05d34ca414e09dea1d9d6
SHA512:	563bad3127fa5c8b372687ced8eb497677d6464612143ecf15d41c3eadb6be4d4b1b59210200ae8b7ff423c7ed41fff38e1677087c4683a976433c027be47af0
SSDEEP:	3072:NhBlNh2vWoAQomH/ehGkOFo5bljsX8wv8Lw4LVgbY:LNh2eoAxh5bO4L2b
TLSH:	C8D3F85937E88814E2FF997302316101C7B6B8430A27DF1D1BD2A5692B7DB91CE1AF93
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..e..............P.................. ... ....@.. .......................`............@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x42129e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x65D90863 [Fri Feb 23 21:04:35 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x21248	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x22000	0x108f	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1f2a4	0x1f400	9f7c07218e975fe438f933aa6e554f82	False	0.3576015625	data	5.846240601967672	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x22000	0x108f	0x1200	f59392b7fa5e8b22ad0c6b19a0b07c20	False	0.3663194444444444	data	4.868462934974607	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x24000	0xc	0x200	a484c7b9b58ea7cad3746f2f891ceb59	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x220a0	0x394	OpenPGP Secret Key			0.42358078602620086
RT_MANIFEST	0x22434	0xc5b	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.3926651912741069

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2024 15:36:45.553272009 CEST	49712	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:45.801417112 CEST	80	49712	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:45.801573038 CEST	49712	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:45.801886082 CEST	49712	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:46.050235033 CEST	80	49712	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:46.050673962 CEST	80	49712	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:46.054557085 CEST	49712	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:46.304549932 CEST	80	49712	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:46.354458094 CEST	49712	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:46.453641891 CEST	49713	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:46.453715086 CEST	443	49713	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:46.453795910 CEST	49713	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:46.473592043 CEST	49713	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:46.473639965 CEST	443	49713	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:46.691894054 CEST	443	49713	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:46.692014933 CEST	49713	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:46.696866035 CEST	49713	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:46.696897984 CEST	443	49713	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:46.697205067 CEST	443	49713	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:46.745090008 CEST	49713	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:46.751526117 CEST	49713	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:46.798089981 CEST	443	49713	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:47.182375908 CEST	443	49713	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:47.182454109 CEST	443	49713	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:47.182521105 CEST	49713	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:47.188678026 CEST	49713	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:47.192090034 CEST	49712	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:47.442157030 CEST	80	49712	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:47.446316957 CEST	49714	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:47.446362972 CEST	443	49714	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:47.446434975 CEST	49714	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:47.446748018 CEST	49714	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:47.446758032 CEST	443	49714	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:47.495096922 CEST	49712	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:47.655946970 CEST	443	49714	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:47.658499956 CEST	49714	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:47.658518076 CEST	443	49714	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:48.156301975 CEST	443	49714	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:48.156461954 CEST	443	49714	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:48.156516075 CEST	49714	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:48.157063007 CEST	49714	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:48.159919977 CEST	49712	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:48.160808086 CEST	49715	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:48.410167933 CEST	80	49715	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:48.410187960 CEST	80	49712	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:48.410301924 CEST	49715	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:48.410300970 CEST	49712	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:48.410444975 CEST	49715	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:48.657947063 CEST	80	49715	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:48.658112049 CEST	80	49715	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:48.659373999 CEST	49717	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:48.659405947 CEST	443	49717	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:48.659495115 CEST	49717	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:48.659722090 CEST	49717	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:48.659730911 CEST	443	49717	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:48.698328018 CEST	49715	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:48.871545076 CEST	443	49717	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:48.873302937 CEST	49717	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:48.873338938 CEST	443	49717	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:49.367619038 CEST	443	49717	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:49.367734909 CEST	443	49717	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:49.367793083 CEST	49717	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:49.368424892 CEST	49717	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:49.372380018 CEST	49715	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:49.373584032 CEST	49718	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:49.619812012 CEST	80	49715	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:49.619889021 CEST	49715	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:49.623529911 CEST	80	49718	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:49.623632908 CEST	49718	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:49.623795033 CEST	49718	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:49.872628927 CEST	80	49718	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:49.873615026 CEST	80	49718	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:49.874764919 CEST	49719	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:49.874806881 CEST	443	49719	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:49.874890089 CEST	49719	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:49.875133991 CEST	49719	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:49.875145912 CEST	443	49719	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:49.916965008 CEST	49718	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:50.086180925 CEST	443	49719	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:50.087785959 CEST	49719	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:50.087816954 CEST	443	49719	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:50.629976988 CEST	443	49719	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:50.630235910 CEST	443	49719	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:50.630342960 CEST	49719	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:50.630626917 CEST	49719	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:50.634656906 CEST	49720	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:50.882704973 CEST	80	49720	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:50.882934093 CEST	49720	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:50.883027077 CEST	49720	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:51.130484104 CEST	80	49720	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:51.153641939 CEST	80	49720	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:51.155050993 CEST	49721	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:51.155144930 CEST	443	49721	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:51.155230999 CEST	49721	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:51.155466080 CEST	49721	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:51.155508995 CEST	443	49721	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:51.198283911 CEST	49720	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:51.370687962 CEST	443	49721	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:51.372381926 CEST	49721	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:51.372468948 CEST	443	49721	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:51.621805906 CEST	443	49721	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:51.621916056 CEST	443	49721	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:51.622107983 CEST	49721	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:51.622417927 CEST	49721	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:51.625473976 CEST	49720	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:51.626553059 CEST	49722	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:51.873641014 CEST	80	49720	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:51.873739958 CEST	49720	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:51.874664068 CEST	80	49722	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:51.874769926 CEST	49722	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:51.874912977 CEST	49722	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:52.122937918 CEST	80	49722	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:52.123655081 CEST	80	49722	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:52.125838995 CEST	49723	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:52.125895977 CEST	443	49723	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:52.125967979 CEST	49723	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:52.126199007 CEST	49723	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:52.126215935 CEST	443	49723	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:52.166970968 CEST	49722	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:52.339847088 CEST	443	49723	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:52.341747046 CEST	49723	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:52.341790915 CEST	443	49723	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:52.840255976 CEST	443	49723	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:52.840358973 CEST	443	49723	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:52.840468884 CEST	49723	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:52.841181993 CEST	49723	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:52.845416069 CEST	49722	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:52.846936941 CEST	49724	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:53.093661070 CEST	80	49722	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:53.093781948 CEST	49722	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:53.095465899 CEST	80	49724	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:53.095568895 CEST	49724	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:53.095824003 CEST	49724	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:53.344317913 CEST	80	49724	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:53.346129894 CEST	80	49724	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:53.347671032 CEST	49725	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:53.347702980 CEST	443	49725	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:53.347795010 CEST	49725	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:53.348078012 CEST	49725	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:53.348088026 CEST	443	49725	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:53.385792017 CEST	49724	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:53.569674015 CEST	443	49725	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:53.571432114 CEST	49725	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:53.571469069 CEST	443	49725	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:53.826064110 CEST	443	49725	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:53.826354980 CEST	443	49725	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:53.826440096 CEST	49725	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:53.826842070 CEST	49725	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:53.830030918 CEST	49724	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:53.831259966 CEST	49726	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:54.078619003 CEST	80	49724	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:54.078644991 CEST	80	49726	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:54.078705072 CEST	49724	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:54.078766108 CEST	49726	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:54.078924894 CEST	49726	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:54.326183081 CEST	80	49726	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:54.342428923 CEST	80	49726	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:54.343946934 CEST	49727	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:54.343977928 CEST	443	49727	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:54.344074011 CEST	49727	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:54.344319105 CEST	49727	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:54.344336033 CEST	443	49727	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:54.385761023 CEST	49726	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:54.558101892 CEST	443	49727	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:54.559678078 CEST	49727	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:54.559696913 CEST	443	49727	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:55.065748930 CEST	443	49727	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:55.065870047 CEST	443	49727	104.21.67.152	192.168.2.6
Apr 15, 2024 15:36:55.065948963 CEST	49727	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:55.066442966 CEST	49727	443	192.168.2.6	104.21.67.152
Apr 15, 2024 15:36:55.079921007 CEST	49726	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:55.238553047 CEST	49728	443	192.168.2.6	172.67.169.18
Apr 15, 2024 15:36:55.238595963 CEST	443	49728	172.67.169.18	192.168.2.6
Apr 15, 2024 15:36:55.238723993 CEST	49728	443	192.168.2.6	172.67.169.18
Apr 15, 2024 15:36:55.239795923 CEST	49728	443	192.168.2.6	172.67.169.18
Apr 15, 2024 15:36:55.239809990 CEST	443	49728	172.67.169.18	192.168.2.6
Apr 15, 2024 15:36:55.331342936 CEST	80	49726	132.226.247.73	192.168.2.6
Apr 15, 2024 15:36:55.331455946 CEST	49726	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:36:55.458137989 CEST	443	49728	172.67.169.18	192.168.2.6
Apr 15, 2024 15:36:55.458347082 CEST	49728	443	192.168.2.6	172.67.169.18
Apr 15, 2024 15:36:55.461627007 CEST	49728	443	192.168.2.6	172.67.169.18
Apr 15, 2024 15:36:55.461654902 CEST	443	49728	172.67.169.18	192.168.2.6
Apr 15, 2024 15:36:55.461883068 CEST	443	49728	172.67.169.18	192.168.2.6
Apr 15, 2024 15:36:55.463713884 CEST	49728	443	192.168.2.6	172.67.169.18
Apr 15, 2024 15:36:55.506083965 CEST	443	49728	172.67.169.18	192.168.2.6
Apr 15, 2024 15:37:26.616574049 CEST	443	49728	172.67.169.18	192.168.2.6
Apr 15, 2024 15:37:26.616749048 CEST	443	49728	172.67.169.18	192.168.2.6
Apr 15, 2024 15:37:26.616820097 CEST	49728	443	192.168.2.6	172.67.169.18
Apr 15, 2024 15:37:26.620892048 CEST	49728	443	192.168.2.6	172.67.169.18
Apr 15, 2024 15:37:32.041841030 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:32.197869062 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:32.198067904 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:32.691543102 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:32.691754103 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:32.847171068 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:32.847651958 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:32.848083973 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:33.004703999 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.005211115 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:33.161098003 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.162179947 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.162194967 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.162208080 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.162251949 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.162265062 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.162280083 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:33.162322044 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:33.177684069 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:33.333796978 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.334572077 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.340538979 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:33.497284889 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.497859001 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.498907089 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:33.654424906 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.655770063 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.656052113 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:33.811350107 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.813882113 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.814162970 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:33.970233917 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.971721888 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:33.971990108 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:34.127599001 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:34.163366079 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:34.163659096 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:34.319282055 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:34.319432974 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:34.320034981 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:34.320111036 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:34.320131063 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:34.320153952 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:34.475435019 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:34.475462914 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:34.626935959 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:34.666963100 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:43.855711937 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.016415119 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.016901016 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.016920090 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.016998053 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.017261982 CEST	49736	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.018085957 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.175703049 CEST	587	49736	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.176831007 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.176915884 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.334944963 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.335118055 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.490452051 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.490546942 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.490721941 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.647938967 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.648616076 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.804167986 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.804193020 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.805011034 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.805303097 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:44.960587978 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.960602045 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.960613012 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.961051941 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:44.961255074 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:45.119313955 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.121252060 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.121846914 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:45.280958891 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.285540104 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.288338900 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:45.443803072 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.445576906 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.445754051 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:45.603429079 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.636744976 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.636924982 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:45.795016050 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.795306921 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.797920942 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:45.797950029 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:45.797974110 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:45.797991991 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:45.953675032 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:45.953692913 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.101661921 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.102308035 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:46.259136915 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.259540081 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.259555101 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.259638071 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:46.260061026 CEST	49738	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:46.261070967 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:46.416193008 CEST	587	49738	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.417145014 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.417217970 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:46.576179981 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.576345921 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:46.731935978 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.732119083 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.732326031 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:46.887476921 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:46.888032913 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:47.046576023 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.046601057 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.047410011 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:47.047800064 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:47.202997923 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.203012943 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.203407049 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.203639030 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:47.360012054 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.361485958 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.361737967 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:47.517546892 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.521433115 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.521634102 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:47.678082943 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.680288076 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.729481936 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:47.786798000 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:47.942128897 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.978472948 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:47.978687048 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:48.134435892 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:48.134673119 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:48.135150909 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:48.135194063 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:48.135385036 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:48.135413885 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:48.290383101 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:48.290512085 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:48.290524960 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:48.429862022 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:48.479477882 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:49.615873098 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:49.783009052 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:49.783749104 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:49.783762932 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:49.783842087 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:49.784188032 CEST	49739	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:49.784956932 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:49.952187061 CEST	587	49739	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:49.953488111 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:49.953583002 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:50.120487928 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.120685101 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:50.283400059 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.284188032 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.284353018 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:50.445205927 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.445732117 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:50.602941036 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.603626013 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.618597031 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:50.618916035 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:50.776458025 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.776473999 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.776597023 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.776920080 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.777158976 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:50.934211969 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.934941053 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:50.957257032 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:51.113851070 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.116009951 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.116326094 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:51.272748947 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.274283886 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.274614096 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:51.432490110 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.458367109 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.458715916 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:51.619267941 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.619729996 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.620038033 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:51.620115995 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:51.620143890 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:51.620192051 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:51.789917946 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.789947033 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.926831961 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:51.927500010 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:52.084109068 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:52.084758997 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:52.084779978 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:52.084822893 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:52.085156918 CEST	49741	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:52.085901022 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:52.243510008 CEST	587	49741	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:52.245213032 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:52.245361090 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:52.710578918 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:52.710745096 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:52.867815971 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:52.868074894 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:52.868246078 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:53.024832964 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.025233984 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:53.180955887 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.181051016 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.181752920 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:53.182360888 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:53.337877989 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.337893009 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.338300943 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.338607073 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.338865995 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:53.494232893 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.495935917 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.496239901 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:53.651597977 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.655371904 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.655606985 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:53.811225891 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.813433886 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:53.813646078 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:53.969158888 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.001993895 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.002326012 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.158206940 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.158750057 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.159018993 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.159064054 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.159092903 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.159131050 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.314330101 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.314346075 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.467272997 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.467884064 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.623495102 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.624129057 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.624140978 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.624217987 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.624531031 CEST	49742	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.625571966 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.779876947 CEST	587	49742	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.781080961 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.781172037 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:54.873572111 CEST	80	49718	132.226.247.73	192.168.2.6
Apr 15, 2024 15:37:54.873656988 CEST	49718	80	192.168.2.6	132.226.247.73
Apr 15, 2024 15:37:54.939358950 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:54.941627026 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:55.097764969 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.097816944 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.098099947 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:55.253473043 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.253942013 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:55.409375906 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.409869909 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.410631895 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:55.411113024 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:55.569557905 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.569585085 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.569601059 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.569617033 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.569955111 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:55.726562023 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.728432894 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.730114937 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:55.887315035 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.888839006 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:55.889198065 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.044898987 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.046683073 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.047147036 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.204427958 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.233381033 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.233705997 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.389281034 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.389740944 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.390078068 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.390137911 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.390204906 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.390204906 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.545958042 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.546024084 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.546061993 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.689941883 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.690489054 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.851809025 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.852144957 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.852191925 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:56.852297068 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.852695942 CEST	49743	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:56.853769064 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:57.007895947 CEST	587	49743	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.010175943 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.010293007 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:57.167383909 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.167555094 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:57.324260950 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.324693918 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.324853897 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:57.480787992 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.481142998 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:57.636898041 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.637053967 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.637845039 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:57.638138056 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:57.793396950 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.793853045 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.794286013 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.794640064 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.794858932 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:57.950773001 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.951747894 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:57.952044964 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:58.107848883 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.109864950 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.110232115 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:58.266119003 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.267638922 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.267872095 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:58.424331903 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.454698086 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.455086946 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:58.612075090 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.612268925 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.612602949 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:58.612636089 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:58.612662077 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:58.612685919 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:58.768259048 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.768318892 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.913856030 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:58.914411068 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:59.070399046 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:59.070513010 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:59.070555925 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:59.070626020 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:59.071089983 CEST	49744	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:59.072134972 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:37:59.226949930 CEST	587	49744	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:59.228055000 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:37:59.228156090 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:00.042244911 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.042418003 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:00.199032068 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.199099064 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.199276924 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:00.355144024 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.355571985 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:00.511600971 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.511671066 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.512397051 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:00.512756109 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:00.668323040 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.668370962 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.668555975 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.669087887 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.669409990 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:00.826684952 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.828438044 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.828720093 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:00.984258890 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.986498117 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:00.986797094 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.142326117 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.143925905 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.144191027 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.300194025 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.323121071 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.323362112 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.479156971 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.479195118 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.479639053 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.479702950 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.479728937 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.479758978 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.636526108 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.636564016 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.777719021 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.778281927 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.935328007 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.935569048 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.935591936 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:01.935703039 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.943243980 CEST	49745	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:01.944159031 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:02.099344015 CEST	587	49745	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.104294062 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.104391098 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:02.263448000 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.263659000 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:02.424701929 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.424772978 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.425024033 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:02.586990118 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.587455988 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:02.743822098 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.743947983 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.744674921 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:02.744965076 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:02.901747942 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.901796103 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.902057886 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.902112007 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:02.902304888 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:03.057976007 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.059597969 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.059933901 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:03.216087103 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.219309092 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.219603062 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:03.381664038 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.383747101 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.384120941 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:03.547179937 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.576848984 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.577255011 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:03.733825922 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.734235048 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.734498978 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:03.734541893 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:03.734555960 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:03.734577894 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:03.890131950 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:03.890281916 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.034646988 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.035378933 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:04.190942049 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.191540003 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.191581964 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.191673994 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:04.191998959 CEST	49746	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:04.192991972 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:04.347907066 CEST	587	49746	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.349549055 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.349637032 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:04.506795883 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.507015944 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:04.665050030 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.665694952 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.665863991 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:04.822305918 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.822680950 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:04.985841990 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.986119986 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:04.986799002 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:04.987205982 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:05.145826101 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.145884037 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.145920038 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.145957947 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.146198988 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:05.301667929 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.305730104 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.306000948 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:05.465321064 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.467608929 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.467840910 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:05.628357887 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.630558014 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.630795002 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:05.789798975 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.821748972 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.822087049 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:05.983023882 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.983540058 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:05.983877897 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:05.983928919 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:05.983971119 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:05.984004021 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:06.141045094 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.141067028 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.141078949 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.286595106 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.287252903 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:06.443814993 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.444533110 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.444686890 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.444755077 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:06.445053101 CEST	49747	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:06.445961952 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:06.600794077 CEST	587	49747	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.602231026 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.602339029 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:06.761755943 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:06.807589054 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:06.907516003 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:07.063463926 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:07.063736916 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:07.063947916 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:07.219732046 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:07.220201969 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:07.381330967 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:07.381418943 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:07.432626963 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:09.155657053 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:09.160557985 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:09.313515902 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.313556910 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.317677975 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.317713022 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.317974091 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:09.474694014 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.476001024 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.476372957 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:09.631889105 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.634052038 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.634319067 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:09.789890051 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.791838884 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.792066097 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:09.948839903 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.982821941 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:09.983283043 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.138928890 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.139236927 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.139815092 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.139935017 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.140006065 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.140069962 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.295468092 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.295523882 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.433463097 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.434000969 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.590413094 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.590831995 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.590907097 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.590976000 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.591294050 CEST	49749	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.592973948 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.749067068 CEST	587	49749	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.751324892 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.751444101 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:10.908277035 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:10.908426046 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:11.063965082 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.064317942 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.064521074 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:11.220438957 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.221632957 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:11.380748034 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.380773067 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.381633997 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:11.382025957 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:11.537497044 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.537518978 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.537530899 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.538104057 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.538387060 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:11.694356918 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.695461988 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.696043968 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:11.851552963 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.853580952 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:11.854116917 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.011655092 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.011967897 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.012178898 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.167897940 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.191976070 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.192182064 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.347778082 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.347973108 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.348321915 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.348387003 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.348423004 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.348448038 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.503973961 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.504000902 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.641174078 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.641972065 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.797465086 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.797805071 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.797817945 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.797900915 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.798280954 CEST	49750	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.799321890 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:12.953752041 CEST	587	49750	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.955353022 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:12.955466032 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:13.114356041 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.114670038 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:13.270629883 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.270659924 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.270838022 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:13.427902937 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.428385019 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:13.590393066 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.590569973 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.591332912 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:13.591732025 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:13.751296043 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.751353979 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.751393080 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.751662970 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.752012968 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:13.907802105 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.909096003 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:13.909353971 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:14.066958904 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:14.069550991 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:14.069866896 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:14.227756023 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:14.227991104 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:14.228189945 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:14.383685112 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:14.407402992 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:14.407710075 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:14.564086914 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:14.564290047 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:14.564840078 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:14.564840078 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:14.564840078 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:14.564840078 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:14.723099947 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.050837040 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.051464081 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:15.207882881 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.208436012 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.208479881 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.208889008 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:15.208889961 CEST	49751	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:15.209774017 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:15.366976023 CEST	587	49751	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.369966030 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.370218039 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:15.530292034 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.530472994 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:15.686167955 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.686259031 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.688030005 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:15.843866110 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:15.844377995 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.001452923 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.001482964 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.002335072 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.002702951 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.158546925 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.158566952 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.159174919 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.159454107 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.159779072 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.316370010 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.317981005 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.318403006 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.474163055 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.477684975 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.477943897 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.633737087 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.634232998 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.634459972 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.791935921 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.811902046 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.812099934 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.967905045 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.967988968 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:16.968528986 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.968615055 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.968682051 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:16.968713045 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:17.124288082 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:17.124305964 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:17.125667095 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:17.269762039 CEST	587	49752	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:17.276391029 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:17.325649977 CEST	49752	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:17.432209015 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:17.432713985 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:17.589915037 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:17.593781948 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:17.749033928 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:17.749226093 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:17.750180006 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:17.905450106 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:17.908554077 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:18.064827919 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.064851999 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.065598965 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:18.065968990 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:18.220947981 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.220976114 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.221179962 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.221472979 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.221653938 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:18.377577066 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.378694057 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.379028082 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:18.534648895 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.539999008 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.540244102 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:18.697124958 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.699419975 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.699626923 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:18.856369972 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.888890028 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:18.889313936 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.046457052 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.046508074 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.046896935 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.046897888 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.046955109 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.046955109 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.202558994 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.202595949 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.347970009 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.350266933 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.507985115 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.508326054 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.508352041 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.508534908 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.509910107 CEST	49753	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.510150909 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.666369915 CEST	587	49753	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.666502953 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.666615963 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.824335098 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.826215029 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:19.982953072 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.983182907 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:19.983573914 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:20.139611959 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.140048981 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:20.298533916 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.300421000 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.301352024 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:20.301855087 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:20.457396984 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.457423925 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.457729101 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.459474087 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.459707022 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:20.621973991 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.621997118 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.622380972 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:20.779197931 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.783006907 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.783233881 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:20.941554070 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.943372965 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:20.943608046 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.099519014 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.132342100 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.132718086 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.288153887 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.288316965 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.288700104 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.288729906 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.288752079 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.288752079 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.444605112 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.444853067 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.582992077 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.585639000 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.742186069 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.742427111 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.742436886 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.742573023 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.743681908 CEST	49755	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.743680954 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:21.899565935 CEST	587	49755	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.899645090 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:21.899867058 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:22.056982040 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.057945967 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:22.214147091 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.215035915 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.215224028 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:22.372339964 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.372770071 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:22.529542923 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.529580116 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.530493021 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:22.530976057 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:22.686805010 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.686871052 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.687376976 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.687655926 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.687866926 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:22.844269991 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.845453024 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:22.845721960 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:23.006695032 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.009367943 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.012062073 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:23.173115969 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.174810886 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.182112932 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:23.342056990 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.366343021 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.367347002 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:23.533834934 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.533850908 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.535367966 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:23.535368919 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:23.535368919 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:23.535538912 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:23.694765091 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.841706038 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:23.846383095 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.006714106 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.007294893 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.007311106 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.007424116 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.008579016 CEST	49756	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.008593082 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.165157080 CEST	587	49756	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.165374994 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.165448904 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.322544098 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.322709084 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.478037119 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.478316069 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.478445053 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.635215044 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.635653019 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.794497967 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.794656992 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:24.838862896 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.983150005 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:24.983396053 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:25.141273022 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:25.141282082 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:25.141990900 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:25.147918940 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:25.229933977 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:25.236998081 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:25.303735971 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:25.304721117 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:25.305108070 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:25.386944056 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:25.386956930 CEST	587	49757	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:25.387115002 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:25.387115002 CEST	49757	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:25.393476009 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:25.401654005 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:25.561706066 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:25.698298931 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:26.897279978 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:27.074872017 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.074891090 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.082814932 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:27.238905907 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.239311934 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:27.395350933 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.395937920 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.396823883 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:27.397166967 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:27.552382946 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.552453995 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.552614927 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.553359032 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.553632021 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:27.709069967 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.710975885 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.711208105 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:27.866859913 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.869250059 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:27.869518042 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.025841951 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.026226997 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.026576042 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.184318066 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.208355904 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.208646059 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.364864111 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.364888906 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.365253925 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.365253925 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.365253925 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.365253925 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.520978928 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.666348934 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.667176962 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.823733091 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.824131012 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.824143887 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.824594975 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.824594975 CEST	49758	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.825320959 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:28.980473995 CEST	587	49758	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.981468916 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:28.981638908 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:29.140372038 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.140517950 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:29.296214104 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.296483994 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.296628952 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:29.452651024 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.453155041 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:29.609621048 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.609747887 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.610745907 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:29.611063957 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:29.767137051 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.767152071 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.767236948 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.767571926 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.767807961 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:29.923029900 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.924338102 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:29.924580097 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.080341101 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.083630085 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.083800077 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.104801893 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.106826067 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.241523027 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.241813898 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.241916895 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.262584925 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.262793064 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.263174057 CEST	587	49759	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.263473988 CEST	49759	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.265260935 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.265769958 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.422092915 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.422420979 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.579056025 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.580671072 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.585772038 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.745373011 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.745810032 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.901395082 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.901699066 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:30.902765036 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:30.903105974 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:31.058281898 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.058362961 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.058374882 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.059026003 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.059478998 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:31.216819048 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.218615055 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.218960047 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:31.374625921 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.377839088 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.378092051 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:31.533792019 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.534395933 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.534564018 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:31.695455074 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.718422890 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.718641996 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:31.873807907 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.874634027 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:31.874950886 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:31.875005960 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:31.875005960 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:31.875005960 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:32.031768084 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.031790018 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.031807899 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.174048901 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.178292036 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:32.334084034 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.334101915 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.334110022 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.334310055 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:32.335339069 CEST	49760	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:32.335341930 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:32.491800070 CEST	587	49760	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.491808891 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.492089987 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:32.648741007 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.649774075 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:32.805005074 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.805299997 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.805778027 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:32.961100101 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:32.961915970 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:33.117300987 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.117535114 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.120814085 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:33.124522924 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:33.276360989 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.276376963 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.279774904 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.280812025 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.281044960 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:33.436944962 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.438033104 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.438340902 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:33.593497038 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.595483065 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.595834970 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:33.751245975 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.752017975 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.752249956 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:33.907538891 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.933579922 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:33.933825970 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:34.090739012 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:34.090869904 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:34.091156006 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:34.091192007 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:34.091222048 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:34.091252089 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:34.246851921 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:34.246867895 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:34.386635065 CEST	587	49761	198.54.122.135	192.168.2.6
Apr 15, 2024 15:38:34.432568073 CEST	49761	587	192.168.2.6	198.54.122.135
Apr 15, 2024 15:38:38.969645977 CEST	49718	80	192.168.2.6	132.226.247.73

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2024 15:36:45.445336103 CEST	53941	53	192.168.2.6	1.1.1.1
Apr 15, 2024 15:36:45.547465086 CEST	53	53941	1.1.1.1	192.168.2.6
Apr 15, 2024 15:36:46.350486040 CEST	63124	53	192.168.2.6	1.1.1.1
Apr 15, 2024 15:36:46.452902079 CEST	53	63124	1.1.1.1	192.168.2.6
Apr 15, 2024 15:36:55.079835892 CEST	57027	53	192.168.2.6	1.1.1.1
Apr 15, 2024 15:36:55.237257957 CEST	53	57027	1.1.1.1	192.168.2.6
Apr 15, 2024 15:37:31.903845072 CEST	50059	53	192.168.2.6	1.1.1.1
Apr 15, 2024 15:37:32.041100979 CEST	53	50059	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 15, 2024 15:36:45.445336103 CEST	192.168.2.6	1.1.1.1	0xa0d1	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:46.350486040 CEST	192.168.2.6	1.1.1.1	0x5ef3	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:55.079835892 CEST	192.168.2.6	1.1.1.1	0xcfe8	Standard query (0)	scratchdreams.tk	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:37:31.903845072 CEST	192.168.2.6	1.1.1.1	0xb921	Standard query (0)	mail.privateemail.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 15, 2024 15:36:45.547465086 CEST	1.1.1.1	192.168.2.6	0xa0d1	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2024 15:36:45.547465086 CEST	1.1.1.1	192.168.2.6	0xa0d1	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:45.547465086 CEST	1.1.1.1	192.168.2.6	0xa0d1	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:45.547465086 CEST	1.1.1.1	192.168.2.6	0xa0d1	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:45.547465086 CEST	1.1.1.1	192.168.2.6	0xa0d1	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:45.547465086 CEST	1.1.1.1	192.168.2.6	0xa0d1	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:46.452902079 CEST	1.1.1.1	192.168.2.6	0x5ef3	No error (0)	reallyfreegeoip.org		104.21.67.152	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:46.452902079 CEST	1.1.1.1	192.168.2.6	0x5ef3	No error (0)	reallyfreegeoip.org		172.67.177.134	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:55.237257957 CEST	1.1.1.1	192.168.2.6	0xcfe8	No error (0)	scratchdreams.tk		172.67.169.18	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:36:55.237257957 CEST	1.1.1.1	192.168.2.6	0xcfe8	No error (0)	scratchdreams.tk		104.21.27.85	A (IP address)	IN (0x0001)	false
Apr 15, 2024 15:37:32.041100979 CEST	1.1.1.1	192.168.2.6	0xb921	No error (0)	mail.privateemail.com		198.54.122.135	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

scratchdreams.tk

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49712	132.226.247.73	80	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2024 15:36:45.801886082 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 15, 2024 15:36:46.050673962 CEST	321	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:45 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: dc0dfaa3e8583e17d6df70fa759e1b81 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 81.181.62.56</body></html>
Apr 15, 2024 15:36:46.054557085 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 15, 2024 15:36:46.304549932 CEST	321	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:46 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: cff812ea3a37f8717f85d99fe3bc4616 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 81.181.62.56</body></html>
Apr 15, 2024 15:36:47.192090034 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 15, 2024 15:36:47.442157030 CEST	321	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:47 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: de27f5700b93556b3905f61efdfb0e6e Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 81.181.62.56</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49715	132.226.247.73	80	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2024 15:36:48.410444975 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 15, 2024 15:36:48.658112049 CEST	321	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:48 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 699279e03e14d94752d1876bdbe405a9 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 81.181.62.56</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49718	132.226.247.73	80	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2024 15:36:49.623795033 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Apr 15, 2024 15:36:49.873615026 CEST	321	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:49 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 43cd56cc5cd651aa3d4329944a0856c9 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 81.181.62.56</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49720	132.226.247.73	80	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2024 15:36:50.883027077 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 15, 2024 15:36:51.153641939 CEST	321	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:51 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 953c41fe82475827c25f80e6b6ca6a53 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 81.181.62.56</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49722	132.226.247.73	80	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2024 15:36:51.874912977 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 15, 2024 15:36:52.123655081 CEST	321	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:51 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 94c9812909b3e4ce05b56384bd689a74 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 81.181.62.56</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49724	132.226.247.73	80	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2024 15:36:53.095824003 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 15, 2024 15:36:53.346129894 CEST	321	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:53 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f1e00efa48e27b5affaee15dc41eb760 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 81.181.62.56</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49726	132.226.247.73	80	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2024 15:36:54.078924894 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Apr 15, 2024 15:36:54.342428923 CEST	321	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:54 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 1f6ffc34bff39dd072c96d47534aeefe Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 81.181.62.56</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49713	104.21.67.152	443	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-15 13:36:46 UTC	85	OUT	GET /xml/81.181.62.56 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-15 13:36:47 UTC	699	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:47 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: MISS Last-Modified: Mon, 15 Apr 2024 13:36:47 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nkimT1hyJiFfn7bQk23o8wmrx34n7yygssvhvZox6bvoNY8IFAHL0dFxu77h6TJP0cnX%2Bj1dMcrbpqLZHngISV8kCD2681%2Fu%2BGvmVeDQ3HfpZ%2BhvM%2BQH3rUwL6RoHqPa4AQGgyFj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 874c5394fcd861a9-ORD alt-svc: h3=":443"; ma=86400
2024-04-15 13:36:47 UTC	336	IN	Data Raw: 31 34 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 52 4f 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 52 6f 6d 61 6e 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 42 75 63 68 61 72 65 73 74 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 34 35 2e 39 39 36 38 3c 2f Data Ascii: 149<Response><IP>81.181.62.56</IP><CountryCode>RO</CountryCode><CountryName>Romania</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Bucharest</TimeZone><Latitude>45.9968</
2024-04-15 13:36:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49714	104.21.67.152	443	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-15 13:36:47 UTC	61	OUT	GET /xml/81.181.62.56 HTTP/1.1 Host: reallyfreegeoip.org
2024-04-15 13:36:48 UTC	703	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:48 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: MISS Last-Modified: Mon, 15 Apr 2024 13:36:48 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8I3V3t2HmC1%2BCYusP3IkS9A%2FgPIHWx7WPhLBj6c%2B1lGyj8rL1eS6eZ2a5NY6glt2d2f7YmhtS8p%2BmJX96XsOC%2BeneBnko6rgD3Kn%2BTrDFYzFIKw4uO9KSyppKS1ZHJgp%2BFw85fPJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 874c539b0e156309-ORD alt-svc: h3=":443"; ma=86400
2024-04-15 13:36:48 UTC	336	IN	Data Raw: 31 34 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 52 4f 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 52 6f 6d 61 6e 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 42 75 63 68 61 72 65 73 74 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 34 35 2e 39 39 36 38 3c 2f Data Ascii: 149<Response><IP>81.181.62.56</IP><CountryCode>RO</CountryCode><CountryName>Romania</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Bucharest</TimeZone><Latitude>45.9968</
2024-04-15 13:36:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49717	104.21.67.152	443	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-15 13:36:48 UTC	85	OUT	GET /xml/81.181.62.56 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-15 13:36:49 UTC	691	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:49 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: MISS Last-Modified: Mon, 15 Apr 2024 13:36:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=53X2mzQcLAmW5GJv7pW2dI6xVwot3fox7O7x5%2BhBAfV7H0M3bEDmWqZrKIG7hXH9cZ03YgL6DEwRLEmUrnxr7G5bHRLE6IJ0hhUoPkFqKWAkisrlIYewrtarMNlLcWSpdSe3ps4n"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 874c53a2adb1113b-ORD alt-svc: h3=":443"; ma=86400
2024-04-15 13:36:49 UTC	336	IN	Data Raw: 31 34 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 52 4f 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 52 6f 6d 61 6e 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 42 75 63 68 61 72 65 73 74 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 34 35 2e 39 39 36 38 3c 2f Data Ascii: 149<Response><IP>81.181.62.56</IP><CountryCode>RO</CountryCode><CountryName>Romania</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Bucharest</TimeZone><Latitude>45.9968</
2024-04-15 13:36:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49719	104.21.67.152	443	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-15 13:36:50 UTC	85	OUT	GET /xml/81.181.62.56 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-15 13:36:50 UTC	712	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:50 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 3 Last-Modified: Mon, 15 Apr 2024 13:36:47 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7oqCOPwynpQcQfSzvfqdv3%2F%2F%2FzJ8Ej%2F3WMAsiUnuwwycsBhr1n9wCIy1Wob7PsPIpbVfYASM3eyzz%2Fd2%2FPI7gZB01n0BkHGYsNdPJQ4sEM2SoQLUNzOjP13M9yIo4n%2FL6zGiju%2BY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 874c53ac0b9a60a7-ORD alt-svc: h3=":443"; ma=86400
2024-04-15 13:36:50 UTC	336	IN	Data Raw: 31 34 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 52 4f 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 52 6f 6d 61 6e 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 42 75 63 68 61 72 65 73 74 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 34 35 2e 39 39 36 38 3c 2f Data Ascii: 149<Response><IP>81.181.62.56</IP><CountryCode>RO</CountryCode><CountryName>Romania</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Bucharest</TimeZone><Latitude>45.9968</
2024-04-15 13:36:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49721	104.21.67.152	443	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-15 13:36:51 UTC	85	OUT	GET /xml/81.181.62.56 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-15 13:36:51 UTC	710	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:51 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 3 Last-Modified: Mon, 15 Apr 2024 13:36:48 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RyMngPU0PTeIEQr7OMGSUUxGN87dh0qxbctWkxsLoH8%2B7m2ebJyGS4LS8%2BYm8bNhSVrgX49%2Ft3EqqDokARc9x%2Byprwy3mX23tg9nFb2LklU%2FUJK6%2F44J2iAKZk%2FuJUa4sA8BSvA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 874c53b24b826342-ORD alt-svc: h3=":443"; ma=86400
2024-04-15 13:36:51 UTC	336	IN	Data Raw: 31 34 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 52 4f 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 52 6f 6d 61 6e 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 42 75 63 68 61 72 65 73 74 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 34 35 2e 39 39 36 38 3c 2f Data Ascii: 149<Response><IP>81.181.62.56</IP><CountryCode>RO</CountryCode><CountryName>Romania</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Bucharest</TimeZone><Latitude>45.9968</
2024-04-15 13:36:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49723	104.21.67.152	443	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-15 13:36:52 UTC	61	OUT	GET /xml/81.181.62.56 HTTP/1.1 Host: reallyfreegeoip.org
2024-04-15 13:36:52 UTC	697	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:52 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: MISS Last-Modified: Mon, 15 Apr 2024 13:36:52 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nhPVnOP3g9C3c3ysyX4KKtkVAbBqjFTS9%2BQuJtM%2BjVeyUPyqJra0qcULyNV3bZI2%2B0hfWCB4%2FDfcgEHp1O2dWhBpzETXPspuFa8i53dVDY7G5Q8Par70cjwl1We75T9XT2BKG6sU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 874c53b85a511b66-ORD alt-svc: h3=":443"; ma=86400
2024-04-15 13:36:52 UTC	336	IN	Data Raw: 31 34 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 52 4f 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 52 6f 6d 61 6e 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 42 75 63 68 61 72 65 73 74 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 34 35 2e 39 39 36 38 3c 2f Data Ascii: 149<Response><IP>81.181.62.56</IP><CountryCode>RO</CountryCode><CountryName>Romania</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Bucharest</TimeZone><Latitude>45.9968</
2024-04-15 13:36:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49725	104.21.67.152	443	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-15 13:36:53 UTC	85	OUT	GET /xml/81.181.62.56 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-15 13:36:53 UTC	704	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:53 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 6 Last-Modified: Mon, 15 Apr 2024 13:36:47 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5aMfqgTrAoHk1mnuKeKxzSHEvsYYsZeJ%2Bpxi9F72tE0u6pAhGoljHXYi2wvg5KEpYNLEKWLV%2F2WV3%2BnaICgg%2BGdgl1laPAHwdYf6ivTXdkTwqJ9yoGwvGBKMlYn6ko3CGSCoOPfv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 874c53c0095361f7-ORD alt-svc: h3=":443"; ma=86400
2024-04-15 13:36:53 UTC	336	IN	Data Raw: 31 34 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 52 4f 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 52 6f 6d 61 6e 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 42 75 63 68 61 72 65 73 74 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 34 35 2e 39 39 36 38 3c 2f Data Ascii: 149<Response><IP>81.181.62.56</IP><CountryCode>RO</CountryCode><CountryName>Romania</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Bucharest</TimeZone><Latitude>45.9968</
2024-04-15 13:36:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49727	104.21.67.152	443	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-15 13:36:54 UTC	85	OUT	GET /xml/81.181.62.56 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-04-15 13:36:55 UTC	697	IN	HTTP/1.1 200 OK Date: Mon, 15 Apr 2024 13:36:55 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: MISS Last-Modified: Mon, 15 Apr 2024 13:36:55 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rCrEelVSFJ5VAJ%2F8ypEmBLTeqqdof1bRGlvZxKQZ5bSIRs%2FfLaahhi2czLFwUNVPaninImTtC5DWRdoSZgC4TQoq8%2BEhaAqkf9nzCl1xwoBn2oXX8uynwfzQ%2FV1V1E2QraZZOMVv"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 874c53c63c54e13b-ORD alt-svc: h3=":443"; ma=86400
2024-04-15 13:36:55 UTC	336	IN	Data Raw: 31 34 39 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 31 2e 31 38 31 2e 36 32 2e 35 36 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 52 4f 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 52 6f 6d 61 6e 69 61 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 42 75 63 68 61 72 65 73 74 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 34 35 2e 39 39 36 38 3c 2f Data Ascii: 149<Response><IP>81.181.62.56</IP><CountryCode>RO</CountryCode><CountryName>Romania</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>Europe/Bucharest</TimeZone><Latitude>45.9968</
2024-04-15 13:36:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49728	172.67.169.18	443	2748	C:\Users\user\Desktop\rSyDiExlek.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-15 13:36:55 UTC	79	OUT	GET /_send_.php?TS HTTP/1.1 Host: scratchdreams.tk Connection: Keep-Alive
2024-04-15 13:37:26 UTC	741	IN	HTTP/1.1 522 Date: Mon, 15 Apr 2024 13:37:26 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPZSYvvkfj5NuuVtzKObzw8wZ1bFQm5O%2B8LsM5Z%2BOGgIn%2Fy1ZU3R%2FNoa3N3Yqz4Zr5lMNU05sUrMAlR9%2F6tcjIaKMv8oc03V4%2BhObsNMJ0GAUouWcefffDUOV6eLT90xyxK9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Server: cloudflare CF-RAY: 874c53cbcef50285-ORD alt-svc: h3=":443"; ma=86400
2024-04-15 13:37:26 UTC	15	IN	Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32 Data Ascii: error code: 522

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Apr 15, 2024 15:37:32.691543102 CEST	587	49736	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:37:32.691754103 CEST	49736	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:37:32.847651958 CEST	587	49736	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:37:32.848083973 CEST	49736	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:37:33.004703999 CEST	587	49736	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:37:44.334944963 CEST	587	49738	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:37:44.335118055 CEST	49738	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:37:44.490546942 CEST	587	49738	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:37:44.490721941 CEST	49738	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:37:44.647938967 CEST	587	49738	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:37:46.576179981 CEST	587	49739	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:37:46.576345921 CEST	49739	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:37:46.732119083 CEST	587	49739	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:37:46.732326031 CEST	49739	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:37:46.887476921 CEST	587	49739	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:37:50.120487928 CEST	587	49741	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:37:50.120685101 CEST	49741	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:37:50.284188032 CEST	587	49741	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:37:50.284353018 CEST	49741	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:37:50.445205927 CEST	587	49741	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:37:52.710578918 CEST	587	49742	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:37:52.710745096 CEST	49742	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:37:52.868074894 CEST	587	49742	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:37:52.868246078 CEST	49742	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:37:53.024832964 CEST	587	49742	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:37:54.939358950 CEST	587	49743	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:37:54.941627026 CEST	49743	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:37:55.097816944 CEST	587	49743	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:37:55.098099947 CEST	49743	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:37:55.253473043 CEST	587	49743	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:37:57.167383909 CEST	587	49744	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:37:57.167555094 CEST	49744	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:37:57.324693918 CEST	587	49744	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:37:57.324853897 CEST	49744	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:37:57.480787992 CEST	587	49744	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:00.042244911 CEST	587	49745	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:00.042418003 CEST	49745	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:00.199099064 CEST	587	49745	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:00.199276924 CEST	49745	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:00.355144024 CEST	587	49745	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:02.263448000 CEST	587	49746	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:02.263659000 CEST	49746	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:02.424772978 CEST	587	49746	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:02.425024033 CEST	49746	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:02.586990118 CEST	587	49746	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:04.506795883 CEST	587	49747	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:04.507015944 CEST	49747	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:04.665694952 CEST	587	49747	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:04.665863991 CEST	49747	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:04.822305918 CEST	587	49747	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:06.761755943 CEST	587	49749	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:06.907516003 CEST	49749	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:07.063736916 CEST	587	49749	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:07.063947916 CEST	49749	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:07.219732046 CEST	587	49749	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:10.908277035 CEST	587	49750	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:10.908426046 CEST	49750	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:11.064317942 CEST	587	49750	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:11.064521074 CEST	49750	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:11.220438957 CEST	587	49750	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:13.114356041 CEST	587	49751	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:13.114670038 CEST	49751	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:13.270659924 CEST	587	49751	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:13.270838022 CEST	49751	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:13.427902937 CEST	587	49751	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:15.530292034 CEST	587	49752	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:15.530472994 CEST	49752	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:15.686259031 CEST	587	49752	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:15.688030005 CEST	49752	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:15.843866110 CEST	587	49752	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:17.589915037 CEST	587	49753	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:17.593781948 CEST	49753	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:17.749226093 CEST	587	49753	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:17.750180006 CEST	49753	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:17.905450106 CEST	587	49753	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:19.824335098 CEST	587	49755	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:19.826215029 CEST	49755	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:19.983182907 CEST	587	49755	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:19.983573914 CEST	49755	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:20.139611959 CEST	587	49755	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:22.056982040 CEST	587	49756	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:22.057945967 CEST	49756	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:22.215035915 CEST	587	49756	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:22.215224028 CEST	49756	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:22.372339964 CEST	587	49756	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:24.322544098 CEST	587	49757	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:24.322709084 CEST	49757	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:24.478316069 CEST	587	49757	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:24.478445053 CEST	49757	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:24.635215044 CEST	587	49757	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:25.561706066 CEST	587	49758	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:26.897279978 CEST	49758	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:27.074891090 CEST	587	49758	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:27.082814932 CEST	49758	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:27.238905907 CEST	587	49758	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:29.140372038 CEST	587	49759	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:29.140517950 CEST	49759	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:29.296483994 CEST	587	49759	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:29.296628952 CEST	49759	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:29.452651024 CEST	587	49759	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:30.422092915 CEST	587	49760	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:30.422420979 CEST	49760	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:30.580671072 CEST	587	49760	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:30.585772038 CEST	49760	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:30.745373011 CEST	587	49760	198.54.122.135	192.168.2.6	220 Ready to start TLS
Apr 15, 2024 15:38:32.648741007 CEST	587	49761	198.54.122.135	192.168.2.6	220 PrivateEmail.com prod Mail Node
Apr 15, 2024 15:38:32.649774075 CEST	49761	587	192.168.2.6	198.54.122.135	EHLO 562258
Apr 15, 2024 15:38:32.805299997 CEST	587	49761	198.54.122.135	192.168.2.6	250-mta-14.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-CHUNKING 250 STARTTLS
Apr 15, 2024 15:38:32.805778027 CEST	49761	587	192.168.2.6	198.54.122.135	STARTTLS
Apr 15, 2024 15:38:32.961100101 CEST	587	49761	198.54.122.135	192.168.2.6	220 Ready to start TLS

Target ID:	0
Start time:	15:36:43
Start date:	15/04/2024
Path:	C:\Users\user\Desktop\rSyDiExlek.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\rSyDiExlek.exe"
Imagebase:	0xa70000
File size:	133'632 bytes
MD5 hash:	908016EDDD0DC90BB69C0FF9F8560D68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4589198071.0000000002FD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.4589198071.0000000002FD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000000.2124458892.0000000000A72000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.4589198071.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	11.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	63.2%
Total number of Nodes:	19
Total number of Limit Nodes:	0

Executed Functions

Function 05A03688 Relevance: 4.3, Strings: 1, Instructions: 3069COMMON

Download Yara Rule

Strings

N, xrefs: 05A06A68

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID: N
API String ID: 0-1130791706
Opcode ID: c255276c385283b7c0c3fa1756f56ce35816533bd71c949c4972b1b59aaf91b9
Instruction ID: 478fb93bace3cdb87cee63b68fa6eb62652fa53c2b944d12ab4d5ce6c954da0c
Opcode Fuzzy Hash: c255276c385283b7c0c3fa1756f56ce35816533bd71c949c4972b1b59aaf91b9
Instruction Fuzzy Hash: 2773F631D1075A8EDB11EF68C844A99FBB1FF99300F11D69AE45877261EB70AAC4CF81

Uniqueness

Uniqueness Score: -1.00%

Function 05A08278 Relevance: 3.5, Strings: 1, Instructions: 2266COMMON

Download Yara Rule

Strings

K, xrefs: 05A0A94B

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: bd230474b7945068b3a97e0445091cf8abaed3c7e8da31e126196b1737d66b47
Instruction ID: 77ffe6d368724d16247b1353effa042b2b6ee34301023a2233eab9a3a4c4ea33
Opcode Fuzzy Hash: bd230474b7945068b3a97e0445091cf8abaed3c7e8da31e126196b1737d66b47
Instruction Fuzzy Hash: 9F33F330D147198EDB21EF68C894A9DF7B1FF99300F10D69AE45867261EB70AAC5CF81

Uniqueness

Uniqueness Score: -1.00%

Function 05A07BA8 Relevance: 1.9, APIs: 1, Instructions: 357
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ecedda3c134ef2009fc35efd25a7667ec5825483cb40ac6e2cbc3a68e872c8b
Instruction ID: 0b6a160c36acbc623939a08221a961f6f5572d5fd518937d0a0832d842ce4e0e
Opcode Fuzzy Hash: 2ecedda3c134ef2009fc35efd25a7667ec5825483cb40ac6e2cbc3a68e872c8b
Instruction Fuzzy Hash: 80F10674E11218DFDB24DFA9D884B9DBBB2FF44300F5481A9D808AB395DB74A986CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0822E Relevance: 1.5, Strings: 1, Instructions: 275COMMON

Download Yara Rule

Strings

K, xrefs: 05A0A94B

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: a0513fe487444209fb44000a3f77dd704cb33f4fa21a2b9aeac9d8f01d614567
Instruction ID: 002fea5c1253a8864a850bec58d99bce7a73984793a46d645a7301bf34540fd1
Opcode Fuzzy Hash: a0513fe487444209fb44000a3f77dd704cb33f4fa21a2b9aeac9d8f01d614567
Instruction Fuzzy Hash: F4C16771D146198FDB10DF69D884BDDBBB1FF89300F14D29AD418AB2A1EB74AA85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02D198B8 Relevance: .9, Instructions: 863COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46437124f8c31c262809a4e9f5cd0a7612e7506404c9dd5656320a2c8aabf98
Instruction ID: 4a2951c02ccb07027f04dd7d116c855edda446d3c7770ab6ac79f137da2edbc3
Opcode Fuzzy Hash: a46437124f8c31c262809a4e9f5cd0a7612e7506404c9dd5656320a2c8aabf98
Instruction Fuzzy Hash: A972B070A00209EFCB15CFA8E994AAEBBF2FF89300F158555E8459B7A5D730EC95CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06A611A0 Relevance: .7, Instructions: 745
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e84d4bcd769fae409b6137aabef31c4c7e642fe017704a0a4eb5d443b7fe6477
Instruction ID: 5334ce883aa3c40ef7c09dd44d86b8126db1f786eb39cc43f38fc8dca3e6b157
Opcode Fuzzy Hash: e84d4bcd769fae409b6137aabef31c4c7e642fe017704a0a4eb5d443b7fe6477
Instruction Fuzzy Hash: AB827C74E412688FDB64DF69D994BDDBBB2BF89300F1081EA980DA7264DB305E85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02D1EDF0 Relevance: .7, Instructions: 717
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fb1bc59e45018d951ef31c46ae2d76dc4351fe667ec2898e257e24d946d5536
Instruction ID: 78d71828228cc3a3a1a04709262779436906ffb858cb71a3f8a37916a59864b3
Opcode Fuzzy Hash: 2fb1bc59e45018d951ef31c46ae2d76dc4351fe667ec2898e257e24d946d5536
Instruction Fuzzy Hash: BF72CD74E012299FDB64DF69D880BEDBBB2BB49300F1481E9D849A7755DB30AE81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02D16168 Relevance: .5, Instructions: 514COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 912a61bce8dc43d5553cb7daf6c8bc2155a4dce7e43e7b34520180fe63ada373
Instruction ID: 3089abc398b20763eb29dc24344179d893c6cbe3c1c69c4f9bcaa21cdff2f573
Opcode Fuzzy Hash: 912a61bce8dc43d5553cb7daf6c8bc2155a4dce7e43e7b34520180fe63ada373
Instruction Fuzzy Hash: 8D129D70A002199FDB14DF69E854BAEBBFABF88300F148529E946DB795DB30DC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02D16790 Relevance: .4, Instructions: 444
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7462c9c583034fa8be6b77d42e607da5f02001b98e1e84db783130694164702d
Instruction ID: 9822dba47a2135da118932257bc03b966e07653b1fde952523a5c9f6989d6242
Opcode Fuzzy Hash: 7462c9c583034fa8be6b77d42e607da5f02001b98e1e84db783130694164702d
Instruction Fuzzy Hash: 83022E70A00119EFCB14CF69E984AAEBBFAFF48304F158069E415AB7A5D730DC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02D1B388 Relevance: .4, Instructions: 350
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe5d1e45d9a5c3ee532f49f1479a110a8d0fe222c9ab9025040438544ee9758f
Instruction ID: d88861433dd138d334cc42fdd6feff0d8562efc301a346fe1ba17ef2cb482ee6
Opcode Fuzzy Hash: fe5d1e45d9a5c3ee532f49f1479a110a8d0fe222c9ab9025040438544ee9758f
Instruction Fuzzy Hash: B5E1E975E00258DFDB14CFA9E984A9DBBB2FF59318F15806AE809AB761D730AC41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A68608 Relevance: .3, Instructions: 296
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1d6ff975bd4d26fd57879bd20bcf5ed3fb315cca1da8b5de4bfb4357eba15c
Instruction ID: 19a52d352ac16979002306a11b87ea31041d8db926ae71135a2d2ebf52865b33
Opcode Fuzzy Hash: 6a1d6ff975bd4d26fd57879bd20bcf5ed3fb315cca1da8b5de4bfb4357eba15c
Instruction Fuzzy Hash: EBE1B174E01218CFEB64DFA5D954B9DBBB2FF89300F2081A9D409AB395DB355A85CF20

Uniqueness

Uniqueness Score: -1.00%

Function 02D1FA10 Relevance: .3, Instructions: 274
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9b4a3f6be6e10d02d1f9a568d8f74e6d227323a95b792c7e18b9c986cbab7b1
Instruction ID: 11e0cdce2e193628cf7777ffa9c64de471b20b0e0c00f3cb8a4631b86a97cebd
Opcode Fuzzy Hash: d9b4a3f6be6e10d02d1f9a568d8f74e6d227323a95b792c7e18b9c986cbab7b1
Instruction Fuzzy Hash: BCD1BC74E01218CFDB24DFA5D994B9DBBB2FF89300F2081A9D809AB355DB349A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A608F0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e04f4702cfc5370ff650df74ed05f407a8cc759a402ce479d2c3d63059604a9e
Instruction ID: a2fb503c36d2e6990c018fc970e0b76d886017bdebd3fcf2948a62079d7af70d
Opcode Fuzzy Hash: e04f4702cfc5370ff650df74ed05f407a8cc759a402ce479d2c3d63059604a9e
Instruction Fuzzy Hash: 63C1BE74E01218CFDB54EFA5D994B9DBBB2FF89300F2081A9D809AB395DB345A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A68BF3 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c42b0d481f7cec01da511f358f901cbe54009e0007f316ecc58758bd64e94905
Instruction ID: c7aa2f3e26f22309dca377c0355a92e7d18e26175801713bd7da9602bf7272b9
Opcode Fuzzy Hash: c42b0d481f7cec01da511f358f901cbe54009e0007f316ecc58758bd64e94905
Instruction Fuzzy Hash: 80912570E01218CFEB64DFA6D854ADEBBF6BF89304F10816AE419AB354DB345945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06A6B6E8 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c226b1018aaac3002a7efbde140d1be5cfc17f22994d68507521eea688ee87ee
Instruction ID: 2738968b908ef265957f5ec24233048e302601881bbc06fe00662d685838ac9d
Opcode Fuzzy Hash: c226b1018aaac3002a7efbde140d1be5cfc17f22994d68507521eea688ee87ee
Instruction Fuzzy Hash: AFA19575E012188FEB64DF6AD944B9DBBF2BF89300F14C0AAD40DA7255DB305A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6D670 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fdfa7ea47450f0eb5bf8fe9d5f1f9afae4f7593836abcfc732bbcb255d16740
Instruction ID: d1fbbe6d04bfdbe9019c1d7b2f92ba31251dca3a9276ef895ee5e73090b7c907
Opcode Fuzzy Hash: 9fdfa7ea47450f0eb5bf8fe9d5f1f9afae4f7593836abcfc732bbcb255d16740
Instruction Fuzzy Hash: C1A1A271E012288FEB68DF6AD944B9DBBF2BF89300F14C0AAD40DA7254DB305A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6C388 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdafb79ec0f7d3dccec66c726aa88d5dc898d3bea7356ec6622a816ca01fc7d9
Instruction ID: 7478fd3727fa10aa99a44ab4d95eb900c3882bd71adcce91037b36651a8cf342
Opcode Fuzzy Hash: fdafb79ec0f7d3dccec66c726aa88d5dc898d3bea7356ec6622a816ca01fc7d9
Instruction Fuzzy Hash: 1CA1B4B1E012188FEB68DF6AC944B9DFBF2AF89310F14C0AAD44DA7255DB305A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6A408 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e40295518775232fee00f4d36269b5b2da1ff311ba626464c2825a18b36e338
Instruction ID: eec74adedf1fb52e6e8dadabd664e5c1b2655711f754c14ff2794c4dbb5147f9
Opcode Fuzzy Hash: 5e40295518775232fee00f4d36269b5b2da1ff311ba626464c2825a18b36e338
Instruction Fuzzy Hash: 38A1A275E012288FEB68DF6AC944B9DBBF2AF89300F14C0AAD50DB7254DB305A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6C9D8 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f1f651b73078cc345ce318749b93d7b63264d3c608fbb934c9c1ed4b4071ac0
Instruction ID: 534a85bb2d725381ca9b321cb6bcdaf806be8636f2b7fcca94a3ce76eae066d3
Opcode Fuzzy Hash: 1f1f651b73078cc345ce318749b93d7b63264d3c608fbb934c9c1ed4b4071ac0
Instruction Fuzzy Hash: 36A1B270E012288FEB68DF6AD944B9DBBF2AF89310F14C0AAD44DA7255DB345A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6BD38 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c556ed8b162350a058f31a6149fe5e86c7779202258eb95a75ff2c8f7d5edc8f
Instruction ID: abba2480aea1a5b33ca874f7a4bbc913e28d3308fd0665a58c3428cf16aa87ee
Opcode Fuzzy Hash: c556ed8b162350a058f31a6149fe5e86c7779202258eb95a75ff2c8f7d5edc8f
Instruction Fuzzy Hash: 7BA19174E012288FEB68DF6AD944B9DFBF2AF89300F14C0AAD50DA7255DB345A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6AA58 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49362e860a2cdbdb2b24f6b8c7deecdfcf15ef747147719086cbcca630df0925
Instruction ID: 65bb8c8cee17cb16585f99dd83d6a5cab00695cc92328b11f3c12e7880d20f71
Opcode Fuzzy Hash: 49362e860a2cdbdb2b24f6b8c7deecdfcf15ef747147719086cbcca630df0925
Instruction Fuzzy Hash: D4A19275E012288FEB68DF6AC944B9DBBF2AF89300F14C0AAD50DB7255DB345A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6B0A0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35bdb77bb8cd5a56ea8111f7d0298bb0e966f8aa3655ffcdc1b92302537731c9
Instruction ID: ff94371751d476f0871f25931f206c799824b829faad656d40be3cc9ef32e6b2
Opcode Fuzzy Hash: 35bdb77bb8cd5a56ea8111f7d0298bb0e966f8aa3655ffcdc1b92302537731c9
Instruction Fuzzy Hash: FCA18275E012188FEB68DF6AD944B9DFBF2AF89300F14C1AAD40CA7255DB345A85CF60

Uniqueness

Uniqueness Score: -1.00%

Function 06A6D028 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3805154b778274b8bd7fed70d7df736cf9bc6d16a124446636e6d95fb711451a
Instruction ID: d7b02b820c5282c922f4d676806daa234faa617222c1ddbfb041feea409bf67b
Opcode Fuzzy Hash: 3805154b778274b8bd7fed70d7df736cf9bc6d16a124446636e6d95fb711451a
Instruction Fuzzy Hash: 4CA18175E012288FEB68DF6AD944B9DFBF2AF89300F14C1AAD40DA7254DB345A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02D1C4D0 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00d682f67e9ca294f69b871bae80ca764924d7e550728afffce5d88c8aa4f0e2
Instruction ID: 87035b78cfb76b0415e32412f4e1c03d441c61265852735d7404e2cb78aa5d41
Opcode Fuzzy Hash: 00d682f67e9ca294f69b871bae80ca764924d7e550728afffce5d88c8aa4f0e2
Instruction Fuzzy Hash: AC91D274E00248DFDB14DFAAE884A9DBBF2BF89300F24806AD449AB365DB309D41CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02D1C7B1 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e445c9513e6fd9e8631f10dabac27fcd3399edb72de57f2cec1bcb9e54a151cc
Instruction ID: 242aa3a666eaf60613d003f5130c787ade4bf681307dfd69d78c7397ee056bc8
Opcode Fuzzy Hash: e445c9513e6fd9e8631f10dabac27fcd3399edb72de57f2cec1bcb9e54a151cc
Instruction Fuzzy Hash: 1781A174E10218DFDB14DFAAE894B9DBBF2BF89301F14806AD849AB365DB309941CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02D1C1F0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 883f5ab2f93e29269207519b5b0c7d0703c3a31d85c80e636adede8016906f43
Instruction ID: ffc35503511dfd5b2964673e44d30e03c4529feeaee9d9e9c017a89e68acbae2
Opcode Fuzzy Hash: 883f5ab2f93e29269207519b5b0c7d0703c3a31d85c80e636adede8016906f43
Instruction Fuzzy Hash: A381B474E50218DFDB14DFAAE884A9DBBF2BF88300F14806AD849AB355DB309D41CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02D14B31 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a77c05a4abc203db99958fccd5ad05b04e3eb18b20effbec34b58df629218f5
Instruction ID: 15c8281e7e1ad1efa86537b1032b6719cd41698be4a2b313f708f58cb07e3045
Opcode Fuzzy Hash: 7a77c05a4abc203db99958fccd5ad05b04e3eb18b20effbec34b58df629218f5
Instruction Fuzzy Hash: 0E819274E00218DFDB54DFAAE984A9DBBF2FF89310F148069E819AB365DB309941CF54

Uniqueness

Uniqueness Score: -1.00%

Function 02D1CA91 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caaed83d1d31e037036da24f1a1c275de29bf0602fd788026e00c6c4a6b3d940
Instruction ID: bdf518d5b58d7626e85a4737edc7566dc47cb91bd2df7a75578c0e335f1bd8c1
Opcode Fuzzy Hash: caaed83d1d31e037036da24f1a1c275de29bf0602fd788026e00c6c4a6b3d940
Instruction Fuzzy Hash: F281A074E11218DFDB14DFAAE984A9DBBF2BF89300F14806AD809AB365DB309D41CF51

Uniqueness

Uniqueness Score: -1.00%

Function 06A61191 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2679906cef99a00dc19a808d6f1773279f000eecc17dc49d5872f63b7ed0d7f0
Instruction ID: 0a4033e528651b2be5ca174bcb1a4efa6a05d7fe3ddd487beca35c97f56c4f6f
Opcode Fuzzy Hash: 2679906cef99a00dc19a808d6f1773279f000eecc17dc49d5872f63b7ed0d7f0
Instruction Fuzzy Hash: 1D81B174E412698FDB65DF2AD950BEDBBB2BF89300F1081EAD849A7254DB305E85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 02D1BC08 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b03f7ba103268c829d76cd2d9a0118b38a3b90e08e130a8de771866662dc2144
Instruction ID: 332f089d0a286c34d2ca28facea1cfdb328057457b7f2d614d1441b4b42b9750
Opcode Fuzzy Hash: b03f7ba103268c829d76cd2d9a0118b38a3b90e08e130a8de771866662dc2144
Instruction Fuzzy Hash: 2471F8B4E002489FDB14DFBAE984A9DBBF2FF89314F14806AD549AB365DB305842CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6B090 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 718c8b4655da42de29d1a9e3b3b6e29a73a7b932993fdc6bc7b1f290fd5d90b7
Instruction ID: ef956ae94c7375a168de1d879d9856759e0a67566c120fc5de4028c99bf93f55
Opcode Fuzzy Hash: 718c8b4655da42de29d1a9e3b3b6e29a73a7b932993fdc6bc7b1f290fd5d90b7
Instruction Fuzzy Hash: FF819571E016188FEB68DF6AD944B9EFBF2AF89300F14C1AAD40DA7255DB304A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6AA48 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee025b19c992146fa2b6291473fcd7bf4c158cbecbc5e26daa9c5e2316ee2411
Instruction ID: 390918c9f095fcc1a969511f433a82486e9462561afe97455c76b7f28eaabfc7
Opcode Fuzzy Hash: ee025b19c992146fa2b6291473fcd7bf4c158cbecbc5e26daa9c5e2316ee2411
Instruction Fuzzy Hash: 51719571E016188FEB68DF6AC944B9EBBF2AF89300F14C1AAD50DB7254DB305A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02D1B552 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bf2f0e78fbb888378d5623a9d746af93a1a2fea829b0cc7e023f174b195e53e
Instruction ID: 5b57137502ec2e67aa2d62fa845c4fa3b5cb3bdf7ce1ef38e669f5cb84ed76cc
Opcode Fuzzy Hash: 3bf2f0e78fbb888378d5623a9d746af93a1a2fea829b0cc7e023f174b195e53e
Instruction Fuzzy Hash: 8561B674E006589FDB14DFAAE944A9EBBF2FF88304F14816AD419AB365DB305941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6D027 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa505ef13964cce6599c7d14fc76ed976d1309c22c34296a64d9618e65e56b91
Instruction ID: 553ad69aad8ebfb88b058274d66323ec9ca7d2c89a06ed5f79e50ce58038494d
Opcode Fuzzy Hash: aa505ef13964cce6599c7d14fc76ed976d1309c22c34296a64d9618e65e56b91
Instruction Fuzzy Hash: 15718471E016288FEB68DF6AC944B9DFBF2AF89300F14C1AAD50DA7254DB305A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A68603 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 294ad2688470a13dde5a900b92f1a87de2715d8e8f72a977eea126cdd78dd782
Instruction ID: 6fae7ffacc3cf4240da85d04a217e1f3021dde018039d20a1506fc69088d37fe
Opcode Fuzzy Hash: 294ad2688470a13dde5a900b92f1a87de2715d8e8f72a977eea126cdd78dd782
Instruction Fuzzy Hash: A141D3B0D012088BEB58EFAAD9547DEBBF6AF89300F10C069D418BB294DB355946CF64

Uniqueness

Uniqueness Score: -1.00%

Function 06A6B6D8 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5296113fcb79f22315cc8976355e1d1830d281bffd72b73e6117aaa75edd77c0
Instruction ID: 7eff92a568202e8b399c6cea714589e2f35951f9fb31e4c8d46b1c72a2c64b8b
Opcode Fuzzy Hash: 5296113fcb79f22315cc8976355e1d1830d281bffd72b73e6117aaa75edd77c0
Instruction Fuzzy Hash: 02418DB1D016188BEB58DF6BDD447CAFAF3AFC8310F14C1AAD50CA6264DB740A868F50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6D663 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a1edcbc3bef7751a3870b16c49169cb2c0bb006d72f2e1504de67c7d8fa00e5
Instruction ID: c55aa799ef7a724f5b936ec2847077bd7d2a836c959f3da73769c149069dc596
Opcode Fuzzy Hash: 5a1edcbc3bef7751a3870b16c49169cb2c0bb006d72f2e1504de67c7d8fa00e5
Instruction Fuzzy Hash: F6417CB1E016188BEB58DF6BCD447CAFAF3AFC9300F14C1AAD50CA6264DB740A858F50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6C9C8 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31a343e7a3ae8f0a871f9d3b49a92873e621be49630a4dd8966a6ec776117485
Instruction ID: 51837fd50887d506ea55c49da3adfc638e16eab905975fa9d53e6f8300f91231
Opcode Fuzzy Hash: 31a343e7a3ae8f0a871f9d3b49a92873e621be49630a4dd8966a6ec776117485
Instruction Fuzzy Hash: BE417B71E016188BEB58DF6BCD457DAFAF3AFC9310F04C1AAD50CA6254DB740A868F50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6A3FB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ede502b9979e262262058b935ff1d4176ebd38aa2d668345fb1b35b01178872a
Instruction ID: 3ca5fe0308049340b5e32a330f3cec52d37e863ba4eeee59208e1d96078e4947
Opcode Fuzzy Hash: ede502b9979e262262058b935ff1d4176ebd38aa2d668345fb1b35b01178872a
Instruction Fuzzy Hash: 384157B1D016588BEB58DF6BC9457DAFBF3AFC8300F14C1AAC50CA6254DB740A868F51

Uniqueness

Uniqueness Score: -1.00%

Function 06A608E0 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57196366acae10dab8ef7d5d1772b1a4f2d81d1113665187771a90d15ac57a65
Instruction ID: 99d42c1529d5973a223e304df0b5ad33a1e6c056cb53f775761afa5e9ebb36b4
Opcode Fuzzy Hash: 57196366acae10dab8ef7d5d1772b1a4f2d81d1113665187771a90d15ac57a65
Instruction Fuzzy Hash: 0341F270E01248CFEB18EFAAD9546EEBBF2AF89300F24C129D415BB259DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6C387 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 367be35af9526b3f7f9f5ecfa9c6caa06cfe8200385d7ac2a5763b868e8312aa
Instruction ID: c9d9e64d578ec0f1a7b59371fa66d0f22d62a75276bf5b0df7c5d9710017302d
Opcode Fuzzy Hash: 367be35af9526b3f7f9f5ecfa9c6caa06cfe8200385d7ac2a5763b868e8312aa
Instruction Fuzzy Hash: 86416AB1D016188BEB58DF6BD9457DAFAF3AFC8300F14C1AAD50CA6254DB740A868F50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6BD37 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb1f91a6025cbf533f9a8831af72fdff758f47c1e043a581b3c30aa3940b59c3
Instruction ID: 5cb410a685bbc284052de769f9202dd24bbc1388d78804765d3d0ec06d21fe75
Opcode Fuzzy Hash: fb1f91a6025cbf533f9a8831af72fdff758f47c1e043a581b3c30aa3940b59c3
Instruction Fuzzy Hash: 18416AB1D016188BEB58DF6BD9457D9FAF3AFC8300F14C1AAC50CA6264DB740A868F50

Uniqueness

Uniqueness Score: -1.00%

Function 05A07F8C Relevance: 1.6, APIs: 1, Instructions: 62
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 05A080CE

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 99ed1b89a01f0ce5e9a39063dd4d604505ffa9e99432589bbdf924d9cbd88cb6
Instruction ID: 337d708d37b9544569248a1d0cf671d0d8c572a0999c2b82d9c9cd16b23d4b4a
Opcode Fuzzy Hash: 99ed1b89a01f0ce5e9a39063dd4d604505ffa9e99432589bbdf924d9cbd88cb6
Instruction Fuzzy Hash: 0C11AC70E1021A8FDB04CFA8E480EAEBBF6FF88305F149164E808A7281D774AD41CB64

Uniqueness

Uniqueness Score: -1.00%

Function 02D19637 Relevance: 1.4, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

T, xrefs: 02D19646

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID: T
API String ID: 0-3187964512
Opcode ID: 35b4707e9c8fccb91fea6fa4a81cb6a99d63fbd31d8ad5b35d93c0ad61719c4a
Instruction ID: 3222c52bac27ab9a63d79ff8dde0416665398c4af991627178162ccf37a758e8
Opcode Fuzzy Hash: 35b4707e9c8fccb91fea6fa4a81cb6a99d63fbd31d8ad5b35d93c0ad61719c4a
Instruction Fuzzy Hash: 4B51E574A04246AFDB15DB78A8707FE7BE5EF85310F1888A6E401CB792DB25CC46C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 02D17850 Relevance: .7, Instructions: 702
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd0e768501e55ae2c6cb0e3b755d4957f6fc610f0243501f07ea8d4aec520517
Instruction ID: 58ec76083e6629f06ef1dc9f96d0c1fd50206637b3f8a204ef8690382e66777e
Opcode Fuzzy Hash: cd0e768501e55ae2c6cb0e3b755d4957f6fc610f0243501f07ea8d4aec520517
Instruction Fuzzy Hash: 4F522134A00269CFFB14DBA4C860BAEBB72FF95300F1081A9D20AAB795DB355D85DF51

Uniqueness

Uniqueness Score: -1.00%

Function 02D16EB8 Relevance: .5, Instructions: 476
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f2fdb272e4c15ec6d667eb671bdd343e098d43a77ee64934d4ac91953ac6fc6
Instruction ID: c24eafa35d98c19feca4d6cf0fca50505f2f82bb17a93d7ca49ef5b77e26957e
Opcode Fuzzy Hash: 7f2fdb272e4c15ec6d667eb671bdd343e098d43a77ee64934d4ac91953ac6fc6
Instruction Fuzzy Hash: E1125C30A00249EFDB15CFA9E884A9EBBF2FF49314F248599E8559B761D730ED41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02D10C8F Relevance: .4, Instructions: 420
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36b82d53c2baa4e41849709fb3721dc245a369325e954ca963c45956f44d90f9
Instruction ID: f11b95d217f127080cc8ae7d000cfbcc8556d554a583d98511a80e30aa352ee7
Opcode Fuzzy Hash: 36b82d53c2baa4e41849709fb3721dc245a369325e954ca963c45956f44d90f9
Instruction Fuzzy Hash: FA320C34A0122ACFDB54EF65F894A9DBBB2FF48301F1086A9D50AA7358DB306D95CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02D1A878 Relevance: .4, Instructions: 413
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc906ff741afa877a7681f5d6dccedc37435ec14fdf0a6f2daeaa32377e061ca
Instruction ID: 567ec6adf5eefc8d7e2ca8c3f12178166a85c260068e064fd5ca1bee126e39c4
Opcode Fuzzy Hash: cc906ff741afa877a7681f5d6dccedc37435ec14fdf0a6f2daeaa32377e061ca
Instruction Fuzzy Hash: 47F13C75B412149FCB14CF69E584AADBBF2FF88314B168069E419EB362CB35EC81CB50

Uniqueness

Uniqueness Score: -1.00%

Function 02D10CA0 Relevance: .4, Instructions: 410
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b97d7e732810f131e574444b71d075683a33775acf8c215575df378a6dc4a7e
Instruction ID: 6cb9a06736351bf1466be845b95d9bf740bc1b2c8d25eb348034055c5491e425
Opcode Fuzzy Hash: 5b97d7e732810f131e574444b71d075683a33775acf8c215575df378a6dc4a7e
Instruction Fuzzy Hash: 5D22EC34A0122ACFDB54EF65F894A9DBBB2FF48301F1086A9D50AA7358DB306D95CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02D18849 Relevance: .3, Instructions: 333
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb1266d5ac4080867e923f1d00c0731547e4703f9cf4494bc25b0e3b06f265ca
Instruction ID: f2e6739820a8ef0742e542b0b754b98c1ceb66d279663df17ca6502a61381c9d
Opcode Fuzzy Hash: eb1266d5ac4080867e923f1d00c0731547e4703f9cf4494bc25b0e3b06f265ca
Instruction Fuzzy Hash: 65B1D274705241AFFB29DF29E958B3937A6EF85744F2900A6E142CFBA1EB24CC41E741

Uniqueness

Uniqueness Score: -1.00%

Function 02D15700 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7586854cc4c25dcacb9c6343b92dfc348012de6d3dab9ab7f0b2decdedd3c57
Instruction ID: 27d25a49e1450946db62ac16fc07352aa78da6ecc49d34929fc5fc7fe12378c6
Opcode Fuzzy Hash: c7586854cc4c25dcacb9c6343b92dfc348012de6d3dab9ab7f0b2decdedd3c57
Instruction Fuzzy Hash: B591ED707442549FDB259F29E858B7E7BA2FFC8204F548829E4468B781CF38DC46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06A623E0 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d064347e45bfbb6d38a24a9a055ccb139fad36cacd54dc421bb03172e01703f
Instruction ID: aafcbad0fd76fbfeda8040250d8fa6fbbc0aad6b9d0624a23acabb2b5232f852
Opcode Fuzzy Hash: 0d064347e45bfbb6d38a24a9a055ccb139fad36cacd54dc421bb03172e01703f
Instruction Fuzzy Hash: 2181D030B111068FDB58FF7AD854A6E77F6AF88610B1581A9F506DB3A5DB30DD02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02D15C60 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b925183be08d2e96577b90db58d81f126f4fe8ed5c021de7a92c5859c37af3
Instruction ID: 6c742b43dc0954439169feca103965159778caa949c17effc28fd5cf0b66c949
Opcode Fuzzy Hash: f1b925183be08d2e96577b90db58d81f126f4fe8ed5c021de7a92c5859c37af3
Instruction Fuzzy Hash: AA816F34A00105EFCB14CF69F888A6ABBF2FFC9204B958169D416DBB65D735EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06A69510 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a83c096426865cf7202719807956b0ca15a66ee8370848407aad879086f0e9ae
Instruction ID: 285d15afbca8f874ae52acdd64f640cb80bca5b4350da9ce019d221c874b443b
Opcode Fuzzy Hash: a83c096426865cf7202719807956b0ca15a66ee8370848407aad879086f0e9ae
Instruction Fuzzy Hash: 71718231F103199BDB59EFA9C8506EFBBB2AFC9600F548429E406AB380DF349D46C791

Uniqueness

Uniqueness Score: -1.00%

Function 02D17498 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98616df401fc2507bfa7df373563fc5905197d4838e88f02c29d2ecd2bf2e5df
Instruction ID: ea0327dd21a1781c00bfd487de89ea05a8357fb984ca8057e841e31cf8308f0c
Opcode Fuzzy Hash: 98616df401fc2507bfa7df373563fc5905197d4838e88f02c29d2ecd2bf2e5df
Instruction Fuzzy Hash: 5E7149347402459FEB54DF29D898AADBBE6BF89304F1944A9E806CB7B1DB70DC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02D1E087 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bba57851f6f3b5f54d66e80cf6a3cb1e9c72f3af841d3baabb22bdf49d24843
Instruction ID: c6e1ad04cd85afa6b5d4d69c9cb8b9f3130d08275234f7b2153931329d7df142
Opcode Fuzzy Hash: 1bba57851f6f3b5f54d66e80cf6a3cb1e9c72f3af841d3baabb22bdf49d24843
Instruction Fuzzy Hash: 7A611674D01268DFDB15DFA5E864AEEBBB2FF49300F208129D805AB355DB35598ACF40

Uniqueness

Uniqueness Score: -1.00%

Function 02D1D3C2 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9eb36ee08f3bdc80af20d830a4fec46ebf79f63f4d0fb7ecc0104273475f9b8
Instruction ID: cf27446daca8c7e296a4eefa3142b6d9b40c0001f909d5e0184464952baa57d4
Opcode Fuzzy Hash: a9eb36ee08f3bdc80af20d830a4fec46ebf79f63f4d0fb7ecc0104273475f9b8
Instruction Fuzzy Hash: B351BD748F63468FD3252B22B9AC16E7BA4FB1F7233966D01E21F95409DB7840E8CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02D1D3D0 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc9e9df909d7b140ce6f04c6ff066afd5131b45a31c07404070140ded5e06d38
Instruction ID: 306a70f7d60f735b61712b5b194d96b5f45cd4aff429b16de00583bdc7b631cc
Opcode Fuzzy Hash: dc9e9df909d7b140ce6f04c6ff066afd5131b45a31c07404070140ded5e06d38
Instruction Fuzzy Hash: 7651AB748F23468FD3243B22B9AC16E7BA5FB0F7237966D01A21F91408CB7840E8CB50

Uniqueness

Uniqueness Score: -1.00%

Function 02D193F0 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dc9b890190e81baff7cf32390828bacd0416e503c055d37309abf8a34cd390e
Instruction ID: ee522e7acb98e2013c663b93c10eb9eb405a0cc2ecf559dd43dc787739f97193
Opcode Fuzzy Hash: 0dc9b890190e81baff7cf32390828bacd0416e503c055d37309abf8a34cd390e
Instruction Fuzzy Hash: 8551CF30700205AFDB10DF6DD8A4BAABBE6EF88350F048466E909CB395DB71CC41CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 02D1D718 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bab6852c102b2c1d7c0b97afc86158fb4fc164619edc53fda6ac6dc707f56885
Instruction ID: 5fb8eae4f20d18400ff712f2d774615877a6512937fa93d38917c6bdacd8fd64
Opcode Fuzzy Hash: bab6852c102b2c1d7c0b97afc86158fb4fc164619edc53fda6ac6dc707f56885
Instruction Fuzzy Hash: F7510574E012589FDB04EFA9E490AADBBF2FF89300F149129D405AB358DB349946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02D192B3 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dcaf1dd90a4dc70eae7dd01fb761e8d8e77cb64a35557b2b158d68b0c84d7e7
Instruction ID: 8467d345c46c35584b8d17655be694280cffb010c5a6753008673d81d491282c
Opcode Fuzzy Hash: 8dcaf1dd90a4dc70eae7dd01fb761e8d8e77cb64a35557b2b158d68b0c84d7e7
Instruction Fuzzy Hash: 2E51E330A04205DFCB21CF68E8A09EEBBF5EF45310B5584A6E885D7761D731ED16CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 02D1CD70 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bf11fde128342be76659b08bcb3d3513b5c14b3690fdf78595a0b856a5d4dd0
Instruction ID: c91b44f19428c14f292f2b111ed984fbff113ba82234cd14d680d0558d47af0c
Opcode Fuzzy Hash: 7bf11fde128342be76659b08bcb3d3513b5c14b3690fdf78595a0b856a5d4dd0
Instruction Fuzzy Hash: AE51A374E01218DFDB54DFAAD48499DBBF2BF89300F20816AE809AB365DB31A905CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02D13960 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8b6599873cb1fa111ac6c36544ee47fa132063c9ebc3bc6eb0192d22a71e19c
Instruction ID: 7fde3e25c50e72b28430b54d0a2d95a4ff7a2705e91ddac68c7ba97931f9ea9c
Opcode Fuzzy Hash: e8b6599873cb1fa111ac6c36544ee47fa132063c9ebc3bc6eb0192d22a71e19c
Instruction Fuzzy Hash: A951B774E01218DFCB48DFA9E58099DBBF2FF89311B209569E905AB364DB31AD42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02D1A6B0 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3252d0687d83c87340a0d2d01c14dc80c326bb44b99ab3f7883bc7358359a1e
Instruction ID: 680df9bb98d73e4937c79c5176d4b2ec6ed9446d24061fab14c24975fdaf9e2b
Opcode Fuzzy Hash: f3252d0687d83c87340a0d2d01c14dc80c326bb44b99ab3f7883bc7358359a1e
Instruction Fuzzy Hash: 0041F235B402049FDB199B7AE864AAE7BF6BFCD210F548469E506D7790DF309C06C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 02D19AC3 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f923f7aeb9f4be3c88c4377c806ee8278d07baaa3e0df49df6aa5322a15e33e
Instruction ID: 279a5f00aeee559dbd683cc09040020a76c0132f056acc4833f32a4fa7a5dc76
Opcode Fuzzy Hash: 8f923f7aeb9f4be3c88c4377c806ee8278d07baaa3e0df49df6aa5322a15e33e
Instruction Fuzzy Hash: 6E518B71A04249EFCF11CFA5E8A4BDDBBB2EF89314F008155E8559B7A1D334E954CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06A69A49 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83c6876ab67b6396aeaa7aaeca6246c033e6491d48788e4361494be0f688ac54
Instruction ID: 50271025bd25895c934ec0d48387702b27f489d89fafab7e2792db1ee0a40677
Opcode Fuzzy Hash: 83c6876ab67b6396aeaa7aaeca6246c033e6491d48788e4361494be0f688ac54
Instruction Fuzzy Hash: 3341F1B4E022098FDB54EFA9D9846EEBBF2BF49300F104529E415BB394D7745A4ACF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A69500 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d997607dd6fec965d87d7c882d1f101d07fda252b6bb83af001a0b488ccad8f
Instruction ID: 01d1f4cc8c41cae80472fc29cc3e789ba5501d1799ae397d8cdc1acd57e5973a
Opcode Fuzzy Hash: 4d997607dd6fec965d87d7c882d1f101d07fda252b6bb83af001a0b488ccad8f
Instruction Fuzzy Hash: EF413135E0031A9BDF54DFA6C980ADEB7F5BF88710F148129F415BB244EB70A946CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02D13480 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a84c4c4b17bdd1dc1459b2686d5243e0aed5a2d3503a65210d2b21a14a9f1f4a
Instruction ID: 61fd8b98434304b385d12c2757604d7dff63d64a06e3080afd70b9411d745958
Opcode Fuzzy Hash: a84c4c4b17bdd1dc1459b2686d5243e0aed5a2d3503a65210d2b21a14a9f1f4a
Instruction Fuzzy Hash: 6D31E431B04325ABEFA9557AB8A537E76EAABC4250F18407DD907C3784DB78CC44C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 06A69A58 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b6698a53801ad7826639d1dc2d404b775739405ef5ee660d3711cbed3fbf043
Instruction ID: 9100c91c944e031439c4d4cb551feeea24799db8937ec18b39a7e6aa2b7e5586
Opcode Fuzzy Hash: 8b6698a53801ad7826639d1dc2d404b775739405ef5ee660d3711cbed3fbf043
Instruction Fuzzy Hash: 6641D0B4E012098FDB54EFAAD5946EEBBF2BF48300F108529E415A7394DB345A46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6F273 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a92459fe223a56d13c6c66aa0faaca8665704bd7a20c2c573043f761a10e7910
Instruction ID: 0f97696586defe49a472bc6a48c57bd3350755165ed94aa631a1cf5fd5e1309a
Opcode Fuzzy Hash: a92459fe223a56d13c6c66aa0faaca8665704bd7a20c2c573043f761a10e7910
Instruction Fuzzy Hash: E331CF316046128FCB51CF09D8C09AAF7B3FF85310B1A8699E4668F296D334F985CB95

Uniqueness

Uniqueness Score: -1.00%

Function 02D14E20 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd7ff3d9427dc9c8dab423badd6366c8a89a56e7119691cb641c1b1d6f84b05c
Instruction ID: 72e67ed3d1708a3564a939e3c7e3a15677128e14cac775408ea104bd6832e3b8
Opcode Fuzzy Hash: fd7ff3d9427dc9c8dab423badd6366c8a89a56e7119691cb641c1b1d6f84b05c
Instruction Fuzzy Hash: 23318D7164411AAFCB159F65E854ABF3BA6FB88310F108428FD068B394CB34CC65DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02D1A869 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b07d8b760c348dfe504aeae70cc41e2cf9cea5cc0d3a1595c4e36025f73d852
Instruction ID: cb2a738a0c6c40375d6622eb2f0ae5d29c37b0557c3cd9a5bc2ae386a3e4587e
Opcode Fuzzy Hash: 0b07d8b760c348dfe504aeae70cc41e2cf9cea5cc0d3a1595c4e36025f73d852
Instruction Fuzzy Hash: 2D31C170A405059FCB04CF6DD8849AEBBF2BF88320B168159E515D73A9CB34DC82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 02D17730 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bfd9b940bd0d4fd3c20b0f60cb06c0abc593c804c339cf3588ab5c00e569b0e
Instruction ID: 714ab2d9bc9db382b0605683f04f652a79946448305d68a1b64f0c4feb9133d8
Opcode Fuzzy Hash: 1bfd9b940bd0d4fd3c20b0f60cb06c0abc593c804c339cf3588ab5c00e569b0e
Instruction Fuzzy Hash: 7F210A307442416FFB251B39A894B7DB797AFC9618B184479D902CBBB5EF25CC42D381

Uniqueness

Uniqueness Score: -1.00%

Function 06A6F2A0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90a021661c59c443ba305fa6f7f6f909a64ecadba3e21ef9aad32608b4db13c1
Instruction ID: 6fc587754901039a0636b0cbc2dcf1e1dc29784e919d97ad15d1548567a78370
Opcode Fuzzy Hash: 90a021661c59c443ba305fa6f7f6f909a64ecadba3e21ef9aad32608b4db13c1
Instruction Fuzzy Hash: 3631AB346046168FCB10DF0AD8C09AAF7B7FF85310B1AC6A9E4668B295D334F985CB95

Uniqueness

Uniqueness Score: -1.00%

Function 02D17740 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 996e0ddb88b3e50e298fe9e7aa34f14c1c67479723138ed6f0349a19ef555d26
Instruction ID: a6fb25aed3f24a92e30b970fc3fc9b56dba9db50380f2bcec746da50e5551075
Opcode Fuzzy Hash: 996e0ddb88b3e50e298fe9e7aa34f14c1c67479723138ed6f0349a19ef555d26
Instruction Fuzzy Hash: 1921CC347441116BFB251A39A894B7EB697AFC8618F244439D902CBBA4EF65CC82D7C1

Uniqueness

Uniqueness Score: -1.00%

Function 02D120B8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4ffb1a1992519459c2dd8162e86b2d1b2cccb1b7080093aba8bd00eef8f5ce1
Instruction ID: fee4bd53013ad27bd8ecc605435e2841695124ee16ccb1924a8a656be4b087d3
Opcode Fuzzy Hash: e4ffb1a1992519459c2dd8162e86b2d1b2cccb1b7080093aba8bd00eef8f5ce1
Instruction Fuzzy Hash: 92210331A01166AFCF14DF24D880ABF73A5EB98360B10C119ED099B354DB31EE45CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02D15AC8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b516af2329908998e7b37adb8f5401bbf700e8a95663937cf9e9904c3cc8c4e5
Instruction ID: 1ce7cbbdaf95141809bc88646f73703f7895fc318565c4f1f0b7a6fed4abeda9
Opcode Fuzzy Hash: b516af2329908998e7b37adb8f5401bbf700e8a95663937cf9e9904c3cc8c4e5
Instruction Fuzzy Hash: A521DE747416229BC7299E2AF498A2BB392BBC8660B454179E807CB740CF34DC02C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 0128D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4587640017.000000000128D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0128D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_128d000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f81d754ed9a40064183d6eb157650054a742e2ebe20d1788f617e55dfecbfd2
Instruction ID: e2850f7751fef8d575bf8bebcb0c3da9f07fa560020021664e54ae97fc8c0be1
Opcode Fuzzy Hash: 5f81d754ed9a40064183d6eb157650054a742e2ebe20d1788f617e55dfecbfd2
Instruction Fuzzy Hash: 1E213471614208EFDB11EF64D9C0B26BB61FB84314F20C56DE9494B2C2C77BD84BCA62

Uniqueness

Uniqueness Score: -1.00%

Function 06A6DCE8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 414997108d0854590796ac753d7e70fcc9a4b248b3799b84d6453f68cc642013
Instruction ID: b4052d803ea3cb600ad96b84b690b4b32af229dcc78c7315d7db654fda4e9591
Opcode Fuzzy Hash: 414997108d0854590796ac753d7e70fcc9a4b248b3799b84d6453f68cc642013
Instruction Fuzzy Hash: 03118F3055724ECFE3607F71E46C6BEBAB6EB8B312F002C95A20663294CF740A00CB95

Uniqueness

Uniqueness Score: -1.00%

Function 06A696F0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71946d263c4c7951117f56c1a28d3c37a53ca7c0f573dc3534b9df15bdddd6b2
Instruction ID: 77f59c72ed0cae8270ac63c3dc762f1db246b3de597d9db4f4a32be1c1807838
Opcode Fuzzy Hash: 71946d263c4c7951117f56c1a28d3c37a53ca7c0f573dc3534b9df15bdddd6b2
Instruction Fuzzy Hash: 1C1127367143545FDF4AAFB88C242AE3BA7EFC5210B40442AE606C73C1CE354D0687A2

Uniqueness

Uniqueness Score: -1.00%

Function 06A6DDD7 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff402caca196376e1b6a9a5d24ae6bf88708f68663c5309a8f0c9f10ffe4b333
Instruction ID: 66932ed1ace6a7b7d324ef3345fa206c060244165115dba3373aa055933d5695
Opcode Fuzzy Hash: ff402caca196376e1b6a9a5d24ae6bf88708f68663c5309a8f0c9f10ffe4b333
Instruction Fuzzy Hash: 1D1106307492449FE705267B58245BBFFBB6FD7240B4588B7F206C3286C9284C4582B1

Uniqueness

Uniqueness Score: -1.00%

Function 02D18F21 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3240b7536f0e0c6c37dea013099123c6e82f879b9c37df9c27b435e1712ac3c
Instruction ID: 86c2a55c6b128a097a28f70eb137839243c60360502f16cedbec8e85a5df87c0
Opcode Fuzzy Hash: a3240b7536f0e0c6c37dea013099123c6e82f879b9c37df9c27b435e1712ac3c
Instruction Fuzzy Hash: DF216B30E01259EFDB14CFA6E450AEEBFB2AF48305F248159F412E6390DB319945DB60

Uniqueness

Uniqueness Score: -1.00%

Function 02D1DBD8 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa6056d67a5eac21ef63557d114691e0410dfc9ab83f8229c78a27c23b81b924
Instruction ID: 11c7e5cdbc0c618aafe11669f2283d38468c51d25042b214d12e20f06685c5ed
Opcode Fuzzy Hash: aa6056d67a5eac21ef63557d114691e0410dfc9ab83f8229c78a27c23b81b924
Instruction Fuzzy Hash: 05215B70D0624ADFEB44EFB9E45079EBFB2FB49300F1086AAC1149B359E7705A06CB81

Uniqueness

Uniqueness Score: -1.00%

Function 02D11FB8 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a92ddcdd1021c24b13139fc628886ce67dfc9dd38c20f2bbf010aac27cd3240
Instruction ID: add1efe2171166a63bbd1c40f1e1d72b3ce120eb79ae9aa99f2f5736173cd57c
Opcode Fuzzy Hash: 3a92ddcdd1021c24b13139fc628886ce67dfc9dd38c20f2bbf010aac27cd3240
Instruction Fuzzy Hash: 2521F474C452099FCB01EFA9D8555EEBFF0FF09300F10566AD946B3210EB305A96CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06A62670 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3005f533ef4a0f867694e720f722942cc917175d3a6915bea8d4d365e3d4289
Instruction ID: d883c7f9ed74fee83180bb11039788be25e5494326bde5a425e61c5492c635ab
Opcode Fuzzy Hash: f3005f533ef4a0f867694e720f722942cc917175d3a6915bea8d4d365e3d4289
Instruction Fuzzy Hash: 8B11A1B5B012118FC750EB7DE408AAA7BF5EF88610B110565E81ADB312D731CD058BE0

Uniqueness

Uniqueness Score: -1.00%

Function 06A6DCD8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8dc0935f4e748771dad3e1740d6cba316a565c6487610d3b176541e1182909f
Instruction ID: 4eb78c9964f17d2edf0dc91b87bc4d2c48446297db4c35fab5cd4129a9485ab1
Opcode Fuzzy Hash: a8dc0935f4e748771dad3e1740d6cba316a565c6487610d3b176541e1182909f
Instruction Fuzzy Hash: E9118730917289DFE760BB70E42C7AEBFB1EB8B302F005896E50693295CB340A40CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06A69999 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8348acae275b00890196d33462107975db5aaae2b5aa263f43f3d2bb2b3425ee
Instruction ID: 36eff354b94b4e6126517f687d07f616e918993ad0b7786d2124ba22fa639b70
Opcode Fuzzy Hash: 8348acae275b00890196d33462107975db5aaae2b5aa263f43f3d2bb2b3425ee
Instruction Fuzzy Hash: BD1123B680064ADFDB10CF9AD945BDEBBF4EF48320F14841AE618A7210C339A554CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06A691D8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fc3566f9d6120719e9d38a7de4798260909cf2f47e7fb4f24ff81565e7d5afa
Instruction ID: 12f6de76701f0010ee81f24b9383623248a22411d7ff164dc263fad91aa115d7
Opcode Fuzzy Hash: 0fc3566f9d6120719e9d38a7de4798260909cf2f47e7fb4f24ff81565e7d5afa
Instruction Fuzzy Hash: C91126B6800349DFDB10DF9AC945BDEBBF4EB48324F148419E614A7210C339A554CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02D1DBE8 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53bb5da5ab102a3477aaa5fc9a390457c30717b5f2fbacc56d5004c5f9554fcd
Instruction ID: dde51557650e67d71e556746d02be33aa1ef5d5cd2a9af33fe9d3a8b75c0810c
Opcode Fuzzy Hash: 53bb5da5ab102a3477aaa5fc9a390457c30717b5f2fbacc56d5004c5f9554fcd
Instruction Fuzzy Hash: 44113D70D0120ADFEB44EFB9E44079EBBF2FB89304F1086A9C1149B358EB705A06CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06A68EC1 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cfb69a8717c077478b42eb068e07bbf8c30248309d848b94403b68651adc0ca
Instruction ID: 67643474aaf959b495bfc24da21c221ecdd91ceb966e75b88a1568c12eafa0dd
Opcode Fuzzy Hash: 7cfb69a8717c077478b42eb068e07bbf8c30248309d848b94403b68651adc0ca
Instruction Fuzzy Hash: 11110074F401498FEB10DBE9D850BAEBBB6EF59311F418065F908A7349E63499428B61

Uniqueness

Uniqueness Score: -1.00%

Function 0128D03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4587640017.000000000128D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0128D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_128d000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
Instruction ID: baeb7f2adc05ad8e2d2d417a5d83faaa95d3a85d696f72840d44c0e0b0f75b57
Opcode Fuzzy Hash: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
Instruction Fuzzy Hash: D711BB75504288DFCB12DF54C9C4B15BFA2FB84314F24C6A9D9494B692C33AD44ACF62

Uniqueness

Uniqueness Score: -1.00%

Function 02D1565F Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2188787482d4654ceb1eb8122603fb58d8b7dd9613450efe262d9168b0be2d2
Instruction ID: a11298487a7b6aca22d2b9f0551863cf3ee8dfc8edfebf3c471bbdfdbdd81c77
Opcode Fuzzy Hash: f2188787482d4654ceb1eb8122603fb58d8b7dd9613450efe262d9168b0be2d2
Instruction Fuzzy Hash: 7401F571B041556FCB029E65A8106FF3FA7DFC9651B18807AF505C7390DA75CC16DB90

Uniqueness

Uniqueness Score: -1.00%

Function 06A625E8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f61fd30f984677315b35c86fa9451444169d650d872ffd3e4ad7292276065171
Instruction ID: 21725151ab3d3f17f0254cc1f65c4606312f2e03a4dac3419110fb0850fc2610
Opcode Fuzzy Hash: f61fd30f984677315b35c86fa9451444169d650d872ffd3e4ad7292276065171
Instruction Fuzzy Hash: F001F670E0121A9FDF44EFBAD8506AEBBF5BF88200F10856AE419E7250E7345A028B90

Uniqueness

Uniqueness Score: -1.00%

Function 06A69760 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31404ee9ccf2fcf5a532dcf6f34bc16025cb69832c95efb48570b751fe759fdd
Instruction ID: a407384d0fb4a61538be18b048ba8a14ffed33854eec2d7db1578759ae086c38
Opcode Fuzzy Hash: 31404ee9ccf2fcf5a532dcf6f34bc16025cb69832c95efb48570b751fe759fdd
Instruction Fuzzy Hash: 39F082363002196F8F069E99AC509EF7BBBEFC8260B404429FA09C7350DE728C1597B5

Uniqueness

Uniqueness Score: -1.00%

Function 02D12068 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fef1260099f46ab32d05a84883938976327caaf5cd7b00b2d486379f4c92b8a
Instruction ID: c0ee87e4d6da4fc900658199d0c2e5e3d7d2e9ecf98be8103c1e249126a623ec
Opcode Fuzzy Hash: 2fef1260099f46ab32d05a84883938976327caaf5cd7b00b2d486379f4c92b8a
Instruction Fuzzy Hash: FAE06836C2537A5BCB01A7B0AC154EFBF38ADD221075042B3D5927B640F6B21D49C7B0

Uniqueness

Uniqueness Score: -1.00%

Function 02D1FE70 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4210db415e6eded7a920224fdd36909bdffc3a2753dc658e7f845dcb99fc0a11
Instruction ID: 1c906240e6ae0dfa33f4f5e9987ad20950b1c596f6ac548f2768dcb970735215
Opcode Fuzzy Hash: 4210db415e6eded7a920224fdd36909bdffc3a2753dc658e7f845dcb99fc0a11
Instruction Fuzzy Hash: 55E022756013408FC3026F38E4182893B72EB46244B02015EE04AFB754CA3489068392

Uniqueness

Uniqueness Score: -1.00%

Function 02D1FE80 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f249236a6310fbad664c2f3b23494ae54575ee52a40e6a21ceae31a9b7774d20
Instruction ID: 583fe639378b977a8cbadb4ff01fe684f9835e53f81f4d387c5e4fd4f8c3a49c
Opcode Fuzzy Hash: f249236a6310fbad664c2f3b23494ae54575ee52a40e6a21ceae31a9b7774d20
Instruction Fuzzy Hash: 5DE0C231610618CFD7007B7CE41815E37A9EB86215F41422AE106A7348DF34A84587D6

Uniqueness

Uniqueness Score: -1.00%

Function 02D12078 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 160b022499a88a9218fda64182a9cf0e5da618f8a872763eb3b78a0cb9655c2c
Instruction ID: 76d11c61ae604af78a2df147a7dd9ff603c47e304809cef8dd32cb21c2aae4f9
Opcode Fuzzy Hash: 160b022499a88a9218fda64182a9cf0e5da618f8a872763eb3b78a0cb9655c2c
Instruction Fuzzy Hash: 16D05B31D2126B57CB00E7A5DC044EFF738EED5661B544626D51437140FB702659C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 02D182B8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: c2ed028fe9d8bc00f56f620d60a4fe4f85b5c1a85c8f5e2aa7c08f68d446bd66
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 08C08C7320D5283AB239908E7C40EE3BB8CC3C13B4B250237F99CE3B01A8429C80A1F4

Uniqueness

Uniqueness Score: -1.00%

Function 02D15F00 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed5fc396b270b68ab4d482493426c47f0f2a1e0a3bdb5909d706d41b5c7ede8
Instruction ID: 45573c6ba0a37e9b072ff8606b6171e6c8cea7080d65260c87b58e620623e60d
Opcode Fuzzy Hash: eed5fc396b270b68ab4d482493426c47f0f2a1e0a3bdb5909d706d41b5c7ede8
Instruction Fuzzy Hash: 31D02BB04183C78BD701F776F9515953F35A7C1308BC052B5A90009216F9744D1583E1

Uniqueness

Uniqueness Score: -1.00%

Function 02D1A76D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c09087e8ca2fd6f805a3e4d1fa7b6805558aecc5fc6485dabfefbb42cd49a7f
Instruction ID: bc876fb7bf77506614f70747d25582284a9e950ab508229f489551b39e3b0833
Opcode Fuzzy Hash: 6c09087e8ca2fd6f805a3e4d1fa7b6805558aecc5fc6485dabfefbb42cd49a7f
Instruction Fuzzy Hash: D9D0177BB400089FDB00CF89E8409DDB7B6FB8C221B408026E911A3220C6319821CB60

Uniqueness

Uniqueness Score: -1.00%

Function 02D15F10 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d030eb939f5e50514d86fd6eee28e51e94172cbe2e7032bd75f23b1c14f81cbc
Instruction ID: 87ee52127516dd2e5c197c4dff7b513dda6d026a6d2fbded279babc637623da3
Opcode Fuzzy Hash: d030eb939f5e50514d86fd6eee28e51e94172cbe2e7032bd75f23b1c14f81cbc
Instruction Fuzzy Hash: A1C0127055434B87D501FB76F955A963B7AB7C0200F806634A50909119EE74185446D1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 06A62818 Relevance: 1.8, Strings: 1, Instructions: 513COMMON

Download Yara Rule

Strings

", xrefs: 06A63087

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1962d6f202257f4bee100bb921544d39d07a3b21079878d2252c38bca4d97399
Instruction ID: 6ed892a39464f07acc0a0cb9c9b379d0c33d76b8c5a3b9dc985aeaab2156c2b9
Opcode Fuzzy Hash: 1962d6f202257f4bee100bb921544d39d07a3b21079878d2252c38bca4d97399
Instruction Fuzzy Hash: 9C42CF74E01218CFEB64DF69D994B9DBBB2BF89300F1080A9D909AB355DB319E85CF14

Uniqueness

Uniqueness Score: -1.00%

Function 06A62807 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

", xrefs: 06A63087

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: ee2ec2f21a0931db5e79bbb97e25f2c1fccb8a3e8f1faa43c9839c963c5ab864
Instruction ID: ed0e90ddd31b0cd2624a2820fbd12089367b839a0406b266f02e9fd4f3029fbb
Opcode Fuzzy Hash: ee2ec2f21a0931db5e79bbb97e25f2c1fccb8a3e8f1faa43c9839c963c5ab864
Instruction Fuzzy Hash: 1C12D1B4E01218CFEB64DF6AD954B9DBBB2BF89300F1081A9D509AB354DB315E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A07200 Relevance: 1.6, Strings: 1, Instructions: 367COMMON

Download Yara Rule

Strings

", xrefs: 05A0771E

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: c328d04f624b334e9ac04c5a7f6ea29989d076c50f8931f43c4fd89154321778
Instruction ID: 99ab5ca89b4f8cf7b7419cce3a680fb1837726521bb04b24b8099f2aade610cb
Opcode Fuzzy Hash: c328d04f624b334e9ac04c5a7f6ea29989d076c50f8931f43c4fd89154321778
Instruction Fuzzy Hash: 80F106B0E102588BEB24CFA9D484BDDBBB2FF84314F24C169D458AB395D774A985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06A64430 Relevance: .7, Instructions: 693COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6d8caf06cc0bc816ff8c93d00b891b92fada011eb01fdf9a51a03225a2b1bf1
Instruction ID: 2a6dc38bdf2f2c4ec844885dbc7d61acd229bbf430e5b8e770d8046c43e8588d
Opcode Fuzzy Hash: c6d8caf06cc0bc816ff8c93d00b891b92fada011eb01fdf9a51a03225a2b1bf1
Instruction Fuzzy Hash: 31827B74E412288FEB64DF69D994BDDBBB2BF89300F1081EA950DAB254DB305E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A63730 Relevance: .7, Instructions: 677COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95bebd8f753427c7c166e616ecc9768bb69611184032ce5d2079860d9e33f660
Instruction ID: 8fb848337f06774eaa831c2b414896f39a3a99947f88852b8386377edf48e4dd
Opcode Fuzzy Hash: 95bebd8f753427c7c166e616ecc9768bb69611184032ce5d2079860d9e33f660
Instruction Fuzzy Hash: 26728D74E012288FEB65DF69D994BDEBBB2BF89300F1081EA944DA7250DB305E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02D1E310 Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d80e31fe5711fa98bf151f381e99d358384396a82e081450cbfe348feb9e7b47
Instruction ID: 1b38d02623a1552eeaf479ada6a2d64cf76e5c7ead823e9c11481e6bc2ef4cd7
Opcode Fuzzy Hash: d80e31fe5711fa98bf151f381e99d358384396a82e081450cbfe348feb9e7b47
Instruction Fuzzy Hash: 46529A74E01268CFDB64DF65D894B9DBBB2BB89301F1085EAD809A7354DB30AE85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02D135C8 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51e98254aa3136e59095efcfc0297d1368be50df435aa4703f1ce9a323bc289a
Instruction ID: 66100feac0bb3b10ac2d7a4bd7e901707cda3dd23b4ed4b895c40396308f45d2
Opcode Fuzzy Hash: 51e98254aa3136e59095efcfc0297d1368be50df435aa4703f1ce9a323bc289a
Instruction Fuzzy Hash: F3918374F002589BEB5CAB79A85467EBBB7AFC8710B0485ADE447E7388CE34DC018795

Uniqueness

Uniqueness Score: -1.00%

Function 05A0D5C0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c06b3fbf2ef2b12240021c74bcc26db61a055ad26ceaec4350024f23dc7e948
Instruction ID: 344dd398490c9ffefb296e4e115c710aeee17f1f39754c1da2bff1d9787a01d5
Opcode Fuzzy Hash: 1c06b3fbf2ef2b12240021c74bcc26db61a055ad26ceaec4350024f23dc7e948
Instruction Fuzzy Hash: 0DC1AF74E01218CFDB14EFA5D994B9DBBB2FF89300F2091A9D409AB395DB355A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A00900 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 967a9db9438fd4da061016ff7424531adaeda70120a2b1e30e1a75aedb80f97d
Instruction ID: d43011002c5ba2223af0b10d77038e4384600d4a9948ba29cb0425462132a5b4
Opcode Fuzzy Hash: 967a9db9438fd4da061016ff7424531adaeda70120a2b1e30e1a75aedb80f97d
Instruction Fuzzy Hash: D0C1B074E01218CFDB24DFA5D994B9DBBB2FF89300F6091A9D809A7395DB346A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0CD10 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b685bc9494a06d354df542ff5a463cf32ea13fde61ea12bd41a91c41d0ace3
Instruction ID: 366768a5e0b44c155712236d8c5f1795994251d5f5afa0de4a5ded9d65ca6bc1
Opcode Fuzzy Hash: a2b685bc9494a06d354df542ff5a463cf32ea13fde61ea12bd41a91c41d0ace3
Instruction Fuzzy Hash: 30C1BF74E01218CFDB14DFA5D994B9DBBB2BF89300F2091A9D809AB395DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A00D60 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b53812dbcf2172f4d6ebf0bf6a91ac77950f5cf66b19880a17d5e9bc23a1d215
Instruction ID: f4d807e2a652cf229a174ac2a79ce526ed4c4e5166b3202688102dd0e3d16f9f
Opcode Fuzzy Hash: b53812dbcf2172f4d6ebf0bf6a91ac77950f5cf66b19880a17d5e9bc23a1d215
Instruction Fuzzy Hash: EBC1C174E01218CFDB14DFA5D994B9DBBB2FF89300F6091A9D809A7394DB345A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0D168 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb0b38230397f79d2b68eab2e5c637d7b1f4396e34fab426f498d412cd60554
Instruction ID: 57ca5f60b4dc16f7db3b1cc44013c0edc479e8df5b2556fc30a26f1598ec64ad
Opcode Fuzzy Hash: 2eb0b38230397f79d2b68eab2e5c637d7b1f4396e34fab426f498d412cd60554
Instruction Fuzzy Hash: 48C1AF74E01218CFDB14DFA5D994B9DBBB2FF89300F2091A9D809AB395DB355A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A004A0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b60ab5526eb841b305c45fce0c16c7ce7dae4c2b9790d38dee2b77a67577af7
Instruction ID: d6b8ce208c7eef7f55a45d421a70cd4f4e4511636326917cf756ad893a63a97e
Opcode Fuzzy Hash: 8b60ab5526eb841b305c45fce0c16c7ce7dae4c2b9790d38dee2b77a67577af7
Instruction Fuzzy Hash: 60C1C074E01218CFDB24DFA5D954BADBBB2FF89300F6091A9D809A7394DB346A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0C8B8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84230ebc2e9a7b2dc31c55ac0ca8e946bcd80a33f42d99c1c8a3670cef1bdee2
Instruction ID: 086d786fc4764147b59f0e81ecab5293514b3dba119a9b78d1634d2d9f28b97e
Opcode Fuzzy Hash: 84230ebc2e9a7b2dc31c55ac0ca8e946bcd80a33f42d99c1c8a3670cef1bdee2
Instruction Fuzzy Hash: 64C1AF74E01218CFDB14EFA5D994B9DBBB2BF89300F2091A9D409AB395DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0F880 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20ccc3fff2de7822c49518d817eeab8e914482a1974e9ee839556f9690bd09f6
Instruction ID: ebc65c558a8245ae56fd2b09e73064e07d95d9e3b14c9c62de56f3eae7cfd4ed
Opcode Fuzzy Hash: 20ccc3fff2de7822c49518d817eeab8e914482a1974e9ee839556f9690bd09f6
Instruction Fuzzy Hash: 62C1B074E01218CFDB24DFA5D994B9DBBB2FF89300F2091A9D809AB395DB345A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0F428 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dc07667d65df1cb840a64052549720081ba9b67d60cd646379f0c7060a4a9fe
Instruction ID: 807165dd2c9ec50bba56deb84127b5f28c3067e83fed99387631c0dfaaa6f8ce
Opcode Fuzzy Hash: 8dc07667d65df1cb840a64052549720081ba9b67d60cd646379f0c7060a4a9fe
Instruction Fuzzy Hash: B4C1AF74E01218CFDB24DFA5D994B9DBBB2FF89300F2091A9D809AB395DB355A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0C008 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3fdbc9bdc4924e02f37403ac2a5cc44e18c6a33b84e4620e071f6777862eaf
Instruction ID: 9df56f7f1f54dc2d280ec50c2c436fd3dd9c0948ba1f2c2134c0e1eaf4fb0471
Opcode Fuzzy Hash: 5d3fdbc9bdc4924e02f37403ac2a5cc44e18c6a33b84e4620e071f6777862eaf
Instruction Fuzzy Hash: 75C1BE74E01218CFDB14EFA5D994BADBBB2BF89300F2091A9D409AB395DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0C460 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e509f50914cb6dd408a9ec5241ac9a5b175d1b545757160f0b1fb57715f267c
Instruction ID: c568e5c6151233832ee3f75e3101bb01dc3ad08f59a87bff9095fda718660c6c
Opcode Fuzzy Hash: 7e509f50914cb6dd408a9ec5241ac9a5b175d1b545757160f0b1fb57715f267c
Instruction Fuzzy Hash: 3BC1BE74E01218CFDB14DFA5D994BADBBB2BF89300F2091A9D809AB395DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A00040 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01b81a45c6059103af936eb80bf155515f22e2e52a71f9374187aec19d4ca8da
Instruction ID: 9793b203a86a0f9353063adbe5b69a860c37dec2bcfd8732867d147bc76e3ca8
Opcode Fuzzy Hash: 01b81a45c6059103af936eb80bf155515f22e2e52a71f9374187aec19d4ca8da
Instruction Fuzzy Hash: 6AC1C174E01218CFDB14DFA5D994B9DBBB2FF89300F6091A9D809AB354DB356A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0BBB0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42acf342eb030d0ab5ca09c0de42981024c96e69dc779432ef9801bdec92a065
Instruction ID: 24be83b74d48b136b8f5e354087d82d0a43ca4d118cdf5a08019102a966c362b
Opcode Fuzzy Hash: 42acf342eb030d0ab5ca09c0de42981024c96e69dc779432ef9801bdec92a065
Instruction Fuzzy Hash: 62C1BF74E01218CFDB14DFA5D994BADBBB2BF89300F2091A9D809AB395DB355A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0EFD0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97f0085c8871519871e233c80989930edb29051e4b230e4bcb37733d032b9b50
Instruction ID: 5ab1393e98f1dbdf07032cd8ca837071f4fa4a2dd6e5aed92d2cb1ec1d1a3cdd
Opcode Fuzzy Hash: 97f0085c8871519871e233c80989930edb29051e4b230e4bcb37733d032b9b50
Instruction Fuzzy Hash: 45C1B074E01218CFDB24EFA5D994B9DBBB2BF89300F2091A9D409AB395DB355A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0E720 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69ccc4bc33bb1b4a3d9a2009a9193d175a329c5197e33339d738faba0ae71bb7
Instruction ID: e499fefcca5ef92e0439e0e7b5540ff486c576a31e6d6b3a62d8e180f4ea1bc2
Opcode Fuzzy Hash: 69ccc4bc33bb1b4a3d9a2009a9193d175a329c5197e33339d738faba0ae71bb7
Instruction Fuzzy Hash: B9C1AE74E01218CFDB14EFA5D994BADBBB2BF89300F2091A9D409AB395DB355A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0B300 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4294b578544bb2f78988c97cfe2ad091e834f3f46447f597469d274941500360
Instruction ID: c849c992234906568a2cf65b6bcbd42aba2d2179a35eb29e83d9437ffafd7e8a
Opcode Fuzzy Hash: 4294b578544bb2f78988c97cfe2ad091e834f3f46447f597469d274941500360
Instruction Fuzzy Hash: 03C1AE74E01218CFDB14DFA5D994BADBBB2BF89300F2091A9D809AB395DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0EB78 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0854d431114d82481f0a8475060323193282651607fb42c243c18c0acf445279
Instruction ID: f4d7ac2286cd645d9e82d87ea5f0baee796c7a15fdbf0948b4202e469df2f17d
Opcode Fuzzy Hash: 0854d431114d82481f0a8475060323193282651607fb42c243c18c0acf445279
Instruction Fuzzy Hash: EFC1AF74E01218CFDB14EFA5D994BADBBB2BF89300F2091A9D409AB395DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0B758 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c075927a37ca58ee4a1d6ae29cd5676b74c666385247e8fffbd6f4b5e57a91f6
Instruction ID: 6cb45bfd27bf88bf014408a9b750670fd5be74623e09deced2a569f9644e5bed
Opcode Fuzzy Hash: c075927a37ca58ee4a1d6ae29cd5676b74c666385247e8fffbd6f4b5e57a91f6
Instruction Fuzzy Hash: A1C1BD74E01218CFDB14EFA5D994BADBBB2BF89300F2091A9D409AB395DB355A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0E2C8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0871cc296b1032331fbae885688e9ec963aa268e8d9496d97a48cd7ea1fb472a
Instruction ID: 5a1cbef93327c11be4a6e40457119eb519fcdaa89c1cfe34d5263ff22c349a66
Opcode Fuzzy Hash: 0871cc296b1032331fbae885688e9ec963aa268e8d9496d97a48cd7ea1fb472a
Instruction Fuzzy Hash: F9C1AF74E01218CFDB14DFA5D994BADBBB2BF89300F2091A9D409AB395DB359E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0DA18 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6a2d90204094e1744ada949fe08dc532cc715bd9b1380344299d70829d519d5
Instruction ID: 507509d15ccccf0de489f7e3833f30547c9bf958e5410a9fa589a38bb337b317
Opcode Fuzzy Hash: e6a2d90204094e1744ada949fe08dc532cc715bd9b1380344299d70829d519d5
Instruction Fuzzy Hash: 6EC1AF74E01218CFDB14EFA5D994BADBBB2BF89300F2091A9D409AB395DB355A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A0DE70 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4909071a05a762161182628a41f62ef827715f711ed28b1bd16b0607a29949b
Instruction ID: 31dfa882c8e54a35a21f2da445c421471e51a9d1c581f65f9891d44d34837ec2
Opcode Fuzzy Hash: f4909071a05a762161182628a41f62ef827715f711ed28b1bd16b0607a29949b
Instruction Fuzzy Hash: 13C1AF74E01218CFDB14DFA5D994BADBBB2BF89300F2091A9D809AB395DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A65EC8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48a988abc3506a14319d5f7bf0661ed38e1d79fae2c3585d94e01c14f12e857b
Instruction ID: b2c9dae59ea43e1e918e47f9003924048cece152695d223e568250e1e8a2ca18
Opcode Fuzzy Hash: 48a988abc3506a14319d5f7bf0661ed38e1d79fae2c3585d94e01c14f12e857b
Instruction Fuzzy Hash: C9C1CF74E01218CFDB54EFA5D994B9DBBB2FF89300F2091A9D809AB395DB345A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A65618 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa1f21338b3d0514d19adb6e3e8f370c017e929a272b061ff16b8d8be3123f08
Instruction ID: 0ba231bd3540103a49ec7c77739e304b25cec3653b6162c9d0b18b680632a7e3
Opcode Fuzzy Hash: aa1f21338b3d0514d19adb6e3e8f370c017e929a272b061ff16b8d8be3123f08
Instruction Fuzzy Hash: 19C1CE74E01218CFDB54EFA5D994B9DBBB2BF89300F2081A9D809AB395DB345E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A65A70 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00664ad8590e1449e7bff0bbcf6c349b0d46d6f52ea8ce3a04e0a00ae5646f13
Instruction ID: 3279ada5b18e299aaa518505c8ae808a89499f5beb73ebdc7824219f677cc00e
Opcode Fuzzy Hash: 00664ad8590e1449e7bff0bbcf6c349b0d46d6f52ea8ce3a04e0a00ae5646f13
Instruction Fuzzy Hash: 37C1CE74E01218CFDB54EFA5D994B9DBBB2BF89300F2081A9D809AB395DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A66BD0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 753318526739a7437429b0e535decdf43e8c12342c53762701785ed583eb6683
Instruction ID: db1e0fb1a8446baa7b2ca4e2743d69ff4e13ededc8e28e5d6bd537c91487edba
Opcode Fuzzy Hash: 753318526739a7437429b0e535decdf43e8c12342c53762701785ed583eb6683
Instruction Fuzzy Hash: BFC1DE74E01218CFDB14EFA5D994B9DBBB2BF89300F2091A9D809AB394DB355A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A66320 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61defa6d3c90560e0ae2dd4e1515859a78af17258072d3ea1436a3eba8c7eedb
Instruction ID: e88591821ecb15721d0e1b549bf7799540952e46f9240a73900fb2938ba0ac4c
Opcode Fuzzy Hash: 61defa6d3c90560e0ae2dd4e1515859a78af17258072d3ea1436a3eba8c7eedb
Instruction Fuzzy Hash: F8C1CF74E01218CFDB54EFA5D994B9DBBB2BF89300F2091A9D809AB395DB345E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A66778 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 345633748c87c3ce1956550a8d28f850b232e3b93d1679fa9961c6e374ed81f1
Instruction ID: 50ee0807626bd3bd4e8a445e82050bdee4acd7345b4f2b38de940ec5e7611d42
Opcode Fuzzy Hash: 345633748c87c3ce1956550a8d28f850b232e3b93d1679fa9961c6e374ed81f1
Instruction Fuzzy Hash: 69C1CF74E01218CFDB54EFA5D994BADBBB2BF89300F2091A9D809AB355DB345E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A674A8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06fd131932918f762c5745a154ba72b5eb2694b8015035c69bca63e249d3a2b3
Instruction ID: a11d4a988db7fc882bb80533bae878299cb02d8e816412e064a1140dc42cd2b2
Opcode Fuzzy Hash: 06fd131932918f762c5745a154ba72b5eb2694b8015035c69bca63e249d3a2b3
Instruction Fuzzy Hash: 3DC1BF74E01218CFDB54EFA5D994B9DBBB2AF89300F2091A9D409AB355DB349E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A60498 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5101cd3994655eb7fab847ff8a7aa757fdc791dd5a125261a658b7e84eec8c51
Instruction ID: 5c42ae21a85d307a27f411baf11ac84b938e5c0f2074ca0adf61766dc565b350
Opcode Fuzzy Hash: 5101cd3994655eb7fab847ff8a7aa757fdc791dd5a125261a658b7e84eec8c51
Instruction Fuzzy Hash: F4C1BE74E01218CFDB54EFA5D994B9DBBB2FF89300F2081A9D809AB395DB345A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A60040 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e787baf8241ef41c630f0a3748a7f2eaeef618be67715aa73b85575b295f445c
Instruction ID: 6cafe66d604e02dbe951534f1930066530be3f5ea08e3a855d7b17bce3305efa
Opcode Fuzzy Hash: e787baf8241ef41c630f0a3748a7f2eaeef618be67715aa73b85575b295f445c
Instruction Fuzzy Hash: 83C1CF74E01218CFDB54EFA5D994B9DBBB2FF89300F2091A9D809AB395DB345A85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A67050 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4478bf7b4e62af439b1a82666a4fa2b61b879a99cf62d9bce467d2ef75e36dd4
Instruction ID: 896ecbdc395a4659643555de7b18b9c4ac3b9793d482073777b31f0050937b87
Opcode Fuzzy Hash: 4478bf7b4e62af439b1a82666a4fa2b61b879a99cf62d9bce467d2ef75e36dd4
Instruction Fuzzy Hash: 4BC1DF74E01218CFDB54EFA5D994B9DBBB2BF89300F2091A9D409AB394DB349E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A681B0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89aa5a3422cb465a9376e03670a7d5c0fe4225c288b7f600f9b0c63c8e8d41f1
Instruction ID: 841cd3bd261bd2c3ee41358142a0be5c27ef923a26884d40b7c6c260175493cd
Opcode Fuzzy Hash: 89aa5a3422cb465a9376e03670a7d5c0fe4225c288b7f600f9b0c63c8e8d41f1
Instruction Fuzzy Hash: 95C1CE74E01218CFDB54EFA5D994B9DBBB2FF89300F2081A9D809AB394DB355A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A65198 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c68fe5e6c70bba9b5954101dcd39b21c435ce7b7918e3c766ded22d06d29cec2
Instruction ID: 90073e2c1c34de2e58cd11a313c7b4397fe65e754883f7623777942ff9027823
Opcode Fuzzy Hash: c68fe5e6c70bba9b5954101dcd39b21c435ce7b7918e3c766ded22d06d29cec2
Instruction Fuzzy Hash: 00C1BE74E01218CFDB54EFA5D994B9DBBB2BF89300F2091A9D809AB395DB345E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A67900 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2c0bc1182c5797e409c6511e86f92ef41335c6d257b4a0d14cbd56a4ce6a077
Instruction ID: ac1aba0cbe5a4f80ad42489415f1efc19283a3fca326b25d00b1925948df177d
Opcode Fuzzy Hash: e2c0bc1182c5797e409c6511e86f92ef41335c6d257b4a0d14cbd56a4ce6a077
Instruction Fuzzy Hash: C3C1C074E01218CFDB54EFA5D954B9DBBB2BF89300F2091A9D409AB355DB349E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A60D48 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06fd1d1151304418358aaba7c7b8ba04116dd12c98ce7e0434061934b74a8d82
Instruction ID: 5a08118bc07b89167b778d36d77fe569f13c8a2e28056a2d66733305fecc8f92
Opcode Fuzzy Hash: 06fd1d1151304418358aaba7c7b8ba04116dd12c98ce7e0434061934b74a8d82
Instruction Fuzzy Hash: 21C1CE74E01218CFDB54EFA5D994B9DBBB2BF89300F2081A9D809AB395DB345E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 06A67D58 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 143dcd222a21ad05596c246074ae88de2db369903d1eb5f2cc10430f584c4f54
Instruction ID: 285706cd5a6944a52d10d24ec9d91095b135ea4bed48846ec5f7f765692621ba
Opcode Fuzzy Hash: 143dcd222a21ad05596c246074ae88de2db369903d1eb5f2cc10430f584c4f54
Instruction Fuzzy Hash: D0C1BE74E01218CFDB54EFA5D994B9DBBB2BF89300F2081A9D809AB395DB355E85CF10

Uniqueness

Uniqueness Score: -1.00%

Function 05A03678 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbdd275f6510d6b90791fa8c638fd83e3b2e8584fbe7f2298972042086796cec
Instruction ID: 6c427847bbaa070aa2cf8a70c61f7fd90e147324e2d0daef0957bab4a6b0ed95
Opcode Fuzzy Hash: fbdd275f6510d6b90791fa8c638fd83e3b2e8584fbe7f2298972042086796cec
Instruction Fuzzy Hash: 6BA11771D106198FDB10DFA9D884BEDFBB1EF89300F10D6AAE45867260EB709A85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 05A011B1 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc4d98d8a49450928acfaed2b6529f26a96d4825637a64e07f5710e0efa54a21
Instruction ID: 6fa99db18ebbfe1d0223c7103a019773e357b6c48d81af65e19b81ba5052d0c7
Opcode Fuzzy Hash: dc4d98d8a49450928acfaed2b6529f26a96d4825637a64e07f5710e0efa54a21
Instruction Fuzzy Hash: 94A10470E00218CFEB24DFA9D844BDDBBB1FF89300F249269E419AB291DB745985CF55

Uniqueness

Uniqueness Score: -1.00%

Function 06A633B8 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 592820990095279930ec7e9a19188a0acd9161c03198c47129cfd3dbb91c5dad
Instruction ID: cef3b8885fccafed8f59468f325e84098de5addb535362f7711be5ce1621f680
Opcode Fuzzy Hash: 592820990095279930ec7e9a19188a0acd9161c03198c47129cfd3dbb91c5dad
Instruction Fuzzy Hash: 0BB18674E01218CFDB54DFA9D894A9DBBB2FF89310F1081A9E819AB365DB30AD45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A011C0 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e1e34932ecb0bfda4ae548db50b0cb6dac14971bea80442bf51173ed170c18a
Instruction ID: d402ff8c0e4cb025f2a4e39a61b6c6df4e2a76241bc16895676a8b08c6096826
Opcode Fuzzy Hash: 1e1e34932ecb0bfda4ae548db50b0cb6dac14971bea80442bf51173ed170c18a
Instruction Fuzzy Hash: F7A11570E00218CFEB24DFA9D848BDDBBB1FF89300F249269E419AB291DB745985CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05A01506 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef23fd84887356e9a58b620996800c1b790207a3b016473f882794fa568c1058
Instruction ID: 6bb5dee12f36b5e979e3085a59fde906ef86d161f95ced7558dadc16f6538b02
Opcode Fuzzy Hash: ef23fd84887356e9a58b620996800c1b790207a3b016473f882794fa568c1058
Instruction Fuzzy Hash: 40910570D00218CFEB20DFA9D884BDDBBB1FF49310F249269E41AAB291DB749985CF55

Uniqueness

Uniqueness Score: -1.00%

Function 02D1E300 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4588636017.0000000002D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d10000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c59ab5f63b6e396d095ee17766ddb51d4233e72c43a23e051b91d126f7602a87
Instruction ID: 8bcc66b8e7d13960d17bd5b6e07a654195af81a5c692ffb6e60746a7af7de72e
Opcode Fuzzy Hash: c59ab5f63b6e396d095ee17766ddb51d4233e72c43a23e051b91d126f7602a87
Instruction Fuzzy Hash: EC61C274E01219DBEB28EF66D850BAEBBB2BB88300F10C1A9D90867759DB305D85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A633A8 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93df0ed72db418c5dbaa7922fb9654750c8375dd8fd6f24bbca7781537a8396e
Instruction ID: 7be8c1b6d64b930edce77167bbe080def716487a719df5cd74b7ce2536d86517
Opcode Fuzzy Hash: 93df0ed72db418c5dbaa7922fb9654750c8375dd8fd6f24bbca7781537a8396e
Instruction Fuzzy Hash: 5351C474E01648CFDB48DFAAD88499DFBF2BF89300F249169E419AB365DB309946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A65EB8 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b088494413328c796d533221c02778adb79f5e209defe60937a97159e3ee1902
Instruction ID: 954e4228702d0a15d9555512ed4277c99ee6edd329fbbcf326332d2b2f7e198c
Opcode Fuzzy Hash: b088494413328c796d533221c02778adb79f5e209defe60937a97159e3ee1902
Instruction Fuzzy Hash: F641D470E01208CFDB54EFEAD9446EEBBF2AF89300F249169D419BB255DB355906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6676B Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74aa6708fbb237ad9562a532f7339dc78756d3cc209edc765b3ed7dbe24fd66
Instruction ID: 13cb90ca8e0fbc5c51d1fd49996f8ce4088354a376da95086cc4633fda7da2b4
Opcode Fuzzy Hash: a74aa6708fbb237ad9562a532f7339dc78756d3cc209edc765b3ed7dbe24fd66
Instruction Fuzzy Hash: F3410570E01208CBDB58EFAAD9446EEFBF2AF89300F20D029E419BB254DB345945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A00006 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2bdcc438a8eb80f437458b1a62b5259b2849bfed55fcb0a1d67a3f150e69b3
Instruction ID: d8ec5cef09fbb0aff1f37ba4eebc89be255e0fa593993da41262d81c2a1f9fa5
Opcode Fuzzy Hash: 4a2bdcc438a8eb80f437458b1a62b5259b2849bfed55fcb0a1d67a3f150e69b3
Instruction Fuzzy Hash: 304136B4D05288CFDB19CFA6D8547AEBBB2FF8A300F64D06AC415AB295DB354906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6518B Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58a0e400fa9cea171754c34292f297af012c05d7e9f1c12571ce07d10ee138ad
Instruction ID: c5ee72d018e1cb438eea6551833acb5614455ccfbac0d3141c1e0e03659166b1
Opcode Fuzzy Hash: 58a0e400fa9cea171754c34292f297af012c05d7e9f1c12571ce07d10ee138ad
Instruction Fuzzy Hash: 72410374E01248CBEB58EFAAD9546EEFBF2AF89300F20D129D419BB254DB345906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0EB68 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92b4343b9641bd908e3035e5205bfec15783faceb9404a8ef0052dc5666f830b
Instruction ID: a4a85fe0918e436ea7ea5b5ec725ea9d07095637f6c14d89af5a8fc08bddb9b9
Opcode Fuzzy Hash: 92b4343b9641bd908e3035e5205bfec15783faceb9404a8ef0052dc5666f830b
Instruction Fuzzy Hash: D441F5B4E01248CFDB18DFAAD944AEEBBF6AF89300F24D129D415AB294DB345906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A071FC Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa20971703682691257a9777313f4d823440ab506ced21c1c6eefc8a303c18f4
Instruction ID: 47e8221c1c6841c2ca915a0b3fc16a11079e837b63483c7a9654c77a5061874e
Opcode Fuzzy Hash: aa20971703682691257a9777313f4d823440ab506ced21c1c6eefc8a303c18f4
Instruction Fuzzy Hash: 6941D6B1D102589BEB18CFAAE8887DEBBF2FF88314F14D129E418AB294DB741545CF51

Uniqueness

Uniqueness Score: -1.00%

Function 06A60023 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 352bac487cdbca13958dca19c75f5242981e354c65ff23388014adb9f46ddaf0
Instruction ID: 1052b351111bafe1be5fe8175722c9aeabe86ee21e4a08c2664f0c410dce75e4
Opcode Fuzzy Hash: 352bac487cdbca13958dca19c75f5242981e354c65ff23388014adb9f46ddaf0
Instruction Fuzzy Hash: BF413870E05248CFDB18DFAAD9546EEFBF2AF89300F24C02AD419AB255DB340946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0D5B0 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e59f8a1c48513ca3b8c0f4ac64dcaf29c176123482493c6d50c3d3a2c2c88973
Instruction ID: e35d0dffba2feb4aa3c41269d12ce08e464559b36565cc9353a490be12980781
Opcode Fuzzy Hash: e59f8a1c48513ca3b8c0f4ac64dcaf29c176123482493c6d50c3d3a2c2c88973
Instruction Fuzzy Hash: 05410371E112088FDB18DFEAD954AEEBBF2AF89300F20D029D419AB294DB345906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0BFF8 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ddc275a42f09deb56f6f25d7509308662520b9ef2a942a47511ba93760a7532
Instruction ID: 0bbbe9bc80abda0c563ac6c80c48537a4a9f45161679212cad45f4a3ee3a46c9
Opcode Fuzzy Hash: 2ddc275a42f09deb56f6f25d7509308662520b9ef2a942a47511ba93760a7532
Instruction Fuzzy Hash: 9B410670E112488BDB18DFA6D954AEEFBF2AF89300F24D129D415BB295DB344946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0F418 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 145a6a0c62ff4b680d255468e58855da298593ba2bd5851ac5d6c4ab8232b058
Instruction ID: 48b3676b377b419a0c2ed58b1b2f88b902d312ab0c9a90db6121217cfa5e0cac
Opcode Fuzzy Hash: 145a6a0c62ff4b680d255468e58855da298593ba2bd5851ac5d6c4ab8232b058
Instruction Fuzzy Hash: 6041F670E01248CFDB18DFA6D954AEEBBF2AF88300F20D129C415BB294DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0B748 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14e1c88b1dd0f12f99b4312008f17b0cb953a057682550d285aab03cf962ca0f
Instruction ID: 992bd7ee2e8a2ad871e734a678442b7719b1db7b3d8d273ed429798bbe64a8ff
Opcode Fuzzy Hash: 14e1c88b1dd0f12f99b4312008f17b0cb953a057682550d285aab03cf962ca0f
Instruction Fuzzy Hash: E641D870D01248CBDB18DFAAD954AEEFBF2AF89300F24D129D415BB294DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0F871 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9eafcf6646af43a2b1cd691c6ccf6281ff46ecc6c1ee32eccb842bfb8a322fd
Instruction ID: ba01f62fdfd47e94f3a5ac84abd7c17c453131d8a5d61d7cfce0de2cec7a5b27
Opcode Fuzzy Hash: a9eafcf6646af43a2b1cd691c6ccf6281ff46ecc6c1ee32eccb842bfb8a322fd
Instruction Fuzzy Hash: AE41E570E11248CFDB18DFAAD954AEEBBF2AF89300F24D129D415BB298DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0E710 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64898bca58b4cfc72b1b68843ff6da976111e72dff29308b20aa501ec1e01fc5
Instruction ID: 85199ccfdb484656efd83a0c36c2172bed28cb85ed69eb33460866d94b09b37d
Opcode Fuzzy Hash: 64898bca58b4cfc72b1b68843ff6da976111e72dff29308b20aa501ec1e01fc5
Instruction Fuzzy Hash: 70410770E01248CBDB18DFA6D944AEEFBF6AF89300F24D129C419BB294DB345906CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0DA09 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf1bdf3842cb5ab497503fcf46cc684464a97ccda748a47f7c267080bcf42fe
Instruction ID: a6b2b2f4c0a0eca03de183dd52667dc3537a13ea83b17d5f4892be064ed3f3ad
Opcode Fuzzy Hash: ebf1bdf3842cb5ab497503fcf46cc684464a97ccda748a47f7c267080bcf42fe
Instruction Fuzzy Hash: 5741F371E01248CBEB18DFE6D954AAEFBF2AF89300F24D129D415AB298DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0DE63 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ee2bcc4cfbf781633a9f9226f12f3980200006350c3b597c0cb5d1e56737ace
Instruction ID: b74be70d97bd0f07725247c73dd86fe538da0842b565c3787248846c316b1411
Opcode Fuzzy Hash: 9ee2bcc4cfbf781633a9f9226f12f3980200006350c3b597c0cb5d1e56737ace
Instruction Fuzzy Hash: 714106B5E01208CBDB18DFE6D954AEEBBF2AF89300F20D129C415BB294DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A60D39 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c6dccb2dece4e9f8f3178ba3336b3f94dd1ebec7f54ce567142ceebf528182b
Instruction ID: 386f27b6316b8a4e61dfd8d9172a118ae6d6a30a23f32230c815dc2d54497e57
Opcode Fuzzy Hash: 7c6dccb2dece4e9f8f3178ba3336b3f94dd1ebec7f54ce567142ceebf528182b
Instruction Fuzzy Hash: 4641E570E01248CFEB58EFAAD9546EEBBF2AF89300F24D129D419BB254DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A67D48 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7073a2b0147a158e8e6a88050583979384823614a186377b0ba8d76b17d3f098
Instruction ID: e2e641402fc1b251508760041864dcefde6dae83026bf0dbc2ad72e8a411d086
Opcode Fuzzy Hash: 7073a2b0147a158e8e6a88050583979384823614a186377b0ba8d76b17d3f098
Instruction Fuzzy Hash: 1A41E4B0E01248CFEB58EFA6D9546EEFBF2AF89300F24D129D415AB254DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0CD03 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c749d560f08545e84aaacf51d8f79070243f4e4edd6e328b4e91da25bc93cf81
Instruction ID: 6cce98b33b4288fe041a3e0bb03d4c9e251e2903668ab45af072f4246b428665
Opcode Fuzzy Hash: c749d560f08545e84aaacf51d8f79070243f4e4edd6e328b4e91da25bc93cf81
Instruction Fuzzy Hash: 1C41F374E11248CBEB18DFA6D954AEEFBF2AF88300F20D129C415AB294DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0C8A8 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 837125b324746c05f9569c3c973c934867d359d3803b8f9672d90ae8bda08afe
Instruction ID: 38d9c015dd15d9dc59d89a4569c97b1d41d7eb0d8d9753eb94f45092ad617c16
Opcode Fuzzy Hash: 837125b324746c05f9569c3c973c934867d359d3803b8f9672d90ae8bda08afe
Instruction Fuzzy Hash: 8741E470E11248CBEB18DFAAD954AEEFBF2AF89310F20D129D415BB294DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A00490 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4aa949f3b8cbc65c82831a3f7130b5b9bcb1578d1e3c552cb1f5c234dd4f82f
Instruction ID: 92431da29ab4a511593dbb0bc03c5a1e57ffda40658d78ace34ee75dacc46796
Opcode Fuzzy Hash: f4aa949f3b8cbc65c82831a3f7130b5b9bcb1578d1e3c552cb1f5c234dd4f82f
Instruction Fuzzy Hash: FC41D470D01248CFDB18DFA6D9547EDBBB2BF89300F64D12AC415AB294DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0E2B8 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b223432b29210ef438dbb2f3e787bf95d34b522fefdda7d5d1b995572b7d4ae
Instruction ID: 61c8daeb16607b87dc5fb06d708fd9acdd826fa6f083f8f9aa447ebab1ef620a
Opcode Fuzzy Hash: 1b223432b29210ef438dbb2f3e787bf95d34b522fefdda7d5d1b995572b7d4ae
Instruction Fuzzy Hash: 2341D470E01248CBEB18DFA6D954AEEBBF6AF89300F20D529D415BB294DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0B2EF Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aabf77fdbe054018a47930784816302d32816514acdc20e53330a3f4e5629a9c
Instruction ID: bf085ff115b1738c80169afd47181203671505b9ebada9734d96269159cb4465
Opcode Fuzzy Hash: aabf77fdbe054018a47930784816302d32816514acdc20e53330a3f4e5629a9c
Instruction Fuzzy Hash: F941F570E11248CFDB18DFAADA54AEEBBF2AF89300F20D129C415BB294DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A67497 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 400f3ab8231a889e16e5f06fe765ec7baae3d2cc1d39a054260cdb3371fb7f42
Instruction ID: 3ee168ccce750bc11d905f22878e450dd50786f01bd480bf5133c5a55112e3a5
Opcode Fuzzy Hash: 400f3ab8231a889e16e5f06fe765ec7baae3d2cc1d39a054260cdb3371fb7f42
Instruction Fuzzy Hash: D141F570E11248CFEB18EFA6D9546EEBBF2AF88300F20D129D419AB258DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0BBA0 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e6e9cee728c4b2f2b8f3f03f1d5dbdc2edb2a61c9221b188dfa117cf2ed42ef
Instruction ID: 171df4d375607f9791af391aa1120cf1b023e9c1e58e8f614d133b09d717d12c
Opcode Fuzzy Hash: 6e6e9cee728c4b2f2b8f3f03f1d5dbdc2edb2a61c9221b188dfa117cf2ed42ef
Instruction Fuzzy Hash: 9E410A74D01248CBDB18DFA6D954AEEFBF2AF89300F24D129D415BB294DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A65A60 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e76533f497a092001e5f5039af6e9d9f3a506a751bc5cd9703ef866c5dd128d1
Instruction ID: ad28f37d8c1e61bf9128eee0e065b12803f1ec9e3a09f59a49f054e3b4592835
Opcode Fuzzy Hash: e76533f497a092001e5f5039af6e9d9f3a506a751bc5cd9703ef866c5dd128d1
Instruction Fuzzy Hash: 28410570E01248CFEB18EFA6D9446EEBBF2AF89300F20D129D415BB254DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A66BC1 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf260f68f35d42ae3cf9008f35f367acfdefa79662e4ea31832ba96dd349cc0
Instruction ID: 70980325ab42be52998f7ce3a048f0fd35174f43f08733ad4a23fc475fbe5f46
Opcode Fuzzy Hash: aaf260f68f35d42ae3cf9008f35f367acfdefa79662e4ea31832ba96dd349cc0
Instruction Fuzzy Hash: F7410370E01248CFEB18EFAAD9446EEFBF2AF88300F24D129D419AB255DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A008F1 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a84d62a88917a82aa2d9fc67d7a3f594dad26443b8573c469d12171257e23580
Instruction ID: e49a2b51c713e594d89ed7d7f00e1dccb775caecd0bb47477dd67fefad76b53b
Opcode Fuzzy Hash: a84d62a88917a82aa2d9fc67d7a3f594dad26443b8573c469d12171257e23580
Instruction Fuzzy Hash: 9E41F574D01248CFEB18DFAAD4547EEBBB2BF89300F64D12AC415AB254DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A60488 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f51e7061cbcbd30f37e499d52686408fa9b2cadaffe238ff708ab7389290a397
Instruction ID: 3155e81697770617ff069b7dd4ad1e8595132da500c311d2658ae4cbabde766a
Opcode Fuzzy Hash: f51e7061cbcbd30f37e499d52686408fa9b2cadaffe238ff708ab7389290a397
Instruction Fuzzy Hash: 4941E474E012488BEB58EFAAD9546DEBBF2EF89300F24D029D419AB254DB344946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A681A0 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7312d5c4c102dab79ab4f3c051c70f551a38fc3efbc39e4570fd29d79b7836e
Instruction ID: aaf53523ac1452c8ee087b10f88445bf55862607ea70ab0669b1249239b4e15c
Opcode Fuzzy Hash: a7312d5c4c102dab79ab4f3c051c70f551a38fc3efbc39e4570fd29d79b7836e
Instruction Fuzzy Hash: BF41F770E01248CFEB58EFAAD9446EEBBF2AF89300F20D169D415BB254DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0D158 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f93e236e5d6ae34a24e81be79af8263db4c860b1a2249e5c12051f2f336cd70c
Instruction ID: 64924173a48033010dafcd52600a8de30ac45882417f14e80b4eb33774841b49
Opcode Fuzzy Hash: f93e236e5d6ae34a24e81be79af8263db4c860b1a2249e5c12051f2f336cd70c
Instruction Fuzzy Hash: CB41D471E012488BEB18DFE6D954AEEFBF2AF89300F20D129D415BB298DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A67049 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1479566ef98dda2dc3a34f0ed3b26d9d108ae648133d271c9647ddf6a83725a
Instruction ID: 8fa6e899ac75ac992e5043fef95aa78c1411e81487ffd118d51fc072984ca39d
Opcode Fuzzy Hash: e1479566ef98dda2dc3a34f0ed3b26d9d108ae648133d271c9647ddf6a83725a
Instruction Fuzzy Hash: C241E570E01248CFEB58EFAAD9546EEBBF2AF89304F20D129D415BB254DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05A0C450 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e89d81c5dd1830726323bf6d810f24644c627a73b205d50bf1673e6a1cb3cc6f
Instruction ID: e2c78d687b687aa865552b92ea0bf44dfc9aa92f0ffd08fdfe6abe294d24bbe4
Opcode Fuzzy Hash: e89d81c5dd1830726323bf6d810f24644c627a73b205d50bf1673e6a1cb3cc6f
Instruction Fuzzy Hash: 9041E774E01248CBEB18DFA6D954AEEFBF2AF89300F24D129D415BB298DB345946CF44

Uniqueness

Uniqueness Score: -1.00%

Function 05A0EFC1 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab92cd1d5b1e3719485e0e8a80c91224aa1f40a4e9d8fb8642ae5adad174825e
Instruction ID: af67d4116dc5e89f20a1d0e088e70b1dafd2bd110eec5652e5dff0623b0d8f84
Opcode Fuzzy Hash: ab92cd1d5b1e3719485e0e8a80c91224aa1f40a4e9d8fb8642ae5adad174825e
Instruction Fuzzy Hash: 5741D771D05248CFEB18DFAAD954AAEFBF2AF89300F24D129C415BB298DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A6560B Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794290082f54b2c6d39f60d6325160bb42fca0ea7d9fb46c4adb4be83bcef922
Instruction ID: 1619d4ff94b9a6a7512fbfc4f705e2cb3bcb6b8b4a81248b80c21b4b98a77181
Opcode Fuzzy Hash: 794290082f54b2c6d39f60d6325160bb42fca0ea7d9fb46c4adb4be83bcef922
Instruction Fuzzy Hash: E741E570E01248CFEB58DFA6D9546EEBBF2AF89300F24D129D415BB254DB345946CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06A678F0 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92efc1b683e636c4338418e92f687ae1c9c84fde3f5a16c8e539b890faf4ae90
Instruction ID: 16d1b39f45953d4ac87606e503810d0dd0bd2b66f1b58280829a859195526370
Opcode Fuzzy Hash: 92efc1b683e636c4338418e92f687ae1c9c84fde3f5a16c8e539b890faf4ae90
Instruction Fuzzy Hash: 3A410570E01248CBEB18EFEAD9446EEBBF2AF89304F20D129D415BB254DB345946CF40

Uniqueness

Uniqueness Score: -1.00%

Function 06A66310 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4593582953.0000000006A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6a60000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9feacec6785afa2f6e7e71d6518a622b24c3cd7d22fa32a628afd2f286bb47f0
Instruction ID: c78147cd111ede3e57c78b88fb9b0356d2de6a0f6945b3046b040ba4de74a66e
Opcode Fuzzy Hash: 9feacec6785afa2f6e7e71d6518a622b24c3cd7d22fa32a628afd2f286bb47f0
Instruction Fuzzy Hash: 7641F674E01248CBEB18EFA6D954ADEFBF2AF89300F20D129D415BB294EB345946CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05A00D50 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4592432301.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5a00000_rSyDiExlek.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90ccab3e84b6dfd772be886f003da7feaaa5a526345ecf1794ceaeb9e0597efb
Instruction ID: 0f0f30de90b46e9bc131a008a770aa8065e5b8abf8a18465de685c5c17a5d586
Opcode Fuzzy Hash: 90ccab3e84b6dfd772be886f003da7feaaa5a526345ecf1794ceaeb9e0597efb
Instruction Fuzzy Hash: 3441E470D01248CBEB18DFAAD9546EEBBF2BF89300F24D12AD419AB294DB345946CF40

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report rSyDiExlek.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Snake Keylogger

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
rSyDiExlek.exe

Function 05A07BA8 Relevance: 1.9, APIs: 1, Instructions: 357
COMMON

Function 06A611A0 Relevance: .7, Instructions: 745
COMMON

Function 02D1EDF0 Relevance: .7, Instructions: 717
COMMON

Function 02D16790 Relevance: .4, Instructions: 444
COMMON

Function 02D1B388 Relevance: .4, Instructions: 350
COMMON

Function 06A68608 Relevance: .3, Instructions: 296
COMMON

Function 02D1FA10 Relevance: .3, Instructions: 274
COMMON

Function 05A07F8C Relevance: 1.6, APIs: 1, Instructions: 62
libraryCOMMON

Function 02D19637 Relevance: 1.4, Strings: 1, Instructions: 187
COMMON